# Flog Txt Version 1 # Analyzer Version: 2.3.2 # Analyzer Build Date: Nov 29 2018 14:58:43 # Log Creation Date: 08.01.2019 09:24:28.832 Process: id = "1" image_name = "urkotu.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe" page_root = "0x30395000" os_pid = "0x858" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\" " cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0xc70000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 2 start_va = 0xc90000 end_va = 0xc90fff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 3 start_va = 0xca0000 end_va = 0xcb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 4 start_va = 0xcc0000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 5 start_va = 0xd00000 end_va = 0xd03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 6 start_va = 0xd10000 end_va = 0xd11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d10000" filename = "" Region: id = 7 start_va = 0xd20000 end_va = 0xd21fff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 8 start_va = 0xed0000 end_va = 0x1024fff entry_point = 0xed0000 region_type = mapped_file name = "urkotu.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe") Region: id = 9 start_va = 0x1030000 end_va = 0x142ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 10 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 11 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 12 start_va = 0xfef70000 end_va = 0xfef92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fef70000" filename = "" Region: id = 13 start_va = 0xfef96000 end_va = 0xfef96fff entry_point = 0x0 region_type = private name = "private_0x00000000fef96000" filename = "" Region: id = 14 start_va = 0xfef9c000 end_va = 0xfef9efff entry_point = 0x0 region_type = private name = "private_0x00000000fef9c000" filename = "" Region: id = 15 start_va = 0xfef9f000 end_va = 0xfef9ffff entry_point = 0x0 region_type = private name = "private_0x00000000fef9f000" filename = "" Region: id = 16 start_va = 0xfffe0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 17 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 18 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 158 start_va = 0xd30000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 159 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 160 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 161 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 162 start_va = 0x15c0000 end_va = 0x19bffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 163 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 164 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 165 start_va = 0xc70000 end_va = 0xc7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 166 start_va = 0xc80000 end_va = 0xc83fff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 167 start_va = 0xd40000 end_va = 0xdfdfff entry_point = 0xd40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 168 start_va = 0xe00000 end_va = 0xe3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 169 start_va = 0xe40000 end_va = 0xe7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 170 start_va = 0x19c0000 end_va = 0x1dbffff entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 171 start_va = 0x1dc0000 end_va = 0x21bffff entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 172 start_va = 0x74690000 end_va = 0x746b0fff entry_point = 0x74690000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 173 start_va = 0x746c0000 end_va = 0x746c7fff entry_point = 0x746c0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 174 start_va = 0x746d0000 end_va = 0x746f2fff entry_point = 0x746d0000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 175 start_va = 0x74700000 end_va = 0x74718fff entry_point = 0x74700000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 176 start_va = 0x74720000 end_va = 0x7474ffff entry_point = 0x74720000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 177 start_va = 0x74750000 end_va = 0x74766fff entry_point = 0x74750000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 178 start_va = 0x74770000 end_va = 0x74993fff entry_point = 0x74770000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 179 start_va = 0x749a0000 end_va = 0x74ba8fff entry_point = 0x749a0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll") Region: id = 180 start_va = 0x74bb0000 end_va = 0x74bd3fff entry_point = 0x74bb0000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 181 start_va = 0x74be0000 end_va = 0x74be7fff entry_point = 0x74be0000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 182 start_va = 0x74bf0000 end_va = 0x74bf7fff entry_point = 0x74bf0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 183 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 184 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 185 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 186 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 187 start_va = 0x75160000 end_va = 0x7521dfff entry_point = 0x75160000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 188 start_va = 0x75220000 end_va = 0x75255fff entry_point = 0x75220000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 189 start_va = 0x753b0000 end_va = 0x753f3fff entry_point = 0x753b0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 190 start_va = 0x75430000 end_va = 0x767eefff entry_point = 0x75430000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 191 start_va = 0x76810000 end_va = 0x7681efff entry_point = 0x76810000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 192 start_va = 0x768b0000 end_va = 0x76999fff entry_point = 0x768b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 193 start_va = 0x769b0000 end_va = 0x76a0bfff entry_point = 0x769b0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 194 start_va = 0x76a10000 end_va = 0x76a8afff entry_point = 0x76a10000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 195 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 196 start_va = 0x76c90000 end_va = 0x76d21fff entry_point = 0x76c90000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 197 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 198 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 199 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 200 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 201 start_va = 0x77290000 end_va = 0x772d3fff entry_point = 0x77290000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 202 start_va = 0x77340000 end_va = 0x773ccfff entry_point = 0x77340000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 203 start_va = 0x773d0000 end_va = 0x773d5fff entry_point = 0x773d0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 204 start_va = 0x773e0000 end_va = 0x773e6fff entry_point = 0x773e0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 205 start_va = 0x773f0000 end_va = 0x778ccfff entry_point = 0x773f0000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 206 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 207 start_va = 0x77c30000 end_va = 0x77c3bfff entry_point = 0x77c30000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 208 start_va = 0xfee70000 end_va = 0xfef6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fee70000" filename = "" Region: id = 209 start_va = 0xfef93000 end_va = 0xfef95fff entry_point = 0x0 region_type = private name = "private_0x00000000fef93000" filename = "" Region: id = 210 start_va = 0xfef99000 end_va = 0xfef9bfff entry_point = 0x0 region_type = private name = "private_0x00000000fef99000" filename = "" Region: id = 211 start_va = 0x1430000 end_va = 0x15b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001430000" filename = "" Region: id = 212 start_va = 0x2360000 end_va = 0x236ffff entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 213 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 214 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 215 start_va = 0xc90000 end_va = 0xc90fff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 216 start_va = 0xe80000 end_va = 0xe80fff entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 217 start_va = 0xea0000 end_va = 0xea1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ea0000" filename = "" Region: id = 218 start_va = 0x21c0000 end_va = 0x2340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021c0000" filename = "" Region: id = 219 start_va = 0x2370000 end_va = 0x376ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 220 start_va = 0x37a0000 end_va = 0x37affff entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 221 start_va = 0xe90000 end_va = 0xe90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 222 start_va = 0x37b0000 end_va = 0x382ffff entry_point = 0x0 region_type = private name = "private_0x00000000037b0000" filename = "" Region: id = 223 start_va = 0x3830000 end_va = 0x390dfff entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 224 start_va = 0xe90000 end_va = 0xe90fff entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 225 start_va = 0xeb0000 end_va = 0xeb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 226 start_va = 0x3910000 end_va = 0x3a0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 227 start_va = 0x3a10000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 228 start_va = 0x3c10000 end_va = 0x400ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 229 start_va = 0x3830000 end_va = 0x38e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003830000" filename = "" Region: id = 230 start_va = 0xeb0000 end_va = 0xeb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 231 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 232 start_va = 0xec0000 end_va = 0xec3fff entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 233 start_va = 0x4010000 end_va = 0x4346fff entry_point = 0x4010000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 234 start_va = 0x2350000 end_va = 0x2353fff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 235 start_va = 0x4350000 end_va = 0x4b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 236 start_va = 0x74670000 end_va = 0x74682fff entry_point = 0x74670000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 237 start_va = 0x74650000 end_va = 0x7466afff entry_point = 0x74650000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 238 start_va = 0x74620000 end_va = 0x7464efff entry_point = 0x74620000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 239 start_va = 0x4b50000 end_va = 0x4c1bfff entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 240 start_va = 0x3770000 end_va = 0x3770fff entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 259 start_va = 0x4b50000 end_va = 0x4b84fff entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Thread: id = 1 os_tid = 0x700 [0073.879] GetStartupInfoW (in: lpStartupInfo=0x142fd18 | out: lpStartupInfo=0x142fd18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0073.881] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75260000 [0073.881] GetProcAddress (hModule=0x75260000, lpProcName="FlsAlloc") returned 0x7527a330 [0073.881] GetProcAddress (hModule=0x75260000, lpProcName="FlsFree") returned 0x7527f400 [0073.881] GetProcAddress (hModule=0x75260000, lpProcName="FlsGetValue") returned 0x75277580 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="FlsSetValue") returned 0x75279910 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="InitializeCriticalSectionEx") returned 0x75286030 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="CreateEventExW") returned 0x75285f90 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="CreateSemaphoreExW") returned 0x75285ff0 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="SetThreadStackGuarantee") returned 0x7527a5d0 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="CreateThreadpoolTimer") returned 0x7527a690 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="SetThreadpoolTimer") returned 0x77cd40f0 [0073.882] GetProcAddress (hModule=0x75260000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77ccd630 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="CloseThreadpoolTimer") returned 0x77ccecf0 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="CreateThreadpoolWait") returned 0x75285720 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="SetThreadpoolWait") returned 0x77cce140 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="CloseThreadpoolWait") returned 0x77cceb60 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="FlushProcessWriteBuffers") returned 0x77d09990 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d05540 [0073.883] GetProcAddress (hModule=0x75260000, lpProcName="GetCurrentProcessorNumber") returned 0x77cf9dc0 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="GetLogicalProcessorInformation") returned 0x7527a550 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="CreateSymbolicLinkW") returned 0x752a0a40 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="SetDefaultDllDirectories") returned 0x74fa0790 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="EnumSystemLocalesEx") returned 0x7527f8a0 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="CompareStringEx") returned 0x7527fa30 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="GetDateFormatEx") returned 0x752a1030 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="GetLocaleInfoEx") returned 0x7527a000 [0073.884] GetProcAddress (hModule=0x75260000, lpProcName="GetTimeFormatEx") returned 0x752a14b0 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="GetUserDefaultLocaleName") returned 0x7527a4f0 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="IsValidLocaleName") returned 0x752a16f0 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="LCMapStringEx") returned 0x75279970 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="GetCurrentPackageId") returned 0x74f23c90 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="GetTickCount64") returned 0x75278710 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0073.885] GetProcAddress (hModule=0x75260000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0073.886] GetCurrentThreadId () returned 0x700 [0073.887] GetStartupInfoW (in: lpStartupInfo=0x142fce8 | out: lpStartupInfo=0x142fce8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0073.887] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0073.887] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0073.887] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0073.887] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\" " [0073.887] GetEnvironmentStringsW () returned 0x15d6440* [0073.888] FreeEnvironmentStringsW (penv=0x15d6440) returned 1 [0073.888] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xf93ba8, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0073.891] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0073.891] GetLastError () returned 0x0 [0073.891] SetLastError (dwErrCode=0x0) [0073.891] GetLastError () returned 0x0 [0073.891] SetLastError (dwErrCode=0x0) [0073.891] GetLastError () returned 0x0 [0073.891] SetLastError (dwErrCode=0x0) [0073.891] GetACP () returned 0x4e4 [0073.891] GetLastError () returned 0x0 [0073.891] SetLastError (dwErrCode=0x0) [0073.891] IsValidCodePage (CodePage=0x4e4) returned 1 [0073.891] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x142fcdc | out: lpCPInfo=0x142fcdc) returned 1 [0073.891] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x142f7a4 | out: lpCPInfo=0x142f7a4) returned 1 [0073.891] GetLastError () returned 0x0 [0073.891] SetLastError (dwErrCode=0x0) [0073.891] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x142fbb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0073.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x142fbb8, cbMultiByte=256, lpWideCharStr=0x142f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0073.892] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x142f7b8 | out: lpCharType=0x142f7b8) returned 1 [0073.892] GetLastError () returned 0x0 [0073.892] SetLastError (dwErrCode=0x0) [0073.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x142fbb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0073.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x142fbb8, cbMultiByte=256, lpWideCharStr=0x142f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0073.892] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0073.892] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x142f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0073.892] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x142fab8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x61\xa1\x8a\x92\xf4\xfc\x42\x01\xa7\x99\xef", lpUsedDefaultChar=0x0) returned 256 [0073.892] GetLastError () returned 0x0 [0073.892] SetLastError (dwErrCode=0x0) [0073.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x142fbb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0073.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x142fbb8, cbMultiByte=256, lpWideCharStr=0x142f508, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0073.892] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0073.892] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x142f2f8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0073.892] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x142f9b8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x61\xa1\x8a\x92\xf4\xfc\x42\x01\xa7\x99\xef", lpUsedDefaultChar=0x0) returned 256 [0073.893] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0073.893] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf04c4c) returned 0x0 [0073.895] GetVersionExW (in: lpVersionInformation=0x142fbd0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x1f1e1d1c, dwMinorVersion=0x23222120, dwBuildNumber=0x27262524, dwPlatformId=0x2b2a2928, szCSDVersion="⴬⼮㄰㌲㔴㜶㤸㬺㴼㼾䅀䍂䕄䝆䥈䭊䵌低児卒啔坖奘孚嵜彞慠换敤杦楨歪浬潮煰獲畴睶祸筺絼罾膀莂薄螆H") | out: lpVersionInformation=0x142fbd0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0073.895] GetCurrentProcess () returned 0xffffffff [0073.895] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x142fd20 | out: Wow64Process=0x142fd20) returned 1 [0073.896] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75260000 [0073.896] GetProcAddress (hModule=0x75260000, lpProcName="GetNativeSystemInfo") returned 0x7527a410 [0073.896] GetNativeSystemInfo (in: lpSystemInfo=0x142fcec | out: lpSystemInfo=0x142fcec*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0073.896] FreeLibrary (hLibModule=0x75260000) returned 1 [0073.898] MapVirtualKeyW (uCode=0x5b, uMapType=0x0) returned 0x5b [0073.898] MapVirtualKeyW (uCode=0x10, uMapType=0x0) returned 0x2a [0073.898] MapVirtualKeyW (uCode=0xa0, uMapType=0x0) returned 0x2a [0073.899] MapVirtualKeyW (uCode=0xa1, uMapType=0x0) returned 0x36 [0073.899] MapVirtualKeyW (uCode=0x11, uMapType=0x0) returned 0x1d [0073.899] MapVirtualKeyW (uCode=0x12, uMapType=0x0) returned 0x38 [0073.900] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc160 [0073.903] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0073.903] OleInitialize (pvReserved=0x0) returned 0x0 [0073.920] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Control Panel\\Mouse", ulOptions=0x0, samDesired=0x1, phkResult=0x142fcf4 | out: phkResult=0x142fcf4*=0x1d0) returned 0x0 [0073.920] RegQueryValueExW (in: hKey=0x1d0, lpValueName="SwapMouseButtons", lpReserved=0x0, lpType=0x0, lpData=0x142fd10, lpcbData=0x142fcf8*=0x8 | out: lpType=0x0, lpData=0x142fd10*=0x30, lpcbData=0x142fcf8*=0x4) returned 0x0 [0073.920] RegCloseKey (hKey=0x1d0) returned 0x0 [0073.933] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x140fcc8, nSize=0x7fff | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0073.935] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x13ffcb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x0) returned 0x28 [0073.935] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x140fcd4, lpFilePart=0x141fcd4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x141fcd4*="urkotu.exe") returned 0x28 [0073.936] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AutoIt v3\\AutoIt", ulOptions=0x0, samDesired=0x1, phkResult=0x141fcf0 | out: phkResult=0x141fcf0*=0x0) returned 0x2 [0073.937] IsThemeActive () returned 0x1 [0073.938] SystemParametersInfoW (in: uiAction=0x2000, uiParam=0x0, pvParam=0x142fd14, fWinIni=0x0 | out: pvParam=0x142fd14) returned 1 [0073.938] SystemParametersInfoW (in: uiAction=0x2001, uiParam=0x0, pvParam=0x0, fWinIni=0x2 | out: pvParam=0x0) returned 1 [0073.938] GetCurrentDirectoryW (in: nBufferLength=0x7fff, lpBuffer=0x141fce8 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0073.938] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x13ffc48, nSize=0x7fff | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0073.940] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x13efc38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x0) returned 0x28 [0073.940] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75260000 [0073.940] GetProcAddress (hModule=0x75260000, lpProcName=0xf85520) returned 0x7527ebb0 [0073.942] Wow64DisableWow64FsRedirection (in: OldValue=0x140fc4c | out: OldValue=0x140fc4c*=0x0) returned 1 [0073.942] FreeLibrary (hLibModule=0x75260000) returned 1 [0073.944] GetCurrentPackageId () returned 0x3d54 [0073.944] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x140fae8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d0 [0073.944] GetFileType (hFile=0x1d0) returned 0x1 [0073.944] LoadLibraryExW (lpLibFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", hFile=0x0, dwFlags=0x2) returned 0xed0000 [0073.945] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75260000 [0073.945] GetProcAddress (hModule=0x75260000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x7527eb90 [0073.945] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0073.945] FreeLibrary (hLibModule=0x75260000) returned 1 [0073.946] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x140fca8 | out: ppstm=0x140fca8*=0x15c9708) returned 0x0 [0073.966] FindResourceExW (hModule=0xed0000, lpType=0xa, lpName="SCRIPT", wLanguage=0x0) returned 0xf973b0 [0073.966] LoadResource (hModule=0xed0000, hResInfo=0xf973b0) returned 0xffd570 [0073.966] SizeofResource (hModule=0xed0000, hResInfo=0xf973b0) returned 0x1eea0 [0073.966] LockResource (hResData=0xffd570) returned 0xffd570 [0073.966] CMemStm::Write () returned 0x0 [0073.974] CMemStm::Seek () returned 0x0 [0073.974] CMemStm::Seek () returned 0x0 [0073.974] CMemStm::Read () returned 0x0 [0073.974] CMemStm::Seek () returned 0x0 [0073.974] CMemStm::Read () returned 0x0 [0073.974] CMemStm::Read () returned 0x0 [0073.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x140fb10 | out: lpSystemTimeAsFileTime=0x140fb10*(dwLowDateTime=0x209e6095, dwHighDateTime=0x1d4a734)) [0073.975] CMemStm::Seek () returned 0x0 [0073.975] CMemStm::Seek () returned 0x0 [0073.975] CMemStm::Read () returned 0x0 [0073.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x140f250 | out: lpSystemTimeAsFileTime=0x140f250*(dwLowDateTime=0x209e73d2, dwHighDateTime=0x1d4a734)) [0073.975] CMemStm::Read () returned 0x0 [0073.975] CMemStm::Read () returned 0x0 [0073.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x140f250 | out: lpSystemTimeAsFileTime=0x140f250*(dwLowDateTime=0x209e8ba6, dwHighDateTime=0x1d4a734)) [0073.975] CMemStm::Read () returned 0x0 [0073.975] CMemStm::Read () returned 0x0 [0073.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x140f250 | out: lpSystemTimeAsFileTime=0x140f250*(dwLowDateTime=0x209e8ba6, dwHighDateTime=0x1d4a734)) [0073.975] CMemStm::Read () returned 0x0 [0073.975] CMemStm::Read () returned 0x0 [0073.975] CMemStm::Read () returned 0x0 [0073.975] CMemStm::Read () returned 0x0 [0073.975] CMemStm::Seek () returned 0x0 [0073.976] CMemStm::Read () returned 0x0 [0073.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x140f498 | out: lpSystemTimeAsFileTime=0x140f498*(dwLowDateTime=0x209e9bb1, dwHighDateTime=0x1d4a734)) [0073.976] CloseHandle (hObject=0x1d0) returned 1 [0073.976] CMemStm::Release () returned 0x0 [0073.976] FreeLibrary (hLibModule=0xed0000) returned 1 [0073.977] IsDebuggerPresent () returned 0 [0073.978] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x13efc60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x0) returned 0x28 [0073.978] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpszLongPath=0x13efc60, cchBuffer=0x7fff | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 0x28 [0073.979] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x13efc30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x0) returned 0x28 [0073.979] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75260000 [0073.979] GetProcAddress (hModule=0x75260000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x7527ebb0 [0073.979] Wow64DisableWow64FsRedirection (in: OldValue=0x13ffbcc | out: OldValue=0x13ffbcc*=0x0) returned 1 [0073.979] FreeLibrary (hLibModule=0x75260000) returned 1 [0073.981] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x13ffa68, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d0 [0073.981] GetFileType (hFile=0x1d0) returned 0x1 [0073.981] LoadLibraryExW (lpLibFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", hFile=0x0, dwFlags=0x2) returned 0xed0000 [0073.981] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75260000 [0073.981] GetProcAddress (hModule=0x75260000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x7527eb90 [0073.981] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0073.981] FreeLibrary (hLibModule=0x75260000) returned 1 [0073.981] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x13ffbfc | out: ppstm=0x13ffbfc*=0x15dbb60) returned 0x0 [0073.982] FindResourceExW (hModule=0xed0000, lpType=0xa, lpName="SCRIPT", wLanguage=0x0) returned 0xf973b0 [0073.982] LoadResource (hModule=0xed0000, hResInfo=0xf973b0) returned 0xffd570 [0073.982] SizeofResource (hModule=0xed0000, hResInfo=0xf973b0) returned 0x1eea0 [0073.982] LockResource (hResData=0xffd570) returned 0xffd570 [0073.982] ISequentialStream:RemoteWrite (in: This=0x15dbb60, pv=0xffd570*=0xa3, cb=0x1eea0, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0073.982] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0073.982] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0073.982] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x15dc7d8, cb=0x18, pcbRead=0x13ffb54 | out: pv=0x15dc7d8*=0xa3, pcbRead=0x13ffb54*=0x18) returned 0x0 [0073.982] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x14, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0073.982] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ffb98, cb=0x4, pcbRead=0x13ffb54 | out: pv=0x13ffb98*=0x45, pcbRead=0x13ffb54*=0x4) returned 0x0 [0073.982] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ffbbc, cb=0x10, pcbRead=0x13ffb94 | out: pv=0x13ffbbc*=0x4d, pcbRead=0x13ffb94*=0x10) returned 0x0 [0073.982] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ffa90 | out: lpSystemTimeAsFileTime=0x13ffa90*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.982] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0073.983] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x28, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff510, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff510*=0x6b, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff1d0 | out: lpSystemTimeAsFileTime=0x13ff1d0*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff518, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff518*=0xa6, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff300, cb=0x34, pcbRead=0x13ff2d4 | out: pv=0x13ff300*=0xe1, pcbRead=0x13ff2d4*=0x34) returned 0x0 [0073.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff1d0 | out: lpSystemTimeAsFileTime=0x13ff1d0*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff518, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff518*=0x19, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff544, cb=0x72, pcbRead=0x13ff2d4 | out: pv=0x13ff544*=0x2c, pcbRead=0x13ff2d4*=0x72) returned 0x0 [0073.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff1d0 | out: lpSystemTimeAsFileTime=0x13ff1d0*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.983] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x1, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff508, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff508*=0xbc, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x18, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff510, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff510*=0x6b, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff1d0 | out: lpSystemTimeAsFileTime=0x13ff1d0*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff518, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff518*=0xaf, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff300, cb=0x26, pcbRead=0x13ff2d4 | out: pv=0x13ff300*=0xe6, pcbRead=0x13ff2d4*=0x26) returned 0x0 [0073.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff1d0 | out: lpSystemTimeAsFileTime=0x13ff1d0*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff518, cb=0x4, pcbRead=0x13ff2d4 | out: pv=0x13ff518*=0x1d, pcbRead=0x13ff2d4*=0x4) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ff544, cb=0x7a, pcbRead=0x13ff2d4 | out: pv=0x13ff544*=0xa1, pcbRead=0x13ff2d4*=0x7a) returned 0x0 [0073.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff1d0 | out: lpSystemTimeAsFileTime=0x13ff1d0*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ffbcb, cb=0x1, pcbRead=0x13ff51c | out: pv=0x13ffbcb*=0x1, pcbRead=0x13ff51c*=0x1) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ffbc4, cb=0x4, pcbRead=0x13ff51c | out: pv=0x13ffbc4*=0x64, pcbRead=0x13ff51c*=0x4) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ffbc4, cb=0x4, pcbRead=0x13ff51c | out: pv=0x13ffbc4*=0xd4, pcbRead=0x13ff51c*=0x4) returned 0x0 [0073.983] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x13ffbc4, cb=0x4, pcbRead=0x13ff51c | out: pv=0x13ffbc4*=0x96, pcbRead=0x13ff51c*=0x4) returned 0x0 [0073.984] IStream:RemoteSeek (in: This=0x15dbb60, dlibMove=0x10, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0073.987] ISequentialStream:RemoteRead (in: This=0x15dbb60, pv=0x160b690, cb=0x1ecd8, pcbRead=0x13ff51c | out: pv=0x160b690*=0x6d, pcbRead=0x13ff51c*=0x1ecd8) returned 0x0 [0073.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13ff418 | out: lpSystemTimeAsFileTime=0x13ff418*(dwLowDateTime=0x209f4ad6, dwHighDateTime=0x1d4a734)) [0074.237] CloseHandle (hObject=0x1d0) returned 1 [0074.237] IUnknown:Release (This=0x15dbb60) returned 0x0 [0074.237] FreeLibrary (hLibModule=0xed0000) returned 1 [0074.237] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x140fce8, lpFilePart=0x142fd08 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x142fd08*="urkotu.exe") returned 0x28 [0074.239] CharUpperBuffW (in: lpsz="CULQTAPFGJAAWQUTFKVEMWQBTZDO", cchLength=0x1c | out: lpsz="CULQTAPFGJAAWQUTFKVEMWQBTZDO") returned 0x1c [0074.239] CharUpperBuffW (in: lpsz="MUKQHYEHTAIPDSMPPY", cchLength=0x12 | out: lpsz="MUKQHYEHTAIPDSMPPY") returned 0x12 [0074.239] CharUpperBuffW (in: lpsz="MUKQHYEHTAIPDSMPPY", cchLength=0x12 | out: lpsz="MUKQHYEHTAIPDSMPPY") returned 0x12 [0074.239] CharUpperBuffW (in: lpsz="KRAIIYTKCOOZLXODRVZMFWGDJ", cchLength=0x19 | out: lpsz="KRAIIYTKCOOZLXODRVZMFWGDJ") returned 0x19 [0074.239] CharUpperBuffW (in: lpsz="KRAIIYTKCOOZLXODRVZMFWGDJ", cchLength=0x19 | out: lpsz="KRAIIYTKCOOZLXODRVZMFWGDJ") returned 0x19 [0074.239] CharUpperBuffW (in: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW", cchLength=0x19 | out: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW") returned 0x19 [0074.239] CharUpperBuffW (in: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW", cchLength=0x19 | out: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW") returned 0x19 [0074.239] CharUpperBuffW (in: lpsz="CASUESGNAMQQZKLQGCUVPMAYIAD", cchLength=0x1b | out: lpsz="CASUESGNAMQQZKLQGCUVPMAYIAD") returned 0x1b [0074.239] CharUpperBuffW (in: lpsz="CASUESGNAMQQZKLQGCUVPMAYIAD", cchLength=0x1b | out: lpsz="CASUESGNAMQQZKLQGCUVPMAYIAD") returned 0x1b [0074.239] CharUpperBuffW (in: lpsz="FJNXDPTXMJCTJCGZLJCEUCTTAG", cchLength=0x1a | out: lpsz="FJNXDPTXMJCTJCGZLJCEUCTTAG") returned 0x1a [0074.239] CharUpperBuffW (in: lpsz="FJNXDPTXMJCTJCGZLJCEUCTTAG", cchLength=0x1a | out: lpsz="FJNXDPTXMJCTJCGZLJCEUCTTAG") returned 0x1a [0074.240] CharUpperBuffW (in: lpsz="DSPUXAVVVUTJCXQX", cchLength=0x10 | out: lpsz="DSPUXAVVVUTJCXQX") returned 0x10 [0074.240] CharUpperBuffW (in: lpsz="DSPUXAVVVUTJCXQX", cchLength=0x10 | out: lpsz="DSPUXAVVVUTJCXQX") returned 0x10 [0074.240] CharUpperBuffW (in: lpsz="DECDATA", cchLength=0x7 | out: lpsz="DECDATA") returned 0x7 [0074.240] CharUpperBuffW (in: lpsz="DECDATA", cchLength=0x7 | out: lpsz="DECDATA") returned 0x7 [0074.240] CharUpperBuffW (in: lpsz="SYURKNWEZVCDJIFS", cchLength=0x10 | out: lpsz="SYURKNWEZVCDJIFS") returned 0x10 [0074.240] CharUpperBuffW (in: lpsz="SYURKNWEZVCDJIFS", cchLength=0x10 | out: lpsz="SYURKNWEZVCDJIFS") returned 0x10 [0074.240] CharUpperBuffW (in: lpsz="CCUTFABTLRNMPKDXXBVNGH", cchLength=0x16 | out: lpsz="CCUTFABTLRNMPKDXXBVNGH") returned 0x16 [0074.240] CharUpperBuffW (in: lpsz="CCUTFABTLRNMPKDXXBVNGH", cchLength=0x16 | out: lpsz="CCUTFABTLRNMPKDXXBVNGH") returned 0x16 [0074.240] CharUpperBuffW (in: lpsz="RSTGJYBBVDLDRQVPMQURGU", cchLength=0x16 | out: lpsz="RSTGJYBBVDLDRQVPMQURGU") returned 0x16 [0074.240] CharUpperBuffW (in: lpsz="RSTGJYBBVDLDRQVPMQURGU", cchLength=0x16 | out: lpsz="RSTGJYBBVDLDRQVPMQURGU") returned 0x16 [0074.240] CharUpperBuffW (in: lpsz="NQAVEYZBZJEXPTPYRFTKO", cchLength=0x15 | out: lpsz="NQAVEYZBZJEXPTPYRFTKO") returned 0x15 [0074.240] CharUpperBuffW (in: lpsz="NQAVEYZBZJEXPTPYRFTKO", cchLength=0x15 | out: lpsz="NQAVEYZBZJEXPTPYRFTKO") returned 0x15 [0074.240] CharUpperBuffW (in: lpsz="LIHDRORCFYSMCCH", cchLength=0xf | out: lpsz="LIHDRORCFYSMCCH") returned 0xf [0074.240] CharUpperBuffW (in: lpsz="LIHDRORCFYSMCCH", cchLength=0xf | out: lpsz="LIHDRORCFYSMCCH") returned 0xf [0074.240] CharUpperBuffW (in: lpsz="BVQFWKTUNGGWAIV", cchLength=0xf | out: lpsz="BVQFWKTUNGGWAIV") returned 0xf [0074.240] CharUpperBuffW (in: lpsz="BVQFWKTUNGGWAIV", cchLength=0xf | out: lpsz="BVQFWKTUNGGWAIV") returned 0xf [0074.240] CharUpperBuffW (in: lpsz="IPLOLDGSXJLHGCORJ", cchLength=0x11 | out: lpsz="IPLOLDGSXJLHGCORJ") returned 0x11 [0074.240] CharUpperBuffW (in: lpsz="IPLOLDGSXJLHGCORJ", cchLength=0x11 | out: lpsz="IPLOLDGSXJLHGCORJ") returned 0x11 [0074.241] CharUpperBuffW (in: lpsz="LKADBTCYHIWALTZVNIFW", cchLength=0x14 | out: lpsz="LKADBTCYHIWALTZVNIFW") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="LKADBTCYHIWALTZVNIFW", cchLength=0x14 | out: lpsz="LKADBTCYHIWALTZVNIFW") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="XYALIYPQJNOTP_CGIHVB", cchLength=0x14 | out: lpsz="XYALIYPQJNOTP_CGIHVB") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="XYALIYPQJNOTP_CGIHVB", cchLength=0x14 | out: lpsz="XYALIYPQJNOTP_CGIHVB") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="UGBNVPMLSDZQZCLXLBLY", cchLength=0x14 | out: lpsz="UGBNVPMLSDZQZCLXLBLY") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="UGBNVPMLSDZQZCLXLBLY", cchLength=0x14 | out: lpsz="UGBNVPMLSDZQZCLXLBLY") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="FZHUNAAU_RJHWUDBMCLE", cchLength=0x14 | out: lpsz="FZHUNAAU_RJHWUDBMCLE") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="FZHUNAAU_RJHWUDBMCLE", cchLength=0x14 | out: lpsz="FZHUNAAU_RJHWUDBMCLE") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="SVMRV_UDWMUDVMT_TRUX", cchLength=0x14 | out: lpsz="SVMRV_UDWMUDVMT_TRUX") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="SVMRV_UDWMUDVMT_TRUX", cchLength=0x14 | out: lpsz="SVMRV_UDWMUDVMT_TRUX") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="RHFTFB_HKNNWKVYSVMPG", cchLength=0x14 | out: lpsz="RHFTFB_HKNNWKVYSVMPG") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="RHFTFB_HKNNWKVYSVMPG", cchLength=0x14 | out: lpsz="RHFTFB_HKNNWKVYSVMPG") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="JMGJNLYKLCIGAQWWLYLR", cchLength=0x14 | out: lpsz="JMGJNLYKLCIGAQWWLYLR") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="JMGJNLYKLCIGAQWWLYLR", cchLength=0x14 | out: lpsz="JMGJNLYKLCIGAQWWLYLR") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="JSFZUAROAJRFIRAZPBHM", cchLength=0x14 | out: lpsz="JSFZUAROAJRFIRAZPBHM") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="JSFZUAROAJRFIRAZPBHM", cchLength=0x14 | out: lpsz="JSFZUAROAJRFIRAZPBHM") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="VNSCZMRGRURCYWWGKSEW", cchLength=0x14 | out: lpsz="VNSCZMRGRURCYWWGKSEW") returned 0x14 [0074.241] CharUpperBuffW (in: lpsz="VNSCZMRGRURCYWWGKSEW", cchLength=0x14 | out: lpsz="VNSCZMRGRURCYWWGKSEW") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="_KULEKNCTKOQZRDBYBXI", cchLength=0x14 | out: lpsz="_KULEKNCTKOQZRDBYBXI") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="_KULEKNCTKOQZRDBYBXI", cchLength=0x14 | out: lpsz="_KULEKNCTKOQZRDBYBXI") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="PIEHVSKGSDSKMKZEEQHV", cchLength=0x14 | out: lpsz="PIEHVSKGSDSKMKZEEQHV") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="PIEHVSKGSDSKMKZEEQHV", cchLength=0x14 | out: lpsz="PIEHVSKGSDSKMKZEEQHV") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="EBRX_JJPQSHQCSRZZDED", cchLength=0x14 | out: lpsz="EBRX_JJPQSHQCSRZZDED") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="EBRX_JJPQSHQCSRZZDED", cchLength=0x14 | out: lpsz="EBRX_JJPQSHQCSRZZDED") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="HLJBYMKVNIXVASQOKYQY", cchLength=0x14 | out: lpsz="HLJBYMKVNIXVASQOKYQY") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="HLJBYMKVNIXVASQOKYQY", cchLength=0x14 | out: lpsz="HLJBYMKVNIXVASQOKYQY") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="BLPKNZWKPZBOYACIPQWR", cchLength=0x14 | out: lpsz="BLPKNZWKPZBOYACIPQWR") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="BLPKNZWKPZBOYACIPQWR", cchLength=0x14 | out: lpsz="BLPKNZWKPZBOYACIPQWR") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="CXGHNHWQAA_SCPGLWOGX", cchLength=0x14 | out: lpsz="CXGHNHWQAA_SCPGLWOGX") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="CXGHNHWQAA_SCPGLWOGX", cchLength=0x14 | out: lpsz="CXGHNHWQAA_SCPGLWOGX") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="EDNVGWFPVNYYFYCSQTLJ", cchLength=0x14 | out: lpsz="EDNVGWFPVNYYFYCSQTLJ") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="EDNVGWFPVNYYFYCSQTLJ", cchLength=0x14 | out: lpsz="EDNVGWFPVNYYFYCSQTLJ") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="ALICSNSFWYIVDQIWHQCR", cchLength=0x14 | out: lpsz="ALICSNSFWYIVDQIWHQCR") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="ALICSNSFWYIVDQIWHQCR", cchLength=0x14 | out: lpsz="ALICSNSFWYIVDQIWHQCR") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="LDWIHRRUKSONYQQELUJJ", cchLength=0x14 | out: lpsz="LDWIHRRUKSONYQQELUJJ") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="LDWIHRRUKSONYQQELUJJ", cchLength=0x14 | out: lpsz="LDWIHRRUKSONYQQELUJJ") returned 0x14 [0074.242] CharUpperBuffW (in: lpsz="SOLSLNWNEINZBBAIEJJJ", cchLength=0x14 | out: lpsz="SOLSLNWNEINZBBAIEJJJ") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="SOLSLNWNEINZBBAIEJJJ", cchLength=0x14 | out: lpsz="SOLSLNWNEINZBBAIEJJJ") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="HJENLEDQFJZKNSJVZO_J", cchLength=0x14 | out: lpsz="HJENLEDQFJZKNSJVZO_J") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="HJENLEDQFJZKNSJVZO_J", cchLength=0x14 | out: lpsz="HJENLEDQFJZKNSJVZO_J") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="UBFLEICZYYDJZUZVMFLM", cchLength=0x14 | out: lpsz="UBFLEICZYYDJZUZVMFLM") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="UBFLEICZYYDJZUZVMFLM", cchLength=0x14 | out: lpsz="UBFLEICZYYDJZUZVMFLM") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="UTHOHFBITGK_IXLCLBKS", cchLength=0x14 | out: lpsz="UTHOHFBITGK_IXLCLBKS") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="UTHOHFBITGK_IXLCLBKS", cchLength=0x14 | out: lpsz="UTHOHFBITGK_IXLCLBKS") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="VZQFAWEYSMVGBKARHEFF", cchLength=0x14 | out: lpsz="VZQFAWEYSMVGBKARHEFF") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="VZQFAWEYSMVGBKARHEFF", cchLength=0x14 | out: lpsz="VZQFAWEYSMVGBKARHEFF") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="XIFTR_QFNRHPTNSLNOMR", cchLength=0x14 | out: lpsz="XIFTR_QFNRHPTNSLNOMR") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="XIFTR_QFNRHPTNSLNOMR", cchLength=0x14 | out: lpsz="XIFTR_QFNRHPTNSLNOMR") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="YLBWXYRLUHRKP_HLLZMI", cchLength=0x14 | out: lpsz="YLBWXYRLUHRKP_HLLZMI") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="YLBWXYRLUHRKP_HLLZMI", cchLength=0x14 | out: lpsz="YLBWXYRLUHRKP_HLLZMI") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="PWUJWERSHOJAKYTYCTIQ", cchLength=0x14 | out: lpsz="PWUJWERSHOJAKYTYCTIQ") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="PWUJWERSHOJAKYTYCTIQ", cchLength=0x14 | out: lpsz="PWUJWERSHOJAKYTYCTIQ") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="KTOYVBHKJRWS_ADYRKPM", cchLength=0x14 | out: lpsz="KTOYVBHKJRWS_ADYRKPM") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="KTOYVBHKJRWS_ADYRKPM", cchLength=0x14 | out: lpsz="KTOYVBHKJRWS_ADYRKPM") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="ULXNFJIRSXYWMYJUENKQ", cchLength=0x14 | out: lpsz="ULXNFJIRSXYWMYJUENKQ") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="ULXNFJIRSXYWMYJUENKQ", cchLength=0x14 | out: lpsz="ULXNFJIRSXYWMYJUENKQ") returned 0x14 [0074.243] CharUpperBuffW (in: lpsz="XUALVRUYFGOHDUDYVWKI", cchLength=0x14 | out: lpsz="XUALVRUYFGOHDUDYVWKI") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="XUALVRUYFGOHDUDYVWKI", cchLength=0x14 | out: lpsz="XUALVRUYFGOHDUDYVWKI") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="TINIZKZMXWBTFDSHWEML", cchLength=0x14 | out: lpsz="TINIZKZMXWBTFDSHWEML") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="TINIZKZMXWBTFDSHWEML", cchLength=0x14 | out: lpsz="TINIZKZMXWBTFDSHWEML") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="_CSSPRFEVFLCOQPHHYGU", cchLength=0x14 | out: lpsz="_CSSPRFEVFLCOQPHHYGU") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="_CSSPRFEVFLCOQPHHYGU", cchLength=0x14 | out: lpsz="_CSSPRFEVFLCOQPHHYGU") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="NGSLUOYFIMWUBBMZBH_W", cchLength=0x14 | out: lpsz="NGSLUOYFIMWUBBMZBH_W") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="NGSLUOYFIMWUBBMZBH_W", cchLength=0x14 | out: lpsz="NGSLUOYFIMWUBBMZBH_W") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="OVACOHOOXARLXEQZPHCZ", cchLength=0x14 | out: lpsz="OVACOHOOXARLXEQZPHCZ") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="OVACOHOOXARLXEQZPHCZ", cchLength=0x14 | out: lpsz="OVACOHOOXARLXEQZPHCZ") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="KQYVXGPV_HFXAPVUEWAP", cchLength=0x14 | out: lpsz="KQYVXGPV_HFXAPVUEWAP") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="KQYVXGPV_HFXAPVUEWAP", cchLength=0x14 | out: lpsz="KQYVXGPV_HFXAPVUEWAP") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0074.244] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="WRQVJPEZVPIXHTUAQCXN", cchLength=0x14 | out: lpsz="WRQVJPEZVPIXHTUAQCXN") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="WRQVJPEZVPIXHTUAQCXN", cchLength=0x14 | out: lpsz="WRQVJPEZVPIXHTUAQCXN") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="WKZBX_RDHBJHOTGDPFTA", cchLength=0x14 | out: lpsz="WKZBX_RDHBJHOTGDPFTA") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="WKZBX_RDHBJHOTGDPFTA", cchLength=0x14 | out: lpsz="WKZBX_RDHBJHOTGDPFTA") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="TLXGGZYRXUGQMMNRNNOO", cchLength=0x14 | out: lpsz="TLXGGZYRXUGQMMNRNNOO") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="TLXGGZYRXUGQMMNRNNOO", cchLength=0x14 | out: lpsz="TLXGGZYRXUGQMMNRNNOO") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="VWMQRWKSQLZGIIVMGEVX", cchLength=0x14 | out: lpsz="VWMQRWKSQLZGIIVMGEVX") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="VWMQRWKSQLZGIIVMGEVX", cchLength=0x14 | out: lpsz="VWMQRWKSQLZGIIVMGEVX") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="KCAASFGRSLF_NYV_NBIC", cchLength=0x14 | out: lpsz="KCAASFGRSLF_NYV_NBIC") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="KCAASFGRSLF_NYV_NBIC", cchLength=0x14 | out: lpsz="KCAASFGRSLF_NYV_NBIC") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="KPRVYNXIUSVYEPQTTIUY", cchLength=0x14 | out: lpsz="KPRVYNXIUSVYEPQTTIUY") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="KPRVYNXIUSVYEPQTTIUY", cchLength=0x14 | out: lpsz="KPRVYNXIUSVYEPQTTIUY") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="CYKQXYMAJZIKQWUKGLBJ", cchLength=0x14 | out: lpsz="CYKQXYMAJZIKQWUKGLBJ") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="CYKQXYMAJZIKQWUKGLBJ", cchLength=0x14 | out: lpsz="CYKQXYMAJZIKQWUKGLBJ") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="DVBIXQ_FBGBJYJQDNQSS", cchLength=0x14 | out: lpsz="DVBIXQ_FBGBJYJQDNQSS") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="DVBIXQ_FBGBJYJQDNQSS", cchLength=0x14 | out: lpsz="DVBIXQ_FBGBJYJQDNQSS") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="H_LYGEYZPMQAEUGEOGJD", cchLength=0x14 | out: lpsz="H_LYGEYZPMQAEUGEOGJD") returned 0x14 [0074.245] CharUpperBuffW (in: lpsz="H_LYGEYZPMQAEUGEOGJD", cchLength=0x14 | out: lpsz="H_LYGEYZPMQAEUGEOGJD") returned 0x14 [0074.246] CharUpperBuffW (in: lpsz="QGNCGEOQQMMYCNVGEDKT", cchLength=0x14 | out: lpsz="QGNCGEOQQMMYCNVGEDKT") returned 0x14 [0074.246] CharUpperBuffW (in: lpsz="QGNCGEOQQMMYCNVGEDKT", cchLength=0x14 | out: lpsz="QGNCGEOQQMMYCNVGEDKT") returned 0x14 [0074.246] CharUpperBuffW (in: lpsz="RAIFMLFDWNPXASFVCIJL", cchLength=0x14 | out: lpsz="RAIFMLFDWNPXASFVCIJL") returned 0x14 [0074.246] CharUpperBuffW (in: lpsz="RAIFMLFDWNPXASFVCIJL", cchLength=0x14 | out: lpsz="RAIFMLFDWNPXASFVCIJL") returned 0x14 [0074.246] CharUpperBuffW (in: lpsz="QPEDF_GTZPGUDSADHZYM", cchLength=0x14 | out: lpsz="QPEDF_GTZPGUDSADHZYM") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="QPEDF_GTZPGUDSADHZYM", cchLength=0x14 | out: lpsz="QPEDF_GTZPGUDSADHZYM") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="YAOVPOWKEYYB_XAMHTSR", cchLength=0x14 | out: lpsz="YAOVPOWKEYYB_XAMHTSR") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="YAOVPOWKEYYB_XAMHTSR", cchLength=0x14 | out: lpsz="YAOVPOWKEYYB_XAMHTSR") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="PRJCGCPUXUAWTCJASZDV", cchLength=0x14 | out: lpsz="PRJCGCPUXUAWTCJASZDV") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="PRJCGCPUXUAWTCJASZDV", cchLength=0x14 | out: lpsz="PRJCGCPUXUAWTCJASZDV") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="LMKTQDPYQAWNHOBKLSPD", cchLength=0x14 | out: lpsz="LMKTQDPYQAWNHOBKLSPD") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="LMKTQDPYQAWNHOBKLSPD", cchLength=0x14 | out: lpsz="LMKTQDPYQAWNHOBKLSPD") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="KBDAWXANAYMENLXTBHYH", cchLength=0x14 | out: lpsz="KBDAWXANAYMENLXTBHYH") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="KBDAWXANAYMENLXTBHYH", cchLength=0x14 | out: lpsz="KBDAWXANAYMENLXTBHYH") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="ZXZROTSXAHLYQONZOSFQ", cchLength=0x14 | out: lpsz="ZXZROTSXAHLYQONZOSFQ") returned 0x14 [0074.292] CharUpperBuffW (in: lpsz="ZXZROTSXAHLYQONZOSFQ", cchLength=0x14 | out: lpsz="ZXZROTSXAHLYQONZOSFQ") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="DRCRGHL_UNGXW_DJNIWD", cchLength=0x14 | out: lpsz="DRCRGHL_UNGXW_DJNIWD") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="DRCRGHL_UNGXW_DJNIWD", cchLength=0x14 | out: lpsz="DRCRGHL_UNGXW_DJNIWD") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="IQAEUFHRNGYTGLLFYOEP", cchLength=0x14 | out: lpsz="IQAEUFHRNGYTGLLFYOEP") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="IQAEUFHRNGYTGLLFYOEP", cchLength=0x14 | out: lpsz="IQAEUFHRNGYTGLLFYOEP") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="EYFXVEJITGJOKOEHRQUX", cchLength=0x14 | out: lpsz="EYFXVEJITGJOKOEHRQUX") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="EYFXVEJITGJOKOEHRQUX", cchLength=0x14 | out: lpsz="EYFXVEJITGJOKOEHRQUX") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="ADLEGKOTZKQAMWSCHNBE", cchLength=0x14 | out: lpsz="ADLEGKOTZKQAMWSCHNBE") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="ADLEGKOTZKQAMWSCHNBE", cchLength=0x14 | out: lpsz="ADLEGKOTZKQAMWSCHNBE") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="VDWNBGSLTDFAOFXVATXQ", cchLength=0x14 | out: lpsz="VDWNBGSLTDFAOFXVATXQ") returned 0x14 [0074.293] CharUpperBuffW (in: lpsz="VDWNBGSLTDFAOFXVATXQ", cchLength=0x14 | out: lpsz="VDWNBGSLTDFAOFXVATXQ") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="VFAZUOFXOKNOJOIXGXMX", cchLength=0x14 | out: lpsz="VFAZUOFXOKNOJOIXGXMX") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="VFAZUOFXOKNOJOIXGXMX", cchLength=0x14 | out: lpsz="VFAZUOFXOKNOJOIXGXMX") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="DZAABHGKMJRRKSWIZKMO", cchLength=0x14 | out: lpsz="DZAABHGKMJRRKSWIZKMO") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="DZAABHGKMJRRKSWIZKMO", cchLength=0x14 | out: lpsz="DZAABHGKMJRRKSWIZKMO") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="LKHBBGWOWJGXSQGTHJTE", cchLength=0x14 | out: lpsz="LKHBBGWOWJGXSQGTHJTE") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="LKHBBGWOWJGXSQGTHJTE", cchLength=0x14 | out: lpsz="LKHBBGWOWJGXSQGTHJTE") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="SRRJZSECBBCSSWOGGRQW", cchLength=0x14 | out: lpsz="SRRJZSECBBCSSWOGGRQW") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="SRRJZSECBBCSSWOGGRQW", cchLength=0x14 | out: lpsz="SRRJZSECBBCSSWOGGRQW") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="__BVDGVYIOLSNUXVDNDW", cchLength=0x14 | out: lpsz="__BVDGVYIOLSNUXVDNDW") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="__BVDGVYIOLSNUXVDNDW", cchLength=0x14 | out: lpsz="__BVDGVYIOLSNUXVDNDW") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="MWKQBSABXTRGDQMR_ZFX", cchLength=0x14 | out: lpsz="MWKQBSABXTRGDQMR_ZFX") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="MWKQBSABXTRGDQMR_ZFX", cchLength=0x14 | out: lpsz="MWKQBSABXTRGDQMR_ZFX") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="GSSHULABEGSZWLCXUHSU", cchLength=0x14 | out: lpsz="GSSHULABEGSZWLCXUHSU") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="GSSHULABEGSZWLCXUHSU", cchLength=0x14 | out: lpsz="GSSHULABEGSZWLCXUHSU") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="NELKGUBTCZVHBQOGTIAS", cchLength=0x14 | out: lpsz="NELKGUBTCZVHBQOGTIAS") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="NELKGUBTCZVHBQOGTIAS", cchLength=0x14 | out: lpsz="NELKGUBTCZVHBQOGTIAS") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="UGAS_CRKTYSEJDLNQCLI", cchLength=0x14 | out: lpsz="UGAS_CRKTYSEJDLNQCLI") returned 0x14 [0074.294] CharUpperBuffW (in: lpsz="UGAS_CRKTYSEJDLNQCLI", cchLength=0x14 | out: lpsz="UGAS_CRKTYSEJDLNQCLI") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="DEFLJIDQKTBQQNUYWIPH", cchLength=0x14 | out: lpsz="DEFLJIDQKTBQQNUYWIPH") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="DEFLJIDQKTBQQNUYWIPH", cchLength=0x14 | out: lpsz="DEFLJIDQKTBQQNUYWIPH") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="QIMOEZQLAMKUJPVLLFNB", cchLength=0x14 | out: lpsz="QIMOEZQLAMKUJPVLLFNB") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="QIMOEZQLAMKUJPVLLFNB", cchLength=0x14 | out: lpsz="QIMOEZQLAMKUJPVLLFNB") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="ZIPWTCTFEVGMTGFRBQKE", cchLength=0x14 | out: lpsz="ZIPWTCTFEVGMTGFRBQKE") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="ZIPWTCTFEVGMTGFRBQKE", cchLength=0x14 | out: lpsz="ZIPWTCTFEVGMTGFRBQKE") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="SJBNKKFEJUJHYSDDUALQ", cchLength=0x14 | out: lpsz="SJBNKKFEJUJHYSDDUALQ") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="SJBNKKFEJUJHYSDDUALQ", cchLength=0x14 | out: lpsz="SJBNKKFEJUJHYSDDUALQ") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="ZKCAABKVU_KZFBRVUJMC", cchLength=0x14 | out: lpsz="ZKCAABKVU_KZFBRVUJMC") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="ZKCAABKVU_KZFBRVUJMC", cchLength=0x14 | out: lpsz="ZKCAABKVU_KZFBRVUJMC") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="BZWRNIVJXUZXKPAWIBBP", cchLength=0x14 | out: lpsz="BZWRNIVJXUZXKPAWIBBP") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="BZWRNIVJXUZXKPAWIBBP", cchLength=0x14 | out: lpsz="BZWRNIVJXUZXKPAWIBBP") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="CELLZRAKURVALWKTKKGT", cchLength=0x14 | out: lpsz="CELLZRAKURVALWKTKKGT") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="CELLZRAKURVALWKTKKGT", cchLength=0x14 | out: lpsz="CELLZRAKURVALWKTKKGT") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="AWLBODDKVEIPWBCPNYQS", cchLength=0x14 | out: lpsz="AWLBODDKVEIPWBCPNYQS") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="AWLBODDKVEIPWBCPNYQS", cchLength=0x14 | out: lpsz="AWLBODDKVEIPWBCPNYQS") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="ONUHBJX_FQMJHPCMXQUP", cchLength=0x14 | out: lpsz="ONUHBJX_FQMJHPCMXQUP") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="ONUHBJX_FQMJHPCMXQUP", cchLength=0x14 | out: lpsz="ONUHBJX_FQMJHPCMXQUP") returned 0x14 [0074.295] CharUpperBuffW (in: lpsz="FXTVGINBESGGVHUBHAIA", cchLength=0x14 | out: lpsz="FXTVGINBESGGVHUBHAIA") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="FXTVGINBESGGVHUBHAIA", cchLength=0x14 | out: lpsz="FXTVGINBESGGVHUBHAIA") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="YMTKQXZNOTHKQXYPTVHF", cchLength=0x14 | out: lpsz="YMTKQXZNOTHKQXYPTVHF") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="YMTKQXZNOTHKQXYPTVHF", cchLength=0x14 | out: lpsz="YMTKQXZNOTHKQXYPTVHF") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="OLGAUG_AAMAVBDSNSMTX", cchLength=0x14 | out: lpsz="OLGAUG_AAMAVBDSNSMTX") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="OLGAUG_AAMAVBDSNSMTX", cchLength=0x14 | out: lpsz="OLGAUG_AAMAVBDSNSMTX") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="BSKXQZHUTMKJTTCBMAUQ", cchLength=0x14 | out: lpsz="BSKXQZHUTMKJTTCBMAUQ") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="BSKXQZHUTMKJTTCBMAUQ", cchLength=0x14 | out: lpsz="BSKXQZHUTMKJTTCBMAUQ") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="FQXYDFKULNH_XGCHAXSH", cchLength=0x14 | out: lpsz="FQXYDFKULNH_XGCHAXSH") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="FQXYDFKULNH_XGCHAXSH", cchLength=0x14 | out: lpsz="FQXYDFKULNH_XGCHAXSH") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="LLAV_SNBRGFRRVVRMBXO", cchLength=0x14 | out: lpsz="LLAV_SNBRGFRRVVRMBXO") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="LLAV_SNBRGFRRVVRMBXO", cchLength=0x14 | out: lpsz="LLAV_SNBRGFRRVVRMBXO") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="QOYYVMVQESVPTQQRTHWE", cchLength=0x14 | out: lpsz="QOYYVMVQESVPTQQRTHWE") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="QOYYVMVQESVPTQQRTHWE", cchLength=0x14 | out: lpsz="QOYYVMVQESVPTQQRTHWE") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="LAVGVQXFGQGCWZYBFUVO", cchLength=0x14 | out: lpsz="LAVGVQXFGQGCWZYBFUVO") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="LAVGVQXFGQGCWZYBFUVO", cchLength=0x14 | out: lpsz="LAVGVQXFGQGCWZYBFUVO") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="FLQZMTLVVQYEYWVWSNDR", cchLength=0x14 | out: lpsz="FLQZMTLVVQYEYWVWSNDR") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="FLQZMTLVVQYEYWVWSNDR", cchLength=0x14 | out: lpsz="FLQZMTLVVQYEYWVWSNDR") returned 0x14 [0074.296] CharUpperBuffW (in: lpsz="FAXWCEOS_KJKYDQ_RGJO", cchLength=0x14 | out: lpsz="FAXWCEOS_KJKYDQ_RGJO") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="FAXWCEOS_KJKYDQ_RGJO", cchLength=0x14 | out: lpsz="FAXWCEOS_KJKYDQ_RGJO") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="TWEOZQLZIZIOUN_KWFSU", cchLength=0x14 | out: lpsz="TWEOZQLZIZIOUN_KWFSU") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="TWEOZQLZIZIOUN_KWFSU", cchLength=0x14 | out: lpsz="TWEOZQLZIZIOUN_KWFSU") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="SKIFEUAESYRCZQKUQWVL", cchLength=0x14 | out: lpsz="SKIFEUAESYRCZQKUQWVL") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="SKIFEUAESYRCZQKUQWVL", cchLength=0x14 | out: lpsz="SKIFEUAESYRCZQKUQWVL") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="C_RPOUWDLANXEBJBDYMH", cchLength=0x14 | out: lpsz="C_RPOUWDLANXEBJBDYMH") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="C_RPOUWDLANXEBJBDYMH", cchLength=0x14 | out: lpsz="C_RPOUWDLANXEBJBDYMH") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="ITWFPFGDSPSLSMKQIXAY", cchLength=0x14 | out: lpsz="ITWFPFGDSPSLSMKQIXAY") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="ITWFPFGDSPSLSMKQIXAY", cchLength=0x14 | out: lpsz="ITWFPFGDSPSLSMKQIXAY") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="UMUDBENUDDBKLRIHNGXH", cchLength=0x14 | out: lpsz="UMUDBENUDDBKLRIHNGXH") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="UMUDBENUDDBKLRIHNGXH", cchLength=0x14 | out: lpsz="UMUDBENUDDBKLRIHNGXH") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="OQFLLLDDFRIZTFPJPDGL", cchLength=0x14 | out: lpsz="OQFLLLDDFRIZTFPJPDGL") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="OQFLLLDDFRIZTFPJPDGL", cchLength=0x14 | out: lpsz="OQFLLLDDFRIZTFPJPDGL") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="DITYZYOACZIDXZOUNCIL", cchLength=0x14 | out: lpsz="DITYZYOACZIDXZOUNCIL") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="DITYZYOACZIDXZOUNCIL", cchLength=0x14 | out: lpsz="DITYZYOACZIDXZOUNCIL") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="QSGBTDANNS_QANWTOZTF", cchLength=0x14 | out: lpsz="QSGBTDANNS_QANWTOZTF") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="QSGBTDANNS_QANWTOZTF", cchLength=0x14 | out: lpsz="QSGBTDANNS_QANWTOZTF") returned 0x14 [0074.297] CharUpperBuffW (in: lpsz="DDMWZTPEEZLF_OFUHAKM", cchLength=0x14 | out: lpsz="DDMWZTPEEZLF_OFUHAKM") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="DDMWZTPEEZLF_OFUHAKM", cchLength=0x14 | out: lpsz="DDMWZTPEEZLF_OFUHAKM") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="PUSNXDLNPPJCJMZS_CXX", cchLength=0x14 | out: lpsz="PUSNXDLNPPJCJMZS_CXX") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="PUSNXDLNPPJCJMZS_CXX", cchLength=0x14 | out: lpsz="PUSNXDLNPPJCJMZS_CXX") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="XVKQUND_LOLNCSWTYCZD", cchLength=0x14 | out: lpsz="XVKQUND_LOLNCSWTYCZD") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="XVKQUND_LOLNCSWTYCZD", cchLength=0x14 | out: lpsz="XVKQUND_LOLNCSWTYCZD") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="HPWHYTUYYFQPRGGVRHMJ", cchLength=0x14 | out: lpsz="HPWHYTUYYFQPRGGVRHMJ") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="HPWHYTUYYFQPRGGVRHMJ", cchLength=0x14 | out: lpsz="HPWHYTUYYFQPRGGVRHMJ") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="NKRJWTXNTBMQVEDNSBWX", cchLength=0x14 | out: lpsz="NKRJWTXNTBMQVEDNSBWX") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="NKRJWTXNTBMQVEDNSBWX", cchLength=0x14 | out: lpsz="NKRJWTXNTBMQVEDNSBWX") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="QJPCUKOGRHHPVHFGLWPT", cchLength=0x14 | out: lpsz="QJPCUKOGRHHPVHFGLWPT") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="QJPCUKOGRHHPVHFGLWPT", cchLength=0x14 | out: lpsz="QJPCUKOGRHHPVHFGLWPT") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="JOVNXETDYMKCTLJKCKLB", cchLength=0x14 | out: lpsz="JOVNXETDYMKCTLJKCKLB") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="JOVNXETDYMKCTLJKCKLB", cchLength=0x14 | out: lpsz="JOVNXETDYMKCTLJKCKLB") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="GHQRTRLBSRGNVKIJRKXK", cchLength=0x14 | out: lpsz="GHQRTRLBSRGNVKIJRKXK") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="GHQRTRLBSRGNVKIJRKXK", cchLength=0x14 | out: lpsz="GHQRTRLBSRGNVKIJRKXK") returned 0x14 [0074.298] CharUpperBuffW (in: lpsz="XZTLSKRWFOBEDNZPVKAM", cchLength=0x14 | out: lpsz="XZTLSKRWFOBEDNZPVKAM") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="XZTLSKRWFOBEDNZPVKAM", cchLength=0x14 | out: lpsz="XZTLSKRWFOBEDNZPVKAM") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="RCGTTSVIYPAFDZAUIYVQ", cchLength=0x14 | out: lpsz="RCGTTSVIYPAFDZAUIYVQ") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="RCGTTSVIYPAFDZAUIYVQ", cchLength=0x14 | out: lpsz="RCGTTSVIYPAFDZAUIYVQ") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="UHPEUJVJUEZIEQXYSYSF", cchLength=0x14 | out: lpsz="UHPEUJVJUEZIEQXYSYSF") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="UHPEUJVJUEZIEQXYSYSF", cchLength=0x14 | out: lpsz="UHPEUJVJUEZIEQXYSYSF") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="WCFWIZIQMRBTJYSTFNEJ", cchLength=0x14 | out: lpsz="WCFWIZIQMRBTJYSTFNEJ") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="WCFWIZIQMRBTJYSTFNEJ", cchLength=0x14 | out: lpsz="WCFWIZIQMRBTJYSTFNEJ") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="BDMVMUCQGDKRUZFZFQGQ", cchLength=0x14 | out: lpsz="BDMVMUCQGDKRUZFZFQGQ") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="BDMVMUCQGDKRUZFZFQGQ", cchLength=0x14 | out: lpsz="BDMVMUCQGDKRUZFZFQGQ") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="VXROSNZLIJSKZBYKECZN", cchLength=0x14 | out: lpsz="VXROSNZLIJSKZBYKECZN") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="VXROSNZLIJSKZBYKECZN", cchLength=0x14 | out: lpsz="VXROSNZLIJSKZBYKECZN") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="UIWMCCQFJDRMBBOOXJFW", cchLength=0x14 | out: lpsz="UIWMCCQFJDRMBBOOXJFW") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="UIWMCCQFJDRMBBOOXJFW", cchLength=0x14 | out: lpsz="UIWMCCQFJDRMBBOOXJFW") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="XITTQWZDHJOOZBSJCARU", cchLength=0x14 | out: lpsz="XITTQWZDHJOOZBSJCARU") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="XITTQWZDHJOOZBSJCARU", cchLength=0x14 | out: lpsz="XITTQWZDHJOOZBSJCARU") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="PFGTKBXSLQPACKKNVVDP", cchLength=0x14 | out: lpsz="PFGTKBXSLQPACKKNVVDP") returned 0x14 [0074.299] CharUpperBuffW (in: lpsz="PFGTKBXSLQPACKKNVVDP", cchLength=0x14 | out: lpsz="PFGTKBXSLQPACKKNVVDP") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="RKSJNPDSZAVIMQEEFECN", cchLength=0x14 | out: lpsz="RKSJNPDSZAVIMQEEFECN") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="RKSJNPDSZAVIMQEEFECN", cchLength=0x14 | out: lpsz="RKSJNPDSZAVIMQEEFECN") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="IPPYUXUIVCEYKOEKTIMU", cchLength=0x14 | out: lpsz="IPPYUXUIVCEYKOEKTIMU") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="IPPYUXUIVCEYKOEKTIMU", cchLength=0x14 | out: lpsz="IPPYUXUIVCEYKOEKTIMU") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="JBYBOGKZIEYLOXJHERCG", cchLength=0x14 | out: lpsz="JBYBOGKZIEYLOXJHERCG") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="JBYBOGKZIEYLOXJHERCG", cchLength=0x14 | out: lpsz="JBYBOGKZIEYLOXJHERCG") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="LIMVUGLRNNIHXNFGBROA", cchLength=0x14 | out: lpsz="LIMVUGLRNNIHXNFGBROA") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="LIMVUGLRNNIHXNFGBROA", cchLength=0x14 | out: lpsz="LIMVUGLRNNIHXNFGBROA") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="MWDBMRMNLRGEOGVUSXHH", cchLength=0x14 | out: lpsz="MWDBMRMNLRGEOGVUSXHH") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="MWDBMRMNLRGEOGVUSXHH", cchLength=0x14 | out: lpsz="MWDBMRMNLRGEOGVUSXHH") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="VGKPCSWHJZHGUCIJZYKW", cchLength=0x14 | out: lpsz="VGKPCSWHJZHGUCIJZYKW") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="VGKPCSWHJZHGUCIJZYKW", cchLength=0x14 | out: lpsz="VGKPCSWHJZHGUCIJZYKW") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="KHJEFLOWHTDMZURLBHHW", cchLength=0x14 | out: lpsz="KHJEFLOWHTDMZURLBHHW") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="KHJEFLOWHTDMZURLBHHW", cchLength=0x14 | out: lpsz="KHJEFLOWHTDMZURLBHHW") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="LABIFMKIKUFUSUZSHVNF", cchLength=0x14 | out: lpsz="LABIFMKIKUFUSUZSHVNF") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="LABIFMKIKUFUSUZSHVNF", cchLength=0x14 | out: lpsz="LABIFMKIKUFUSUZSHVNF") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="SIHRYHBEIJCYMJOSPRPH", cchLength=0x14 | out: lpsz="SIHRYHBEIJCYMJOSPRPH") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="SIHRYHBEIJCYMJOSPRPH", cchLength=0x14 | out: lpsz="SIHRYHBEIJCYMJOSPRPH") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="HDRMFTWJDBTJ_FJXLPSL", cchLength=0x14 | out: lpsz="HDRMFTWJDBTJ_FJXLPSL") returned 0x14 [0074.300] CharUpperBuffW (in: lpsz="HDRMFTWJDBTJ_FJXLPSL", cchLength=0x14 | out: lpsz="HDRMFTWJDBTJ_FJXLPSL") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="ZLHCJNCWPBZUHPFHXPWM", cchLength=0x14 | out: lpsz="ZLHCJNCWPBZUHPFHXPWM") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="ZLHCJNCWPBZUHPFHXPWM", cchLength=0x14 | out: lpsz="ZLHCJNCWPBZUHPFHXPWM") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="SZHCUEBSXKCEZNFRHZQY", cchLength=0x14 | out: lpsz="SZHCUEBSXKCEZNFRHZQY") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="SZHCUEBSXKCEZNFRHZQY", cchLength=0x14 | out: lpsz="SZHCUEBSXKCEZNFRHZQY") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="PRHZCJBDEHIZIXVYSQQE", cchLength=0x14 | out: lpsz="PRHZCJBDEHIZIXVYSQQE") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="PRHZCJBDEHIZIXVYSQQE", cchLength=0x14 | out: lpsz="PRHZCJBDEHIZIXVYSQQE") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="KNZSBCHOOMYPFVCJHAZM", cchLength=0x14 | out: lpsz="KNZSBCHOOMYPFVCJHAZM") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="KNZSBCHOOMYPFVCJHAZM", cchLength=0x14 | out: lpsz="KNZSBCHOOMYPFVCJHAZM") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="FNAILWURKGNYQZKQWAAG", cchLength=0x14 | out: lpsz="FNAILWURKGNYQZKQWAAG") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="FNAILWURKGNYQZKQWAAG", cchLength=0x14 | out: lpsz="FNAILWURKGNYQZKQWAAG") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="XTQPOMQJYMMWBMBCKSHK", cchLength=0x14 | out: lpsz="XTQPOMQJYMMWBMBCKSHK") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="XTQPOMQJYMMWBMBCKSHK", cchLength=0x14 | out: lpsz="XTQPOMQJYMMWBMBCKSHK") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="LEKXJAXCLQDYTHKWULHH", cchLength=0x14 | out: lpsz="LEKXJAXCLQDYTHKWULHH") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="LEKXJAXCLQDYTHKWULHH", cchLength=0x14 | out: lpsz="LEKXJAXCLQDYTHKWULHH") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="BWADFEOCJOPDNGIPFCCV", cchLength=0x14 | out: lpsz="BWADFEOCJOPDNGIPFCCV") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="BWADFEOCJOPDNGIPFCCV", cchLength=0x14 | out: lpsz="BWADFEOCJOPDNGIPFCCV") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="DEYLPAVMIYPLGNTXMXUF", cchLength=0x14 | out: lpsz="DEYLPAVMIYPLGNTXMXUF") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="DEYLPAVMIYPLGNTXMXUF", cchLength=0x14 | out: lpsz="DEYLPAVMIYPLGNTXMXUF") returned 0x14 [0074.301] CharUpperBuffW (in: lpsz="RPCUSNFQHYHRVYTZKCHU", cchLength=0x14 | out: lpsz="RPCUSNFQHYHRVYTZKCHU") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="RPCUSNFQHYHRVYTZKCHU", cchLength=0x14 | out: lpsz="RPCUSNFQHYHRVYTZKCHU") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="TOXURRXVSFXJPRYAKVAW", cchLength=0x14 | out: lpsz="TOXURRXVSFXJPRYAKVAW") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="TOXURRXVSFXJPRYAKVAW", cchLength=0x14 | out: lpsz="TOXURRXVSFXJPRYAKVAW") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="IVYRHZH_MOUGEF_BWEWN", cchLength=0x14 | out: lpsz="IVYRHZH_MOUGEF_BWEWN") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="IVYRHZH_MOUGEF_BWEWN", cchLength=0x14 | out: lpsz="IVYRHZH_MOUGEF_BWEWN") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="OWNVKKFFKDZAOEAMUSJJ", cchLength=0x14 | out: lpsz="OWNVKKFFKDZAOEAMUSJJ") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="OWNVKKFFKDZAOEAMUSJJ", cchLength=0x14 | out: lpsz="OWNVKKFFKDZAOEAMUSJJ") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="TKCHTEJEFZJEEVZSYXWM", cchLength=0x14 | out: lpsz="TKCHTEJEFZJEEVZSYXWM") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="TKCHTEJEFZJEEVZSYXWM", cchLength=0x14 | out: lpsz="TKCHTEJEFZJEEVZSYXWM") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="SQKMHKVKBWNYIKVYORTX", cchLength=0x14 | out: lpsz="SQKMHKVKBWNYIKVYORTX") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="SQKMHKVKBWNYIKVYORTX", cchLength=0x14 | out: lpsz="SQKMHKVKBWNYIKVYORTX") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="LSNAHUWHYFRLXNSMOZHK", cchLength=0x14 | out: lpsz="LSNAHUWHYFRLXNSMOZHK") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="LSNAHUWHYFRLXNSMOZHK", cchLength=0x14 | out: lpsz="LSNAHUWHYFRLXNSMOZHK") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="XKZZHNKQRHSOCTSDNALN", cchLength=0x14 | out: lpsz="XKZZHNKQRHSOCTSDNALN") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="XKZZHNKQRHSOCTSDNALN", cchLength=0x14 | out: lpsz="XKZZHNKQRHSOCTSDNALN") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="JPRZYKZWYKBQSWAJADDK", cchLength=0x14 | out: lpsz="JPRZYKZWYKBQSWAJADDK") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="JPRZYKZWYKBQSWAJADDK", cchLength=0x14 | out: lpsz="JPRZYKZWYKBQSWAJADDK") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="DVULHMFDYCFTYYUKCHKO", cchLength=0x14 | out: lpsz="DVULHMFDYCFTYYUKCHKO") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="DVULHMFDYCFTYYUKCHKO", cchLength=0x14 | out: lpsz="DVULHMFDYCFTYYUKCHKO") returned 0x14 [0074.302] CharUpperBuffW (in: lpsz="LSDYQEEKTKAVTXYGDLPE", cchLength=0x14 | out: lpsz="LSDYQEEKTKAVTXYGDLPE") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="LSDYQEEKTKAVTXYGDLPE", cchLength=0x14 | out: lpsz="LSDYQEEKTKAVTXYGDLPE") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="WPWOPHXKHOTUUFFETAUL", cchLength=0x14 | out: lpsz="WPWOPHXKHOTUUFFETAUL") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="WPWOPHXKHOTUUFFETAUL", cchLength=0x14 | out: lpsz="WPWOPHXKHOTUUFFETAUL") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="ITJEBW_KUKIGFRJHRFRQ", cchLength=0x14 | out: lpsz="ITJEBW_KUKIGFRJHRFRQ") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="ITJEBW_KUKIGFRJHRFRQ", cchLength=0x14 | out: lpsz="ITJEBW_KUKIGFRJHRFRQ") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="ZDYUVUEBEPHHTRJJDMHV", cchLength=0x14 | out: lpsz="ZDYUVUEBEPHHTRJJDMHV") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="ZDYUVUEBEPHHTRJJDMHV", cchLength=0x14 | out: lpsz="ZDYUVUEBEPHHTRJJDMHV") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="PUDIWMCMAOHASZWFWHUO", cchLength=0x14 | out: lpsz="PUDIWMCMAOHASZWFWHUO") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="PUDIWMCMAOHASZWFWHUO", cchLength=0x14 | out: lpsz="PUDIWMCMAOHASZWFWHUO") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="OULXOKORBEPHSUWWZSSD", cchLength=0x14 | out: lpsz="OULXOKORBEPHSUWWZSSD") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="OULXOKORBEPHSUWWZSSD", cchLength=0x14 | out: lpsz="OULXOKORBEPHSUWWZSSD") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="OBVGJXECTDKCOAVFINBE", cchLength=0x14 | out: lpsz="OBVGJXECTDKCOAVFINBE") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="OBVGJXECTDKCOAVFINBE", cchLength=0x14 | out: lpsz="OBVGJXECTDKCOAVFINBE") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="VCUQIRTZTFQYUIHZQ_ZQ", cchLength=0x14 | out: lpsz="VCUQIRTZTFQYUIHZQ_ZQ") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="VCUQIRTZTFQYUIHZQ_ZQ", cchLength=0x14 | out: lpsz="VCUQIRTZTFQYUIHZQ_ZQ") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="VCDTDFGNNNRV_IOGQLOW", cchLength=0x14 | out: lpsz="VCDTDFGNNNRV_IOGQLOW") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="VCDTDFGNNNRV_IOGQLOW", cchLength=0x14 | out: lpsz="VCDTDFGNNNRV_IOGQLOW") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="FKYHLSTE_YZ_SYOSBXJA", cchLength=0x14 | out: lpsz="FKYHLSTE_YZ_SYOSBXJA") returned 0x14 [0074.303] CharUpperBuffW (in: lpsz="FKYHLSTE_YZ_SYOSBXJA", cchLength=0x14 | out: lpsz="FKYHLSTE_YZ_SYOSBXJA") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="XTU_MNHMNMOSARZNPBYW", cchLength=0x14 | out: lpsz="XTU_MNHMNMOSARZNPBYW") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="XTU_MNHMNMOSARZNPBYW", cchLength=0x14 | out: lpsz="XTU_MNHMNMOSARZNPBYW") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="HTPOPVOPGUBJZTSIAHBE", cchLength=0x14 | out: lpsz="HTPOPVOPGUBJZTSIAHBE") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="HTPOPVOPGUBJZTSIAHBE", cchLength=0x14 | out: lpsz="HTPOPVOPGUBJZTSIAHBE") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="GFTXNICECJIULVWFRFNY", cchLength=0x14 | out: lpsz="GFTXNICECJIULVWFRFNY") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="GFTXNICECJIULVWFRFNY", cchLength=0x14 | out: lpsz="GFTXNICECJIULVWFRFNY") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="CRPPQNCEZBHGIJZXOUHK", cchLength=0x14 | out: lpsz="CRPPQNCEZBHGIJZXOUHK") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="CRPPQNCEZBHGIJZXOUHK", cchLength=0x14 | out: lpsz="CRPPQNCEZBHGIJZXOUHK") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="HFD_PPEYGZGWODHGGEET", cchLength=0x14 | out: lpsz="HFD_PPEYGZGWODHGGEET") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="HFD_PPEYGZGWODHGGEET", cchLength=0x14 | out: lpsz="HFD_PPEYGZGWODHGGEET") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="NNEYJGOGZYUPELRXTEXG", cchLength=0x14 | out: lpsz="NNEYJGOGZYUPELRXTEXG") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="NNEYJGOGZYUPELRXTEXG", cchLength=0x14 | out: lpsz="NNEYJGOGZYUPELRXTEXG") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="WDBAFVEZOSLYTZHHSRGD", cchLength=0x14 | out: lpsz="WDBAFVEZOSLYTZHHSRGD") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="WDBAFVEZOSLYTZHHSRGD", cchLength=0x14 | out: lpsz="WDBAFVEZOSLYTZHHSRGD") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="MEAAVZHABWRSHQQGOZKA", cchLength=0x14 | out: lpsz="MEAAVZHABWRSHQQGOZKA") returned 0x14 [0074.304] CharUpperBuffW (in: lpsz="MEAAVZHABWRSHQQGOZKA", cchLength=0x14 | out: lpsz="MEAAVZHABWRSHQQGOZKA") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="RKHQTDK_WPOHUZLTVFMK", cchLength=0x14 | out: lpsz="RKHQTDK_WPOHUZLTVFMK") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="RKHQTDK_WPOHUZLTVFMK", cchLength=0x14 | out: lpsz="RKHQTDK_WPOHUZLTVFMK") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="_VLLMBSNIBMCRUXRSCUX", cchLength=0x14 | out: lpsz="_VLLMBSNIBMCRUXRSCUX") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="_VLLMBSNIBMCRUXRSCUX", cchLength=0x14 | out: lpsz="_VLLMBSNIBMCRUXRSCUX") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="ISADYLKKPXUPXARQNXBP", cchLength=0x14 | out: lpsz="ISADYLKKPXUPXARQNXBP") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="ISADYLKKPXUPXARQNXBP", cchLength=0x14 | out: lpsz="ISADYLKKPXUPXARQNXBP") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="CVNLVR_DFDLSDFAPCLFU", cchLength=0x14 | out: lpsz="CVNLVR_DFDLSDFAPCLFU") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="CVNLVR_DFDLSDFAPCLFU", cchLength=0x14 | out: lpsz="CVNLVR_DFDLSDFAPCLFU") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="OHXKKWHTXOZEJTNOCEBB", cchLength=0x14 | out: lpsz="OHXKKWHTXOZEJTNOCEBB") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="OHXKKWHTXOZEJTNOCEBB", cchLength=0x14 | out: lpsz="OHXKKWHTXOZEJTNOCEBB") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="SGWARWGADNHLJKRYWELA", cchLength=0x14 | out: lpsz="SGWARWGADNHLJKRYWELA") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="SGWARWGADNHLJKRYWELA", cchLength=0x14 | out: lpsz="SGWARWGADNHLJKRYWELA") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="OJJUPUCKHOMLTUJFOFZO", cchLength=0x14 | out: lpsz="OJJUPUCKHOMLTUJFOFZO") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="OJJUPUCKHOMLTUJFOFZO", cchLength=0x14 | out: lpsz="OJJUPUCKHOMLTUJFOFZO") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="FSFZQERZNUYCYJWCIFLY", cchLength=0x14 | out: lpsz="FSFZQERZNUYCYJWCIFLY") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="FSFZQERZNUYCYJWCIFLY", cchLength=0x14 | out: lpsz="FSFZQERZNUYCYJWCIFLY") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="WZMFFPCLCOHMNTQEIXGC", cchLength=0x14 | out: lpsz="WZMFFPCLCOHMNTQEIXGC") returned 0x14 [0074.305] CharUpperBuffW (in: lpsz="WZMFFPCLCOHMNTQEIXGC", cchLength=0x14 | out: lpsz="WZMFFPCLCOHMNTQEIXGC") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="HDHIEQUDWQVBNLSHSHRX", cchLength=0x14 | out: lpsz="HDHIEQUDWQVBNLSHSHRX") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="HDHIEQUDWQVBNLSHSHRX", cchLength=0x14 | out: lpsz="HDHIEQUDWQVBNLSHSHRX") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="ZXNFKSHKIOPXSQZBPEPK", cchLength=0x14 | out: lpsz="ZXNFKSHKIOPXSQZBPEPK") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="ZXNFKSHKIOPXSQZBPEPK", cchLength=0x14 | out: lpsz="ZXNFKSHKIOPXSQZBPEPK") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="IRCCVHAXFWQSUGJMSWDK", cchLength=0x14 | out: lpsz="IRCCVHAXFWQSUGJMSWDK") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="IRCCVHAXFWQSUGJMSWDK", cchLength=0x14 | out: lpsz="IRCCVHAXFWQSUGJMSWDK") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="GJHDYFSSYZMGFEEFOMRN", cchLength=0x14 | out: lpsz="GJHDYFSSYZMGFEEFOMRN") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="GJHDYFSSYZMGFEEFOMRN", cchLength=0x14 | out: lpsz="GJHDYFSSYZMGFEEFOMRN") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="BIDOJEBGHCYETYYJGYNO", cchLength=0x14 | out: lpsz="BIDOJEBGHCYETYYJGYNO") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="BIDOJEBGHCYETYYJGYNO", cchLength=0x14 | out: lpsz="BIDOJEBGHCYETYYJGYNO") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="EYRTITKXAS_NMZLEDUFW", cchLength=0x14 | out: lpsz="EYRTITKXAS_NMZLEDUFW") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="EYRTITKXAS_NMZLEDUFW", cchLength=0x14 | out: lpsz="EYRTITKXAS_NMZLEDUFW") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="MDVFSJKDBBJALWZOUHAI", cchLength=0x14 | out: lpsz="MDVFSJKDBBJALWZOUHAI") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="MDVFSJKDBBJALWZOUHAI", cchLength=0x14 | out: lpsz="MDVFSJKDBBJALWZOUHAI") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="OKESWZID_VMECMMRSBTR", cchLength=0x14 | out: lpsz="OKESWZID_VMECMMRSBTR") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="OKESWZID_VMECMMRSBTR", cchLength=0x14 | out: lpsz="OKESWZID_VMECMMRSBTR") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="GMWANQJDNSCJBVHDFAOV", cchLength=0x14 | out: lpsz="GMWANQJDNSCJBVHDFAOV") returned 0x14 [0074.306] CharUpperBuffW (in: lpsz="GMWANQJDNSCJBVHDFAOV", cchLength=0x14 | out: lpsz="GMWANQJDNSCJBVHDFAOV") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="PQRBWHIZFIQSVMNU_JDZ", cchLength=0x14 | out: lpsz="PQRBWHIZFIQSVMNU_JDZ") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="PQRBWHIZFIQSVMNU_JDZ", cchLength=0x14 | out: lpsz="PQRBWHIZFIQSVMNU_JDZ") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="VNCOZIFXWXRGKPZBBQJL", cchLength=0x14 | out: lpsz="VNCOZIFXWXRGKPZBBQJL") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="VNCOZIFXWXRGKPZBBQJL", cchLength=0x14 | out: lpsz="VNCOZIFXWXRGKPZBBQJL") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="YODCYMLMBCEOGXXGRJUO", cchLength=0x14 | out: lpsz="YODCYMLMBCEOGXXGRJUO") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="YODCYMLMBCEOGXXGRJUO", cchLength=0x14 | out: lpsz="YODCYMLMBCEOGXXGRJUO") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="HTONKTGQHKXYYYEYDYII", cchLength=0x14 | out: lpsz="HTONKTGQHKXYYYEYDYII") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="HTONKTGQHKXYYYEYDYII", cchLength=0x14 | out: lpsz="HTONKTGQHKXYYYEYDYII") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="QHY_VEKLRNXMTKPXUZBG", cchLength=0x14 | out: lpsz="QHY_VEKLRNXMTKPXUZBG") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="QHY_VEKLRNXMTKPXUZBG", cchLength=0x14 | out: lpsz="QHY_VEKLRNXMTKPXUZBG") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="WARQ_OHIFYVLQUQFURMT", cchLength=0x14 | out: lpsz="WARQ_OHIFYVLQUQFURMT") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="WARQ_OHIFYVLQUQFURMT", cchLength=0x14 | out: lpsz="WARQ_OHIFYVLQUQFURMT") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="_FED_JCJDPAEOFIMFHNX", cchLength=0x14 | out: lpsz="_FED_JCJDPAEOFIMFHNX") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="_FED_JCJDPAEOFIMFHNX", cchLength=0x14 | out: lpsz="_FED_JCJDPAEOFIMFHNX") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="T_AABNHFHB_TJABYGPLZ", cchLength=0x14 | out: lpsz="T_AABNHFHB_TJABYGPLZ") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="T_AABNHFHB_TJABYGPLZ", cchLength=0x14 | out: lpsz="T_AABNHFHB_TJABYGPLZ") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="XDBKJQXPRDTBRLBPRGQV", cchLength=0x14 | out: lpsz="XDBKJQXPRDTBRLBPRGQV") returned 0x14 [0074.307] CharUpperBuffW (in: lpsz="XDBKJQXPRDTBRLBPRGQV", cchLength=0x14 | out: lpsz="XDBKJQXPRDTBRLBPRGQV") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="TW__KSEZODHPOLPGNLFJ", cchLength=0x14 | out: lpsz="TW__KSEZODHPOLPGNLFJ") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="TW__KSEZODHPOLPGNLFJ", cchLength=0x14 | out: lpsz="TW__KSEZODHPOLPGNLFJ") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="KXYJGKGLGKHPVNTMLFIK", cchLength=0x14 | out: lpsz="KXYJGKGLGKHPVNTMLFIK") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="KXYJGKGLGKHPVNTMLFIK", cchLength=0x14 | out: lpsz="KXYJGKGLGKHPVNTMLFIK") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="SAGS_YFDQJYEQAPHYLCG", cchLength=0x14 | out: lpsz="SAGS_YFDQJYEQAPHYLCG") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="SAGS_YFDQJYEQAPHYLCG", cchLength=0x14 | out: lpsz="SAGS_YFDQJYEQAPHYLCG") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="DZZJMWFLZYIWBVNBMVZE", cchLength=0x14 | out: lpsz="DZZJMWFLZYIWBVNBMVZE") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="DZZJMWFLZYIWBVNBMVZE", cchLength=0x14 | out: lpsz="DZZJMWFLZYIWBVNBMVZE") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="RCIJDGN_XLXDMZRDWSMX", cchLength=0x14 | out: lpsz="RCIJDGN_XLXDMZRDWSMX") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="RCIJDGN_XLXDMZRDWSMX", cchLength=0x14 | out: lpsz="RCIJDGN_XLXDMZRDWSMX") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="QOQQJFLFNFGSFYSDVDDB", cchLength=0x14 | out: lpsz="QOQQJFLFNFGSFYSDVDDB") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="QOQQJFLFNFGSFYSDVDDB", cchLength=0x14 | out: lpsz="QOQQJFLFNFGSFYSDVDDB") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="CIDJOLQMLUZPCFYMYKCA", cchLength=0x14 | out: lpsz="CIDJOLQMLUZPCFYMYKCA") returned 0x14 [0074.308] CharUpperBuffW (in: lpsz="CIDJOLQMLUZPCFYMYKCA", cchLength=0x14 | out: lpsz="CIDJOLQMLUZPCFYMYKCA") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="PKZMZRMKPHMWTFXIKP_X", cchLength=0x14 | out: lpsz="PKZMZRMKPHMWTFXIKP_X") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="PKZMZRMKPHMWTFXIKP_X", cchLength=0x14 | out: lpsz="PKZMZRMKPHMWTFXIKP_X") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="CTQWCRMIZPFLPOKVKTCD", cchLength=0x14 | out: lpsz="CTQWCRMIZPFLPOKVKTCD") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="CTQWCRMIZPFLPOKVKTCD", cchLength=0x14 | out: lpsz="CTQWCRMIZPFLPOKVKTCD") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="FWQLBVSNPAQPGVVHAPMU", cchLength=0x14 | out: lpsz="FWQLBVSNPAQPGVVHAPMU") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="FWQLBVSNPAQPGVVHAPMU", cchLength=0x14 | out: lpsz="FWQLBVSNPAQPGVVHAPMU") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="PPNHWGKBCCZHAWBLAJGN", cchLength=0x14 | out: lpsz="PPNHWGKBCCZHAWBLAJGN") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="PPNHWGKBCCZHAWBLAJGN", cchLength=0x14 | out: lpsz="PPNHWGKBCCZHAWBLAJGN") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="DTJCFUNUJH_IQSIOGOQJ", cchLength=0x14 | out: lpsz="DTJCFUNUJH_IQSIOGOQJ") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="DTJCFUNUJH_IQSIOGOQJ", cchLength=0x14 | out: lpsz="DTJCFUNUJH_IQSIOGOQJ") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="APYZVQUPRWRVODOGECJS", cchLength=0x14 | out: lpsz="APYZVQUPRWRVODOGECJS") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="APYZVQUPRWRVODOGECJS", cchLength=0x14 | out: lpsz="APYZVQUPRWRVODOGECJS") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="EPYBHTEUFHLCJBZQWPEM", cchLength=0x14 | out: lpsz="EPYBHTEUFHLCJBZQWPEM") returned 0x14 [0074.309] CharUpperBuffW (in: lpsz="EPYBHTEUFHLCJBZQWPEM", cchLength=0x14 | out: lpsz="EPYBHTEUFHLCJBZQWPEM") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="IBVHYPILGIXJYVQILMYO", cchLength=0x14 | out: lpsz="IBVHYPILGIXJYVQILMYO") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="IBVHYPILGIXJYVQILMYO", cchLength=0x14 | out: lpsz="IBVHYPILGIXJYVQILMYO") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="WPBTRMHZOETCDHHH_XTP", cchLength=0x14 | out: lpsz="WPBTRMHZOETCDHHH_XTP") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="WPBTRMHZOETCDHHH_XTP", cchLength=0x14 | out: lpsz="WPBTRMHZOETCDHHH_XTP") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="YEVGNMEDZIUOITPBWGPA", cchLength=0x14 | out: lpsz="YEVGNMEDZIUOITPBWGPA") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="YEVGNMEDZIUOITPBWGPA", cchLength=0x14 | out: lpsz="YEVGNMEDZIUOITPBWGPA") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="GYILVUWVFBURJJFQCWFA", cchLength=0x14 | out: lpsz="GYILVUWVFBURJJFQCWFA") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="GYILVUWVFBURJJFQCWFA", cchLength=0x14 | out: lpsz="GYILVUWVFBURJJFQCWFA") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="XQOQAOWEZIRLBJKJBEY_", cchLength=0x14 | out: lpsz="XQOQAOWEZIRLBJKJBEY_") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="XQOQAOWEZIRLBJKJBEY_", cchLength=0x14 | out: lpsz="XQOQAOWEZIRLBJKJBEY_") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="PAJEJYKCEETSNQAJREGH", cchLength=0x14 | out: lpsz="PAJEJYKCEETSNQAJREGH") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="PAJEJYKCEETSNQAJREGH", cchLength=0x14 | out: lpsz="PAJEJYKCEETSNQAJREGH") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="GDKSTIODCDCSHYIHXLYK", cchLength=0x14 | out: lpsz="GDKSTIODCDCSHYIHXLYK") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="GDKSTIODCDCSHYIHXLYK", cchLength=0x14 | out: lpsz="GDKSTIODCDCSHYIHXLYK") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="BHTGUGQEBXHHTQOCHDUX", cchLength=0x14 | out: lpsz="BHTGUGQEBXHHTQOCHDUX") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="BHTGUGQEBXHHTQOCHDUX", cchLength=0x14 | out: lpsz="BHTGUGQEBXHHTQOCHDUX") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="BZQGNRLLWXPOYBKPJEDA", cchLength=0x14 | out: lpsz="BZQGNRLLWXPOYBKPJEDA") returned 0x14 [0074.310] CharUpperBuffW (in: lpsz="BZQGNRLLWXPOYBKPJEDA", cchLength=0x14 | out: lpsz="BZQGNRLLWXPOYBKPJEDA") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="JDWYDLJUCYGMBZLBLG_H", cchLength=0x14 | out: lpsz="JDWYDLJUCYGMBZLBLG_H") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="JDWYDLJUCYGMBZLBLG_H", cchLength=0x14 | out: lpsz="JDWYDLJUCYGMBZLBLG_H") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="UFRUQLGZUCSPKPJARFTN", cchLength=0x14 | out: lpsz="UFRUQLGZUCSPKPJARFTN") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="UFRUQLGZUCSPKPJARFTN", cchLength=0x14 | out: lpsz="UFRUQLGZUCSPKPJARFTN") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="_JQVKMDRCABYSNMJQCDE", cchLength=0x14 | out: lpsz="_JQVKMDRCABYSNMJQCDE") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="_JQVKMDRCABYSNMJQCDE", cchLength=0x14 | out: lpsz="_JQVKMDRCABYSNMJQCDE") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="FTGNMEKDAAFZEWQDECSC", cchLength=0x14 | out: lpsz="FTGNMEKDAAFZEWQDECSC") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="FTGNMEKDAAFZEWQDECSC", cchLength=0x14 | out: lpsz="FTGNMEKDAAFZEWQDECSC") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="WVKJIAUVVSSDHBFCRWSC", cchLength=0x14 | out: lpsz="WVKJIAUVVSSDHBFCRWSC") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="WVKJIAUVVSSDHBFCRWSC", cchLength=0x14 | out: lpsz="WVKJIAUVVSSDHBFCRWSC") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="CWWJDZDRPKEYWEOOMTZC", cchLength=0x14 | out: lpsz="CWWJDZDRPKEYWEOOMTZC") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="CWWJDZDRPKEYWEOOMTZC", cchLength=0x14 | out: lpsz="CWWJDZDRPKEYWEOOMTZC") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="XCNGMGEAGHSUDDARJDYP", cchLength=0x14 | out: lpsz="XCNGMGEAGHSUDDARJDYP") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="XCNGMGEAGHSUDDARJDYP", cchLength=0x14 | out: lpsz="XCNGMGEAGHSUDDARJDYP") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="XJCBHVTBVNAAHPTCOJIH", cchLength=0x14 | out: lpsz="XJCBHVTBVNAAHPTCOJIH") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="XJCBHVTBVNAAHPTCOJIH", cchLength=0x14 | out: lpsz="XJCBHVTBVNAAHPTCOJIH") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="PYOFW_UFHUZBTTKXKJBE", cchLength=0x14 | out: lpsz="PYOFW_UFHUZBTTKXKJBE") returned 0x14 [0074.311] CharUpperBuffW (in: lpsz="PYOFW_UFHUZBTTKXKJBE", cchLength=0x14 | out: lpsz="PYOFW_UFHUZBTTKXKJBE") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="THUNQNYIRVD_HHJQHNJG", cchLength=0x14 | out: lpsz="THUNQNYIRVD_HHJQHNJG") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="THUNQNYIRVD_HHJQHNJG", cchLength=0x14 | out: lpsz="THUNQNYIRVD_HHJQHNJG") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="FUMGYKJMLMFUMTJJRPCS", cchLength=0x14 | out: lpsz="FUMGYKJMLMFUMTJJRPCS") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="FUMGYKJMLMFUMTJJRPCS", cchLength=0x14 | out: lpsz="FUMGYKJMLMFUMTJJRPCS") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="CTP_INOGFOQ_WWYF_Z_W", cchLength=0x14 | out: lpsz="CTP_INOGFOQ_WWYF_Z_W") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="CTP_INOGFOQ_WWYF_Z_W", cchLength=0x14 | out: lpsz="CTP_INOGFOQ_WWYF_Z_W") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="VDVOOMJPWAGIGUX_VIGF", cchLength=0x14 | out: lpsz="VDVOOMJPWAGIGUX_VIGF") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="VDVOOMJPWAGIGUX_VIGF", cchLength=0x14 | out: lpsz="VDVOOMJPWAGIGUX_VIGF") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="IWRPIMFBXWYAOQIGAFNF", cchLength=0x14 | out: lpsz="IWRPIMFBXWYAOQIGAFNF") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="IWRPIMFBXWYAOQIGAFNF", cchLength=0x14 | out: lpsz="IWRPIMFBXWYAOQIGAFNF") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="XCTVUFFFOMRAKCNJIXZD", cchLength=0x14 | out: lpsz="XCTVUFFFOMRAKCNJIXZD") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="XCTVUFFFOMRAKCNJIXZD", cchLength=0x14 | out: lpsz="XCTVUFFFOMRAKCNJIXZD") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="XTYLCIJZDSHJNUFCFCMT", cchLength=0x14 | out: lpsz="XTYLCIJZDSHJNUFCFCMT") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="XTYLCIJZDSHJNUFCFCMT", cchLength=0x14 | out: lpsz="XTYLCIJZDSHJNUFCFCMT") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="KAAEBMNAAVJBRZURMCRW", cchLength=0x14 | out: lpsz="KAAEBMNAAVJBRZURMCRW") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="KAAEBMNAAVJBRZURMCRW", cchLength=0x14 | out: lpsz="KAAEBMNAAVJBRZURMCRW") returned 0x14 [0074.312] CharUpperBuffW (in: lpsz="XESO_WBEJFAKOYIIVDHE", cchLength=0x14 | out: lpsz="XESO_WBEJFAKOYIIVDHE") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="XESO_WBEJFAKOYIIVDHE", cchLength=0x14 | out: lpsz="XESO_WBEJFAKOYIIVDHE") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="PXWKOBSBIMY_QHIJFXBU", cchLength=0x14 | out: lpsz="PXWKOBSBIMY_QHIJFXBU") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="PXWKOBSBIMY_QHIJFXBU", cchLength=0x14 | out: lpsz="PXWKOBSBIMY_QHIJFXBU") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="YPOGHJKBEUZJSRGNMPDT", cchLength=0x14 | out: lpsz="YPOGHJKBEUZJSRGNMPDT") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="YPOGHJKBEUZJSRGNMPDT", cchLength=0x14 | out: lpsz="YPOGHJKBEUZJSRGNMPDT") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="JHNWSAZCFMPCUSANISFG", cchLength=0x14 | out: lpsz="JHNWSAZCFMPCUSANISFG") returned 0x14 [0074.313] CharUpperBuffW (in: lpsz="JHNWSAZCFMPCUSANISFG", cchLength=0x14 | out: lpsz="JHNWSAZCFMPCUSANISFG") returned 0x14 [0074.314] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x13ffcc8, lpFilePart=0x140fccc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x140fccc*="urkotu.exe") returned 0x28 [0074.314] GetSysColorBrush (nIndex=15) returned 0x1100074 [0074.314] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0074.314] LoadIconW (hInstance=0xed0000, lpIconName=0x63) returned 0x110211 [0074.316] LoadIconW (hInstance=0xed0000, lpIconName=0xa4) returned 0x0 [0074.316] LoadIconW (hInstance=0xed0000, lpIconName=0xa2) returned 0x0 [0074.316] LoadImageW (hInst=0xed0000, name=0x63, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x190209 [0074.317] RegisterClassExW (param_1=0x140fca4) returned 0xc15e [0074.317] GetSysColorBrush (nIndex=15) returned 0x1100074 [0074.317] RegisterClassExW (param_1=0x140fc48) returned 0xc15d [0074.317] RegisterClipboardFormatW (lpszFormat="TaskbarCreated") returned 0xc078 [0074.317] InitCommonControlsEx (picce=0x140fc78) returned 1 [0074.323] ImageList_Create (cx=16, cy=16, flags=0x21, cInitial=1, cGrow=1) returned 0x3ebe030 [0074.328] LoadIconW (hInstance=0xed0000, lpIconName=0xa9) returned 0xb00e7 [0074.329] ImageList_ReplaceIcon (himl=0x3ebe030, i=-1, hicon=0xb00e7) returned 0 [0074.335] CreateWindowExW (dwExStyle=0x0, lpClassName="AutoIt v3", lpWindowName="AutoIt v3", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=100, hWndParent=0x0, hMenu=0x0, hInstance=0xed0000, lpParam=0x0) returned 0x40170 [0074.336] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x24, wParam=0x0, lParam=0x140f85c) returned 0x0 [0074.337] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x81, wParam=0x0, lParam=0x140f850) returned 0x1 [0074.341] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x83, wParam=0x0, lParam=0x140f83c) returned 0x0 [0074.594] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0074.594] RegisterClipboardFormatW (lpszFormat="TaskbarCreated") returned 0xc078 [0074.594] CreatePopupMenu () returned 0x901af [0074.594] CreateWindowExW (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x50b008c4, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x40170, hMenu=0x1, hInstance=0xed0000, lpParam=0x0) returned 0x501fa [0074.633] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x210, wParam=0x10001, lParam=0x501fa) returned 0x0 [0074.633] ShowWindow (hWnd=0x40170, nCmdShow=0) returned 0 [0074.633] ShowWindow (hWnd=0x40170, nCmdShow=0) returned 0 [0074.633] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 1 [0074.634] TranslateMessage (lpMsg=0x140fbfc) returned 0 [0074.634] DispatchMessageW (lpMsg=0x140fbfc) returned 0x0 [0074.634] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0074.634] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.635] CharUpperBuffW (in: lpsz="LKADBTCYHIWALTZVNIFW", cchLength=0x14 | out: lpsz="LKADBTCYHIWALTZVNIFW") returned 0x14 [0074.635] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.637] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.637] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.637] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.638] CharUpperBuffW (in: lpsz="StringLen", cchLength=0x9 | out: lpsz="STRINGLEN") returned 0x9 [0074.638] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.638] CharUpperBuffW (in: lpsz="XYALIYPQJNOTP_CGIHVB", cchLength=0x14 | out: lpsz="XYALIYPQJNOTP_CGIHVB") returned 0x14 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.639] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] CharUpperBuffW (in: lpsz="StringInStr", cchLength=0xb | out: lpsz="STRINGINSTR") returned 0xb [0074.640] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.640] CharUpperBuffW (in: lpsz="UGBNVPMLSDZQZCLXLBLY", cchLength=0x14 | out: lpsz="UGBNVPMLSDZQZCLXLBLY") returned 0x14 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.640] CharUpperBuffW (in: lpsz="Sleep", cchLength=0x5 | out: lpsz="SLEEP") returned 0x5 [0074.640] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.640] CharUpperBuffW (in: lpsz="FZHUNAAU_RJHWUDBMCLE", cchLength=0x14 | out: lpsz="FZHUNAAU_RJHWUDBMCLE") returned 0x14 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.641] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] CharUpperBuffW (in: lpsz="ShellExecute", cchLength=0xc | out: lpsz="SHELLEXECUTE") returned 0xc [0074.642] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.642] CharUpperBuffW (in: lpsz="SVMRV_UDWMUDVMT_TRUX", cchLength=0x14 | out: lpsz="SVMRV_UDWMUDVMT_TRUX") returned 0x14 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.642] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] CharUpperBuffW (in: lpsz="RegWrite", cchLength=0x8 | out: lpsz="REGWRITE") returned 0x8 [0074.643] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.643] CharUpperBuffW (in: lpsz="RHFTFB_HKNNWKVYSVMPG", cchLength=0x14 | out: lpsz="RHFTFB_HKNNWKVYSVMPG") returned 0x14 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.643] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] CharUpperBuffW (in: lpsz="RegRead", cchLength=0x7 | out: lpsz="REGREAD") returned 0x7 [0074.644] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.644] CharUpperBuffW (in: lpsz="JMGJNLYKLCIGAQWWLYLR", cchLength=0x14 | out: lpsz="JMGJNLYKLCIGAQWWLYLR") returned 0x14 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.644] CharUpperBuffW (in: lpsz="ObjGet", cchLength=0x6 | out: lpsz="OBJGET") returned 0x6 [0074.645] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.645] CharUpperBuffW (in: lpsz="JSFZUAROAJRFIRAZPBHM", cchLength=0x14 | out: lpsz="JSFZUAROAJRFIRAZPBHM") returned 0x14 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.645] CharUpperBuffW (in: lpsz="MsgBox", cchLength=0x6 | out: lpsz="MSGBOX") returned 0x6 [0074.645] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.645] CharUpperBuffW (in: lpsz="VNSCZMRGRURCYWWGKSEW", cchLength=0x14 | out: lpsz="VNSCZMRGRURCYWWGKSEW") returned 0x14 [0074.645] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.646] CharUpperBuffW (in: lpsz="IsAdmin", cchLength=0x7 | out: lpsz="ISADMIN") returned 0x7 [0074.646] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.646] CharUpperBuffW (in: lpsz="_KULEKNCTKOQZRDBYBXI", cchLength=0x14 | out: lpsz="_KULEKNCTKOQZRDBYBXI") returned 0x14 [0074.646] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.647] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.654] CharUpperBuffW (in: lpsz="InetGet", cchLength=0x7 | out: lpsz="INETGET") returned 0x7 [0074.655] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.655] CharUpperBuffW (in: lpsz="PIEHVSKGSDSKMKZEEQHV", cchLength=0x14 | out: lpsz="PIEHVSKGSDSKMKZEEQHV") returned 0x14 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.655] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] CharUpperBuffW (in: lpsz="FileWrite", cchLength=0x9 | out: lpsz="FILEWRITE") returned 0x9 [0074.656] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.656] CharUpperBuffW (in: lpsz="EBRX_JJPQSHQCSRZZDED", cchLength=0x14 | out: lpsz="EBRX_JJPQSHQCSRZZDED") returned 0x14 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.656] CharUpperBuffW (in: lpsz="FileSetAttrib", cchLength=0xd | out: lpsz="FILESETATTRIB") returned 0xd [0074.657] CharUpperBuffW (in: lpsz="HLJBYMKVNIXVASQOKYQY", cchLength=0x14 | out: lpsz="HLJBYMKVNIXVASQOKYQY") returned 0x14 [0074.657] CharUpperBuffW (in: lpsz="FileRead", cchLength=0x8 | out: lpsz="FILEREAD") returned 0x8 [0074.657] CharUpperBuffW (in: lpsz="BLPKNZWKPZBOYACIPQWR", cchLength=0x14 | out: lpsz="BLPKNZWKPZBOYACIPQWR") returned 0x14 [0074.673] CharUpperBuffW (in: lpsz="FileExists", cchLength=0xa | out: lpsz="FILEEXISTS") returned 0xa [0074.680] CharUpperBuffW (in: lpsz="CXGHNHWQAA_SCPGLWOGX", cchLength=0x14 | out: lpsz="CXGHNHWQAA_SCPGLWOGX") returned 0x14 [0074.680] CharUpperBuffW (in: lpsz="FileDelete", cchLength=0xa | out: lpsz="FILEDELETE") returned 0xa [0074.680] CharUpperBuffW (in: lpsz="EDNVGWFPVNYYFYCSQTLJ", cchLength=0x14 | out: lpsz="EDNVGWFPVNYYFYCSQTLJ") returned 0x14 [0074.680] CharUpperBuffW (in: lpsz="FileCopy", cchLength=0x8 | out: lpsz="FILECOPY") returned 0x8 [0074.680] CharUpperBuffW (in: lpsz="ALICSNSFWYIVDQIWHQCR", cchLength=0x14 | out: lpsz="ALICSNSFWYIVDQIWHQCR") returned 0x14 [0074.681] CharUpperBuffW (in: lpsz="DriveGetDrive", cchLength=0xd | out: lpsz="DRIVEGETDRIVE") returned 0xd [0074.681] CharUpperBuffW (in: lpsz="LDWIHRRUKSONYQQELUJJ", cchLength=0x14 | out: lpsz="LDWIHRRUKSONYQQELUJJ") returned 0x14 [0074.681] CharUpperBuffW (in: lpsz="DllStructSetData", cchLength=0x10 | out: lpsz="DLLSTRUCTSETDATA") returned 0x10 [0074.681] CharUpperBuffW (in: lpsz="SOLSLNWNEINZBBAIEJJJ", cchLength=0x14 | out: lpsz="SOLSLNWNEINZBBAIEJJJ") returned 0x14 [0074.682] CharUpperBuffW (in: lpsz="DllStructGetSize", cchLength=0x10 | out: lpsz="DLLSTRUCTGETSIZE") returned 0x10 [0074.682] CharUpperBuffW (in: lpsz="HJENLEDQFJZKNSJVZO_J", cchLength=0x14 | out: lpsz="HJENLEDQFJZKNSJVZO_J") returned 0x14 [0074.682] CharUpperBuffW (in: lpsz="DllStructGetPtr", cchLength=0xf | out: lpsz="DLLSTRUCTGETPTR") returned 0xf [0074.682] CharUpperBuffW (in: lpsz="UBFLEICZYYDJZUZVMFLM", cchLength=0x14 | out: lpsz="UBFLEICZYYDJZUZVMFLM") returned 0x14 [0074.687] CharUpperBuffW (in: lpsz="DllStructGetData", cchLength=0x10 | out: lpsz="DLLSTRUCTGETDATA") returned 0x10 [0074.687] CharUpperBuffW (in: lpsz="UTHOHFBITGK_IXLCLBKS", cchLength=0x14 | out: lpsz="UTHOHFBITGK_IXLCLBKS") returned 0x14 [0074.687] CharUpperBuffW (in: lpsz="DllStructCreate", cchLength=0xf | out: lpsz="DLLSTRUCTCREATE") returned 0xf [0074.687] CharUpperBuffW (in: lpsz="VZQFAWEYSMVGBKARHEFF", cchLength=0x14 | out: lpsz="VZQFAWEYSMVGBKARHEFF") returned 0x14 [0074.687] CharUpperBuffW (in: lpsz="DllOpen", cchLength=0x7 | out: lpsz="DLLOPEN") returned 0x7 [0074.687] CharUpperBuffW (in: lpsz="XIFTR_QFNRHPTNSLNOMR", cchLength=0x14 | out: lpsz="XIFTR_QFNRHPTNSLNOMR") returned 0x14 [0074.703] CharUpperBuffW (in: lpsz="DllClose", cchLength=0x8 | out: lpsz="DLLCLOSE") returned 0x8 [0074.703] CharUpperBuffW (in: lpsz="YLBWXYRLUHRKP_HLLZMI", cchLength=0x14 | out: lpsz="YLBWXYRLUHRKP_HLLZMI") returned 0x14 [0074.704] CharUpperBuffW (in: lpsz="DllCallAddress", cchLength=0xe | out: lpsz="DLLCALLADDRESS") returned 0xe [0074.704] CharUpperBuffW (in: lpsz="PWUJWERSHOJAKYTYCTIQ", cchLength=0x14 | out: lpsz="PWUJWERSHOJAKYTYCTIQ") returned 0x14 [0074.704] CharUpperBuffW (in: lpsz="DllCall", cchLength=0x7 | out: lpsz="DLLCALL") returned 0x7 [0074.704] CharUpperBuffW (in: lpsz="KTOYVBHKJRWS_ADYRKPM", cchLength=0x14 | out: lpsz="KTOYVBHKJRWS_ADYRKPM") returned 0x14 [0074.704] CharUpperBuffW (in: lpsz="DirCreate", cchLength=0x9 | out: lpsz="DIRCREATE") returned 0x9 [0074.704] CharUpperBuffW (in: lpsz="ULXNFJIRSXYWMYJUENKQ", cchLength=0x14 | out: lpsz="ULXNFJIRSXYWMYJUENKQ") returned 0x14 [0074.707] CharUpperBuffW (in: lpsz="BinaryMid", cchLength=0x9 | out: lpsz="BINARYMID") returned 0x9 [0074.707] CharUpperBuffW (in: lpsz="XUALVRUYFGOHDUDYVWKI", cchLength=0x14 | out: lpsz="XUALVRUYFGOHDUDYVWKI") returned 0x14 [0074.707] CharUpperBuffW (in: lpsz="BinaryLen", cchLength=0x9 | out: lpsz="BINARYLEN") returned 0x9 [0074.708] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x13ff1d8, nSize=0x7fff | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0074.708] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", nBufferLength=0x7fff, lpBuffer=0x13ef1c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpFilePart=0x0) returned 0x28 [0074.708] CharUpperBuffW (in: lpsz="TINIZKZMXWBTFDSHWEML", cchLength=0x14 | out: lpsz="TINIZKZMXWBTFDSHWEML") returned 0x14 [0074.709] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe:Zone.Identifier", nBufferLength=0x7fff, lpBuffer=0x13ff408, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe:Zone.Identifier", lpFilePart=0x0) returned 0x38 [0074.709] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe:Zone.Identifier" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe:zone.identifier")) returned 0xffffffff [0074.709] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe:Zone.Identifier", lpFindFileData=0x140f450 | out: lpFindFileData=0x140f450) returned 0xffffffff [0074.710] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0074.710] CharUpperBuffW (in: lpsz="CULQTAPFGJAAWQUTFKVEMWQBTZDO", cchLength=0x1c | out: lpsz="CULQTAPFGJAAWQUTFKVEMWQBTZDO") returned 0x1c [0074.710] CharUpperBuffW (in: lpsz="MUKQHYEHTAIPDSMPPY", cchLength=0x12 | out: lpsz="MUKQHYEHTAIPDSMPPY") returned 0x12 [0074.710] CharUpperBuffW (in: lpsz="KRAIIYTKCOOZLXODRVZMFWGDJ", cchLength=0x19 | out: lpsz="KRAIIYTKCOOZLXODRVZMFWGDJ") returned 0x19 [0074.710] CharUpperBuffW (in: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW", cchLength=0x19 | out: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW") returned 0x19 [0074.710] CharUpperBuffW (in: lpsz="CASUESGNAMQQZKLQGCUVPMAYIAD", cchLength=0x1b | out: lpsz="CASUESGNAMQQZKLQGCUVPMAYIAD") returned 0x1b [0074.710] CharUpperBuffW (in: lpsz="FJNXDPTXMJCTJCGZLJCEUCTTAG", cchLength=0x1a | out: lpsz="FJNXDPTXMJCTJCGZLJCEUCTTAG") returned 0x1a [0074.710] CharUpperBuffW (in: lpsz="DSPUXAVVVUTJCXQX", cchLength=0x10 | out: lpsz="DSPUXAVVVUTJCXQX") returned 0x10 [0074.710] CharUpperBuffW (in: lpsz="DECDATA", cchLength=0x7 | out: lpsz="DECDATA") returned 0x7 [0074.710] CharUpperBuffW (in: lpsz="SYURKNWEZVCDJIFS", cchLength=0x10 | out: lpsz="SYURKNWEZVCDJIFS") returned 0x10 [0074.710] CharUpperBuffW (in: lpsz="CCUTFABTLRNMPKDXXBVNGH", cchLength=0x16 | out: lpsz="CCUTFABTLRNMPKDXXBVNGH") returned 0x16 [0074.710] CharUpperBuffW (in: lpsz="RSTGJYBBVDLDRQVPMQURGU", cchLength=0x16 | out: lpsz="RSTGJYBBVDLDRQVPMQURGU") returned 0x16 [0074.710] CharUpperBuffW (in: lpsz="NQAVEYZBZJEXPTPYRFTKO", cchLength=0x15 | out: lpsz="NQAVEYZBZJEXPTPYRFTKO") returned 0x15 [0074.711] CharUpperBuffW (in: lpsz="LIHDRORCFYSMCCH", cchLength=0xf | out: lpsz="LIHDRORCFYSMCCH") returned 0xf [0074.711] CharUpperBuffW (in: lpsz="BVQFWKTUNGGWAIV", cchLength=0xf | out: lpsz="BVQFWKTUNGGWAIV") returned 0xf [0074.711] CharUpperBuffW (in: lpsz="IPLOLDGSXJLHGCORJ", cchLength=0x11 | out: lpsz="IPLOLDGSXJLHGCORJ") returned 0x11 [0074.711] CharUpperBuffW (in: lpsz="LKADBTCYHIWALTZVNIFW", cchLength=0x14 | out: lpsz="LKADBTCYHIWALTZVNIFW") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="XYALIYPQJNOTP_CGIHVB", cchLength=0x14 | out: lpsz="XYALIYPQJNOTP_CGIHVB") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="UGBNVPMLSDZQZCLXLBLY", cchLength=0x14 | out: lpsz="UGBNVPMLSDZQZCLXLBLY") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="FZHUNAAU_RJHWUDBMCLE", cchLength=0x14 | out: lpsz="FZHUNAAU_RJHWUDBMCLE") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="SVMRV_UDWMUDVMT_TRUX", cchLength=0x14 | out: lpsz="SVMRV_UDWMUDVMT_TRUX") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="RHFTFB_HKNNWKVYSVMPG", cchLength=0x14 | out: lpsz="RHFTFB_HKNNWKVYSVMPG") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="JMGJNLYKLCIGAQWWLYLR", cchLength=0x14 | out: lpsz="JMGJNLYKLCIGAQWWLYLR") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="JSFZUAROAJRFIRAZPBHM", cchLength=0x14 | out: lpsz="JSFZUAROAJRFIRAZPBHM") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="VNSCZMRGRURCYWWGKSEW", cchLength=0x14 | out: lpsz="VNSCZMRGRURCYWWGKSEW") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="_KULEKNCTKOQZRDBYBXI", cchLength=0x14 | out: lpsz="_KULEKNCTKOQZRDBYBXI") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="PIEHVSKGSDSKMKZEEQHV", cchLength=0x14 | out: lpsz="PIEHVSKGSDSKMKZEEQHV") returned 0x14 [0074.711] CharUpperBuffW (in: lpsz="EBRX_JJPQSHQCSRZZDED", cchLength=0x14 | out: lpsz="EBRX_JJPQSHQCSRZZDED") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="HLJBYMKVNIXVASQOKYQY", cchLength=0x14 | out: lpsz="HLJBYMKVNIXVASQOKYQY") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="BLPKNZWKPZBOYACIPQWR", cchLength=0x14 | out: lpsz="BLPKNZWKPZBOYACIPQWR") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="CXGHNHWQAA_SCPGLWOGX", cchLength=0x14 | out: lpsz="CXGHNHWQAA_SCPGLWOGX") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="EDNVGWFPVNYYFYCSQTLJ", cchLength=0x14 | out: lpsz="EDNVGWFPVNYYFYCSQTLJ") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="ALICSNSFWYIVDQIWHQCR", cchLength=0x14 | out: lpsz="ALICSNSFWYIVDQIWHQCR") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="LDWIHRRUKSONYQQELUJJ", cchLength=0x14 | out: lpsz="LDWIHRRUKSONYQQELUJJ") returned 0x14 [0074.712] CharUpperBuffW (in: lpsz="SOLSLNWNEINZBBAIEJJJ", cchLength=0x14 | out: lpsz="SOLSLNWNEINZBBAIEJJJ") returned 0x14 [0074.716] CharUpperBuffW (in: lpsz="HJENLEDQFJZKNSJVZO_J", cchLength=0x14 | out: lpsz="HJENLEDQFJZKNSJVZO_J") returned 0x14 [0074.716] CharUpperBuffW (in: lpsz="UBFLEICZYYDJZUZVMFLM", cchLength=0x14 | out: lpsz="UBFLEICZYYDJZUZVMFLM") returned 0x14 [0074.716] CharUpperBuffW (in: lpsz="UTHOHFBITGK_IXLCLBKS", cchLength=0x14 | out: lpsz="UTHOHFBITGK_IXLCLBKS") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="VZQFAWEYSMVGBKARHEFF", cchLength=0x14 | out: lpsz="VZQFAWEYSMVGBKARHEFF") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="XIFTR_QFNRHPTNSLNOMR", cchLength=0x14 | out: lpsz="XIFTR_QFNRHPTNSLNOMR") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="YLBWXYRLUHRKP_HLLZMI", cchLength=0x14 | out: lpsz="YLBWXYRLUHRKP_HLLZMI") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="PWUJWERSHOJAKYTYCTIQ", cchLength=0x14 | out: lpsz="PWUJWERSHOJAKYTYCTIQ") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="KTOYVBHKJRWS_ADYRKPM", cchLength=0x14 | out: lpsz="KTOYVBHKJRWS_ADYRKPM") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="ULXNFJIRSXYWMYJUENKQ", cchLength=0x14 | out: lpsz="ULXNFJIRSXYWMYJUENKQ") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="XUALVRUYFGOHDUDYVWKI", cchLength=0x14 | out: lpsz="XUALVRUYFGOHDUDYVWKI") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="TINIZKZMXWBTFDSHWEML", cchLength=0x14 | out: lpsz="TINIZKZMXWBTFDSHWEML") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="_CSSPRFEVFLCOQPHHYGU", cchLength=0x14 | out: lpsz="_CSSPRFEVFLCOQPHHYGU") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="NGSLUOYFIMWUBBMZBH_W", cchLength=0x14 | out: lpsz="NGSLUOYFIMWUBBMZBH_W") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="OVACOHOOXARLXEQZPHCZ", cchLength=0x14 | out: lpsz="OVACOHOOXARLXEQZPHCZ") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="KQYVXGPV_HFXAPVUEWAP", cchLength=0x14 | out: lpsz="KQYVXGPV_HFXAPVUEWAP") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="WRQVJPEZVPIXHTUAQCXN", cchLength=0x14 | out: lpsz="WRQVJPEZVPIXHTUAQCXN") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0074.717] CharUpperBuffW (in: lpsz="WKZBX_RDHBJHOTGDPFTA", cchLength=0x14 | out: lpsz="WKZBX_RDHBJHOTGDPFTA") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="TLXGGZYRXUGQMMNRNNOO", cchLength=0x14 | out: lpsz="TLXGGZYRXUGQMMNRNNOO") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="VWMQRWKSQLZGIIVMGEVX", cchLength=0x14 | out: lpsz="VWMQRWKSQLZGIIVMGEVX") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="KCAASFGRSLF_NYV_NBIC", cchLength=0x14 | out: lpsz="KCAASFGRSLF_NYV_NBIC") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="KPRVYNXIUSVYEPQTTIUY", cchLength=0x14 | out: lpsz="KPRVYNXIUSVYEPQTTIUY") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="CYKQXYMAJZIKQWUKGLBJ", cchLength=0x14 | out: lpsz="CYKQXYMAJZIKQWUKGLBJ") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="DVBIXQ_FBGBJYJQDNQSS", cchLength=0x14 | out: lpsz="DVBIXQ_FBGBJYJQDNQSS") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="H_LYGEYZPMQAEUGEOGJD", cchLength=0x14 | out: lpsz="H_LYGEYZPMQAEUGEOGJD") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="QGNCGEOQQMMYCNVGEDKT", cchLength=0x14 | out: lpsz="QGNCGEOQQMMYCNVGEDKT") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="RAIFMLFDWNPXASFVCIJL", cchLength=0x14 | out: lpsz="RAIFMLFDWNPXASFVCIJL") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="QPEDF_GTZPGUDSADHZYM", cchLength=0x14 | out: lpsz="QPEDF_GTZPGUDSADHZYM") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="YAOVPOWKEYYB_XAMHTSR", cchLength=0x14 | out: lpsz="YAOVPOWKEYYB_XAMHTSR") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="PRJCGCPUXUAWTCJASZDV", cchLength=0x14 | out: lpsz="PRJCGCPUXUAWTCJASZDV") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="LMKTQDPYQAWNHOBKLSPD", cchLength=0x14 | out: lpsz="LMKTQDPYQAWNHOBKLSPD") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="KBDAWXANAYMENLXTBHYH", cchLength=0x14 | out: lpsz="KBDAWXANAYMENLXTBHYH") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="ZXZROTSXAHLYQONZOSFQ", cchLength=0x14 | out: lpsz="ZXZROTSXAHLYQONZOSFQ") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="DRCRGHL_UNGXW_DJNIWD", cchLength=0x14 | out: lpsz="DRCRGHL_UNGXW_DJNIWD") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="IQAEUFHRNGYTGLLFYOEP", cchLength=0x14 | out: lpsz="IQAEUFHRNGYTGLLFYOEP") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="EYFXVEJITGJOKOEHRQUX", cchLength=0x14 | out: lpsz="EYFXVEJITGJOKOEHRQUX") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="ADLEGKOTZKQAMWSCHNBE", cchLength=0x14 | out: lpsz="ADLEGKOTZKQAMWSCHNBE") returned 0x14 [0074.718] CharUpperBuffW (in: lpsz="VDWNBGSLTDFAOFXVATXQ", cchLength=0x14 | out: lpsz="VDWNBGSLTDFAOFXVATXQ") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="VFAZUOFXOKNOJOIXGXMX", cchLength=0x14 | out: lpsz="VFAZUOFXOKNOJOIXGXMX") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="DZAABHGKMJRRKSWIZKMO", cchLength=0x14 | out: lpsz="DZAABHGKMJRRKSWIZKMO") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="LKHBBGWOWJGXSQGTHJTE", cchLength=0x14 | out: lpsz="LKHBBGWOWJGXSQGTHJTE") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="SRRJZSECBBCSSWOGGRQW", cchLength=0x14 | out: lpsz="SRRJZSECBBCSSWOGGRQW") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="__BVDGVYIOLSNUXVDNDW", cchLength=0x14 | out: lpsz="__BVDGVYIOLSNUXVDNDW") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="MWKQBSABXTRGDQMR_ZFX", cchLength=0x14 | out: lpsz="MWKQBSABXTRGDQMR_ZFX") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="GSSHULABEGSZWLCXUHSU", cchLength=0x14 | out: lpsz="GSSHULABEGSZWLCXUHSU") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="NELKGUBTCZVHBQOGTIAS", cchLength=0x14 | out: lpsz="NELKGUBTCZVHBQOGTIAS") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="UGAS_CRKTYSEJDLNQCLI", cchLength=0x14 | out: lpsz="UGAS_CRKTYSEJDLNQCLI") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="DEFLJIDQKTBQQNUYWIPH", cchLength=0x14 | out: lpsz="DEFLJIDQKTBQQNUYWIPH") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="QIMOEZQLAMKUJPVLLFNB", cchLength=0x14 | out: lpsz="QIMOEZQLAMKUJPVLLFNB") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="ZIPWTCTFEVGMTGFRBQKE", cchLength=0x14 | out: lpsz="ZIPWTCTFEVGMTGFRBQKE") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="SJBNKKFEJUJHYSDDUALQ", cchLength=0x14 | out: lpsz="SJBNKKFEJUJHYSDDUALQ") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="ZKCAABKVU_KZFBRVUJMC", cchLength=0x14 | out: lpsz="ZKCAABKVU_KZFBRVUJMC") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="BZWRNIVJXUZXKPAWIBBP", cchLength=0x14 | out: lpsz="BZWRNIVJXUZXKPAWIBBP") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="CELLZRAKURVALWKTKKGT", cchLength=0x14 | out: lpsz="CELLZRAKURVALWKTKKGT") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="AWLBODDKVEIPWBCPNYQS", cchLength=0x14 | out: lpsz="AWLBODDKVEIPWBCPNYQS") returned 0x14 [0074.719] CharUpperBuffW (in: lpsz="ONUHBJX_FQMJHPCMXQUP", cchLength=0x14 | out: lpsz="ONUHBJX_FQMJHPCMXQUP") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="FXTVGINBESGGVHUBHAIA", cchLength=0x14 | out: lpsz="FXTVGINBESGGVHUBHAIA") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="YMTKQXZNOTHKQXYPTVHF", cchLength=0x14 | out: lpsz="YMTKQXZNOTHKQXYPTVHF") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="OLGAUG_AAMAVBDSNSMTX", cchLength=0x14 | out: lpsz="OLGAUG_AAMAVBDSNSMTX") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="BSKXQZHUTMKJTTCBMAUQ", cchLength=0x14 | out: lpsz="BSKXQZHUTMKJTTCBMAUQ") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="FQXYDFKULNH_XGCHAXSH", cchLength=0x14 | out: lpsz="FQXYDFKULNH_XGCHAXSH") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="LLAV_SNBRGFRRVVRMBXO", cchLength=0x14 | out: lpsz="LLAV_SNBRGFRRVVRMBXO") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="QOYYVMVQESVPTQQRTHWE", cchLength=0x14 | out: lpsz="QOYYVMVQESVPTQQRTHWE") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="LAVGVQXFGQGCWZYBFUVO", cchLength=0x14 | out: lpsz="LAVGVQXFGQGCWZYBFUVO") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="FLQZMTLVVQYEYWVWSNDR", cchLength=0x14 | out: lpsz="FLQZMTLVVQYEYWVWSNDR") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="FAXWCEOS_KJKYDQ_RGJO", cchLength=0x14 | out: lpsz="FAXWCEOS_KJKYDQ_RGJO") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="TWEOZQLZIZIOUN_KWFSU", cchLength=0x14 | out: lpsz="TWEOZQLZIZIOUN_KWFSU") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="SKIFEUAESYRCZQKUQWVL", cchLength=0x14 | out: lpsz="SKIFEUAESYRCZQKUQWVL") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="C_RPOUWDLANXEBJBDYMH", cchLength=0x14 | out: lpsz="C_RPOUWDLANXEBJBDYMH") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="ITWFPFGDSPSLSMKQIXAY", cchLength=0x14 | out: lpsz="ITWFPFGDSPSLSMKQIXAY") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="UMUDBENUDDBKLRIHNGXH", cchLength=0x14 | out: lpsz="UMUDBENUDDBKLRIHNGXH") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="OQFLLLDDFRIZTFPJPDGL", cchLength=0x14 | out: lpsz="OQFLLLDDFRIZTFPJPDGL") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="DITYZYOACZIDXZOUNCIL", cchLength=0x14 | out: lpsz="DITYZYOACZIDXZOUNCIL") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="QSGBTDANNS_QANWTOZTF", cchLength=0x14 | out: lpsz="QSGBTDANNS_QANWTOZTF") returned 0x14 [0074.720] CharUpperBuffW (in: lpsz="DDMWZTPEEZLF_OFUHAKM", cchLength=0x14 | out: lpsz="DDMWZTPEEZLF_OFUHAKM") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="PUSNXDLNPPJCJMZS_CXX", cchLength=0x14 | out: lpsz="PUSNXDLNPPJCJMZS_CXX") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="XVKQUND_LOLNCSWTYCZD", cchLength=0x14 | out: lpsz="XVKQUND_LOLNCSWTYCZD") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="HPWHYTUYYFQPRGGVRHMJ", cchLength=0x14 | out: lpsz="HPWHYTUYYFQPRGGVRHMJ") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="NKRJWTXNTBMQVEDNSBWX", cchLength=0x14 | out: lpsz="NKRJWTXNTBMQVEDNSBWX") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="QJPCUKOGRHHPVHFGLWPT", cchLength=0x14 | out: lpsz="QJPCUKOGRHHPVHFGLWPT") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="JOVNXETDYMKCTLJKCKLB", cchLength=0x14 | out: lpsz="JOVNXETDYMKCTLJKCKLB") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="GHQRTRLBSRGNVKIJRKXK", cchLength=0x14 | out: lpsz="GHQRTRLBSRGNVKIJRKXK") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="XZTLSKRWFOBEDNZPVKAM", cchLength=0x14 | out: lpsz="XZTLSKRWFOBEDNZPVKAM") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="RCGTTSVIYPAFDZAUIYVQ", cchLength=0x14 | out: lpsz="RCGTTSVIYPAFDZAUIYVQ") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="UHPEUJVJUEZIEQXYSYSF", cchLength=0x14 | out: lpsz="UHPEUJVJUEZIEQXYSYSF") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="WCFWIZIQMRBTJYSTFNEJ", cchLength=0x14 | out: lpsz="WCFWIZIQMRBTJYSTFNEJ") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="BDMVMUCQGDKRUZFZFQGQ", cchLength=0x14 | out: lpsz="BDMVMUCQGDKRUZFZFQGQ") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="VXROSNZLIJSKZBYKECZN", cchLength=0x14 | out: lpsz="VXROSNZLIJSKZBYKECZN") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="UIWMCCQFJDRMBBOOXJFW", cchLength=0x14 | out: lpsz="UIWMCCQFJDRMBBOOXJFW") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="XITTQWZDHJOOZBSJCARU", cchLength=0x14 | out: lpsz="XITTQWZDHJOOZBSJCARU") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="PFGTKBXSLQPACKKNVVDP", cchLength=0x14 | out: lpsz="PFGTKBXSLQPACKKNVVDP") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="RKSJNPDSZAVIMQEEFECN", cchLength=0x14 | out: lpsz="RKSJNPDSZAVIMQEEFECN") returned 0x14 [0074.721] CharUpperBuffW (in: lpsz="IPPYUXUIVCEYKOEKTIMU", cchLength=0x14 | out: lpsz="IPPYUXUIVCEYKOEKTIMU") returned 0x14 [0074.722] CharUpperBuffW (in: lpsz="JBYBOGKZIEYLOXJHERCG", cchLength=0x14 | out: lpsz="JBYBOGKZIEYLOXJHERCG") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="LIMVUGLRNNIHXNFGBROA", cchLength=0x14 | out: lpsz="LIMVUGLRNNIHXNFGBROA") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="MWDBMRMNLRGEOGVUSXHH", cchLength=0x14 | out: lpsz="MWDBMRMNLRGEOGVUSXHH") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="VGKPCSWHJZHGUCIJZYKW", cchLength=0x14 | out: lpsz="VGKPCSWHJZHGUCIJZYKW") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="KHJEFLOWHTDMZURLBHHW", cchLength=0x14 | out: lpsz="KHJEFLOWHTDMZURLBHHW") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="LABIFMKIKUFUSUZSHVNF", cchLength=0x14 | out: lpsz="LABIFMKIKUFUSUZSHVNF") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="SIHRYHBEIJCYMJOSPRPH", cchLength=0x14 | out: lpsz="SIHRYHBEIJCYMJOSPRPH") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="HDRMFTWJDBTJ_FJXLPSL", cchLength=0x14 | out: lpsz="HDRMFTWJDBTJ_FJXLPSL") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="ZLHCJNCWPBZUHPFHXPWM", cchLength=0x14 | out: lpsz="ZLHCJNCWPBZUHPFHXPWM") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="SZHCUEBSXKCEZNFRHZQY", cchLength=0x14 | out: lpsz="SZHCUEBSXKCEZNFRHZQY") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="PRHZCJBDEHIZIXVYSQQE", cchLength=0x14 | out: lpsz="PRHZCJBDEHIZIXVYSQQE") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="KNZSBCHOOMYPFVCJHAZM", cchLength=0x14 | out: lpsz="KNZSBCHOOMYPFVCJHAZM") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="FNAILWURKGNYQZKQWAAG", cchLength=0x14 | out: lpsz="FNAILWURKGNYQZKQWAAG") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="XTQPOMQJYMMWBMBCKSHK", cchLength=0x14 | out: lpsz="XTQPOMQJYMMWBMBCKSHK") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="LEKXJAXCLQDYTHKWULHH", cchLength=0x14 | out: lpsz="LEKXJAXCLQDYTHKWULHH") returned 0x14 [0074.726] CharUpperBuffW (in: lpsz="BWADFEOCJOPDNGIPFCCV", cchLength=0x14 | out: lpsz="BWADFEOCJOPDNGIPFCCV") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="DEYLPAVMIYPLGNTXMXUF", cchLength=0x14 | out: lpsz="DEYLPAVMIYPLGNTXMXUF") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="RPCUSNFQHYHRVYTZKCHU", cchLength=0x14 | out: lpsz="RPCUSNFQHYHRVYTZKCHU") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="TOXURRXVSFXJPRYAKVAW", cchLength=0x14 | out: lpsz="TOXURRXVSFXJPRYAKVAW") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="IVYRHZH_MOUGEF_BWEWN", cchLength=0x14 | out: lpsz="IVYRHZH_MOUGEF_BWEWN") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="OWNVKKFFKDZAOEAMUSJJ", cchLength=0x14 | out: lpsz="OWNVKKFFKDZAOEAMUSJJ") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="TKCHTEJEFZJEEVZSYXWM", cchLength=0x14 | out: lpsz="TKCHTEJEFZJEEVZSYXWM") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="SQKMHKVKBWNYIKVYORTX", cchLength=0x14 | out: lpsz="SQKMHKVKBWNYIKVYORTX") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="LSNAHUWHYFRLXNSMOZHK", cchLength=0x14 | out: lpsz="LSNAHUWHYFRLXNSMOZHK") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="XKZZHNKQRHSOCTSDNALN", cchLength=0x14 | out: lpsz="XKZZHNKQRHSOCTSDNALN") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="JPRZYKZWYKBQSWAJADDK", cchLength=0x14 | out: lpsz="JPRZYKZWYKBQSWAJADDK") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="DVULHMFDYCFTYYUKCHKO", cchLength=0x14 | out: lpsz="DVULHMFDYCFTYYUKCHKO") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="LSDYQEEKTKAVTXYGDLPE", cchLength=0x14 | out: lpsz="LSDYQEEKTKAVTXYGDLPE") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="WPWOPHXKHOTUUFFETAUL", cchLength=0x14 | out: lpsz="WPWOPHXKHOTUUFFETAUL") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="ITJEBW_KUKIGFRJHRFRQ", cchLength=0x14 | out: lpsz="ITJEBW_KUKIGFRJHRFRQ") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="ZDYUVUEBEPHHTRJJDMHV", cchLength=0x14 | out: lpsz="ZDYUVUEBEPHHTRJJDMHV") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="PUDIWMCMAOHASZWFWHUO", cchLength=0x14 | out: lpsz="PUDIWMCMAOHASZWFWHUO") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="OULXOKORBEPHSUWWZSSD", cchLength=0x14 | out: lpsz="OULXOKORBEPHSUWWZSSD") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="OBVGJXECTDKCOAVFINBE", cchLength=0x14 | out: lpsz="OBVGJXECTDKCOAVFINBE") returned 0x14 [0074.727] CharUpperBuffW (in: lpsz="VCUQIRTZTFQYUIHZQ_ZQ", cchLength=0x14 | out: lpsz="VCUQIRTZTFQYUIHZQ_ZQ") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="VCDTDFGNNNRV_IOGQLOW", cchLength=0x14 | out: lpsz="VCDTDFGNNNRV_IOGQLOW") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="FKYHLSTE_YZ_SYOSBXJA", cchLength=0x14 | out: lpsz="FKYHLSTE_YZ_SYOSBXJA") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="XTU_MNHMNMOSARZNPBYW", cchLength=0x14 | out: lpsz="XTU_MNHMNMOSARZNPBYW") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="HTPOPVOPGUBJZTSIAHBE", cchLength=0x14 | out: lpsz="HTPOPVOPGUBJZTSIAHBE") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="GFTXNICECJIULVWFRFNY", cchLength=0x14 | out: lpsz="GFTXNICECJIULVWFRFNY") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="CRPPQNCEZBHGIJZXOUHK", cchLength=0x14 | out: lpsz="CRPPQNCEZBHGIJZXOUHK") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="HFD_PPEYGZGWODHGGEET", cchLength=0x14 | out: lpsz="HFD_PPEYGZGWODHGGEET") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="NNEYJGOGZYUPELRXTEXG", cchLength=0x14 | out: lpsz="NNEYJGOGZYUPELRXTEXG") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="WDBAFVEZOSLYTZHHSRGD", cchLength=0x14 | out: lpsz="WDBAFVEZOSLYTZHHSRGD") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="MEAAVZHABWRSHQQGOZKA", cchLength=0x14 | out: lpsz="MEAAVZHABWRSHQQGOZKA") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="RKHQTDK_WPOHUZLTVFMK", cchLength=0x14 | out: lpsz="RKHQTDK_WPOHUZLTVFMK") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="_VLLMBSNIBMCRUXRSCUX", cchLength=0x14 | out: lpsz="_VLLMBSNIBMCRUXRSCUX") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="ISADYLKKPXUPXARQNXBP", cchLength=0x14 | out: lpsz="ISADYLKKPXUPXARQNXBP") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="CVNLVR_DFDLSDFAPCLFU", cchLength=0x14 | out: lpsz="CVNLVR_DFDLSDFAPCLFU") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="OHXKKWHTXOZEJTNOCEBB", cchLength=0x14 | out: lpsz="OHXKKWHTXOZEJTNOCEBB") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="SGWARWGADNHLJKRYWELA", cchLength=0x14 | out: lpsz="SGWARWGADNHLJKRYWELA") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="OJJUPUCKHOMLTUJFOFZO", cchLength=0x14 | out: lpsz="OJJUPUCKHOMLTUJFOFZO") returned 0x14 [0074.728] CharUpperBuffW (in: lpsz="FSFZQERZNUYCYJWCIFLY", cchLength=0x14 | out: lpsz="FSFZQERZNUYCYJWCIFLY") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="WZMFFPCLCOHMNTQEIXGC", cchLength=0x14 | out: lpsz="WZMFFPCLCOHMNTQEIXGC") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="HDHIEQUDWQVBNLSHSHRX", cchLength=0x14 | out: lpsz="HDHIEQUDWQVBNLSHSHRX") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="ZXNFKSHKIOPXSQZBPEPK", cchLength=0x14 | out: lpsz="ZXNFKSHKIOPXSQZBPEPK") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="IRCCVHAXFWQSUGJMSWDK", cchLength=0x14 | out: lpsz="IRCCVHAXFWQSUGJMSWDK") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="GJHDYFSSYZMGFEEFOMRN", cchLength=0x14 | out: lpsz="GJHDYFSSYZMGFEEFOMRN") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="BIDOJEBGHCYETYYJGYNO", cchLength=0x14 | out: lpsz="BIDOJEBGHCYETYYJGYNO") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="EYRTITKXAS_NMZLEDUFW", cchLength=0x14 | out: lpsz="EYRTITKXAS_NMZLEDUFW") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="MDVFSJKDBBJALWZOUHAI", cchLength=0x14 | out: lpsz="MDVFSJKDBBJALWZOUHAI") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="OKESWZID_VMECMMRSBTR", cchLength=0x14 | out: lpsz="OKESWZID_VMECMMRSBTR") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="GMWANQJDNSCJBVHDFAOV", cchLength=0x14 | out: lpsz="GMWANQJDNSCJBVHDFAOV") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="PQRBWHIZFIQSVMNU_JDZ", cchLength=0x14 | out: lpsz="PQRBWHIZFIQSVMNU_JDZ") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="VNCOZIFXWXRGKPZBBQJL", cchLength=0x14 | out: lpsz="VNCOZIFXWXRGKPZBBQJL") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="YODCYMLMBCEOGXXGRJUO", cchLength=0x14 | out: lpsz="YODCYMLMBCEOGXXGRJUO") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="HTONKTGQHKXYYYEYDYII", cchLength=0x14 | out: lpsz="HTONKTGQHKXYYYEYDYII") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="QHY_VEKLRNXMTKPXUZBG", cchLength=0x14 | out: lpsz="QHY_VEKLRNXMTKPXUZBG") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="WARQ_OHIFYVLQUQFURMT", cchLength=0x14 | out: lpsz="WARQ_OHIFYVLQUQFURMT") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="_FED_JCJDPAEOFIMFHNX", cchLength=0x14 | out: lpsz="_FED_JCJDPAEOFIMFHNX") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="T_AABNHFHB_TJABYGPLZ", cchLength=0x14 | out: lpsz="T_AABNHFHB_TJABYGPLZ") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="XDBKJQXPRDTBRLBPRGQV", cchLength=0x14 | out: lpsz="XDBKJQXPRDTBRLBPRGQV") returned 0x14 [0074.729] CharUpperBuffW (in: lpsz="TW__KSEZODHPOLPGNLFJ", cchLength=0x14 | out: lpsz="TW__KSEZODHPOLPGNLFJ") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="KXYJGKGLGKHPVNTMLFIK", cchLength=0x14 | out: lpsz="KXYJGKGLGKHPVNTMLFIK") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="SAGS_YFDQJYEQAPHYLCG", cchLength=0x14 | out: lpsz="SAGS_YFDQJYEQAPHYLCG") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="DZZJMWFLZYIWBVNBMVZE", cchLength=0x14 | out: lpsz="DZZJMWFLZYIWBVNBMVZE") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="RCIJDGN_XLXDMZRDWSMX", cchLength=0x14 | out: lpsz="RCIJDGN_XLXDMZRDWSMX") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="QOQQJFLFNFGSFYSDVDDB", cchLength=0x14 | out: lpsz="QOQQJFLFNFGSFYSDVDDB") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="CIDJOLQMLUZPCFYMYKCA", cchLength=0x14 | out: lpsz="CIDJOLQMLUZPCFYMYKCA") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="PKZMZRMKPHMWTFXIKP_X", cchLength=0x14 | out: lpsz="PKZMZRMKPHMWTFXIKP_X") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="CTQWCRMIZPFLPOKVKTCD", cchLength=0x14 | out: lpsz="CTQWCRMIZPFLPOKVKTCD") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="FWQLBVSNPAQPGVVHAPMU", cchLength=0x14 | out: lpsz="FWQLBVSNPAQPGVVHAPMU") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="PPNHWGKBCCZHAWBLAJGN", cchLength=0x14 | out: lpsz="PPNHWGKBCCZHAWBLAJGN") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="DTJCFUNUJH_IQSIOGOQJ", cchLength=0x14 | out: lpsz="DTJCFUNUJH_IQSIOGOQJ") returned 0x14 [0074.730] CharUpperBuffW (in: lpsz="APYZVQUPRWRVODOGECJS", cchLength=0x14 | out: lpsz="APYZVQUPRWRVODOGECJS") returned 0x14 [0074.738] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateMutexW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateMutexW", cchWideChar=13, lpMultiByteStr=0x3f34de8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateMutexW", lpUsedDefaultChar=0x0) returned 13 [0074.739] GetProcAddress (hModule=0x75260000, lpProcName="CreateMutexW") returned 0x75285fe0 [0074.739] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="{ergvvsvfxlybedyahvxbrbqcraka}") returned 0x1f0 [0074.739] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.739] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0074.739] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.739] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.740] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.742] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.743] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0074.744] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetLastError", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetLastError", cchWideChar=13, lpMultiByteStr=0x3f35388, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetLastError", lpUsedDefaultChar=0x0) returned 13 [0074.745] GetProcAddress (hModule=0x75260000, lpProcName="GetLastError") returned 0x75272db0 [0074.745] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.745] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.745] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.746] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.787] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.788] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.847] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.848] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.849] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.850] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.850] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.850] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.850] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0074.850] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x3f35358, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindResourceW", lpUsedDefaultChar=0x0) returned 14 [0074.850] GetProcAddress (hModule=0x75260000, lpProcName="FindResourceW") returned 0x75283a50 [0074.850] FindResourceW (hModule=0x0, lpName="PasswordOnWakeSettingFlyout1", lpType=0xa) returned 0xf973a0 [0074.850] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.850] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.850] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.850] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.850] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.851] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.852] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.852] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0074.852] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.852] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.852] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.852] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.852] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.889] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] CharUpperBuffW (in: lpsz="XCNGMGEAGHSUDDARJDYP", cchLength=0x14 | out: lpsz="XCNGMGEAGHSUDDARJDYP") returned 0x14 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.890] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.891] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.891] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.891] CharLowerBuffW (in: lpsz="dword", cchLength=0x5 | out: lpsz="dword") returned 0x5 [0074.891] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0074.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x3f34f50, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SizeofResource", lpUsedDefaultChar=0x0) returned 15 [0074.891] GetProcAddress (hModule=0x75260000, lpProcName="SizeofResource") returned 0x75278cb0 [0074.891] SizeofResource (hModule=0x0, hResInfo=0xf973a0) returned 0x18b09 [0074.892] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.892] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.892] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.892] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.893] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] CharUpperBuffW (in: lpsz="CTP_INOGFOQ_WWYF_Z_W", cchLength=0x14 | out: lpsz="CTP_INOGFOQ_WWYF_Z_W") returned 0x14 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.904] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.905] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.906] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.906] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x3f34e60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadResource", lpUsedDefaultChar=0x0) returned 13 [0074.906] GetProcAddress (hModule=0x75260000, lpProcName="LoadResource") returned 0x752778f0 [0074.906] LoadResource (hModule=0x0, hResInfo=0xf973a0) returned 0xfe4a64 [0074.906] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.906] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.907] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.907] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] CharUpperBuffW (in: lpsz="KAAEBMNAAVJBRZURMCRW", cchLength=0x14 | out: lpsz="KAAEBMNAAVJBRZURMCRW") returned 0x14 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.908] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.909] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.912] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] PeekMessageW (in: lpMsg=0x140ed2c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed2c) returned 0 [0074.913] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.913] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x3f35058, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LockResource", lpUsedDefaultChar=0x0) returned 13 [0074.913] GetProcAddress (hModule=0x75260000, lpProcName="LockResource") returned 0x75277a50 [0074.913] LockResource (hResData=0xfe4a64) returned 0xfe4a64 [0074.914] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.914] PeekMessageW (in: lpMsg=0x140f5ac, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f5ac) returned 0 [0074.914] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.914] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.915] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.915] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.915] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.915] PeekMessageW (in: lpMsg=0x140ee7c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee7c) returned 0 [0074.915] CharLowerBuffW (in: lpsz="byte[101129]", cchLength=0xc | out: lpsz="byte[101129]") returned 0xc [0074.922] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.922] CharUpperBuffW (in: lpsz="NQAVEYZBZJEXPTPYRFTKO", cchLength=0x15 | out: lpsz="NQAVEYZBZJEXPTPYRFTKO") returned 0x15 [0074.922] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.922] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.922] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.922] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.923] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.923] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.924] CharUpperBuffW (in: lpsz="JDWYDLJUCYGMBZLBLG_H", cchLength=0x14 | out: lpsz="JDWYDLJUCYGMBZLBLG_H") returned 0x14 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.925] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.934] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.934] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0074.934] CharUpperBuffW (in: lpsz="FTGNMEKDAAFZEWQDECSC", cchLength=0x14 | out: lpsz="FTGNMEKDAAFZEWQDECSC") returned 0x14 [0074.935] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.935] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0074.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x3f352c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindResourceW", lpUsedDefaultChar=0x0) returned 14 [0074.935] GetProcAddress (hModule=0x75260000, lpProcName="FindResourceW") returned 0x75283a50 [0074.936] FindResourceW (hModule=0x0, lpName="audit2", lpType=0xa) returned 0xf97370 [0074.936] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.936] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.936] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.936] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.937] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.938] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.938] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.938] CharUpperBuffW (in: lpsz="XCNGMGEAGHSUDDARJDYP", cchLength=0x14 | out: lpsz="XCNGMGEAGHSUDDARJDYP") returned 0x14 [0074.938] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.941] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.942] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.943] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.944] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.944] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.944] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.944] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.944] CharLowerBuffW (in: lpsz="dword", cchLength=0x5 | out: lpsz="dword") returned 0x5 [0074.944] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0074.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x3f35070, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SizeofResource", lpUsedDefaultChar=0x0) returned 15 [0074.944] GetProcAddress (hModule=0x75260000, lpProcName="SizeofResource") returned 0x75278cb0 [0074.944] SizeofResource (hModule=0x0, hResInfo=0xf97370) returned 0x18b09 [0074.944] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.944] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.944] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.944] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.945] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] CharUpperBuffW (in: lpsz="CTP_INOGFOQ_WWYF_Z_W", cchLength=0x14 | out: lpsz="CTP_INOGFOQ_WWYF_Z_W") returned 0x14 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.946] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.947] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.947] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.947] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.951] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.952] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.953] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.953] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.953] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.953] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.953] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.953] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x3f34ec0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadResource", lpUsedDefaultChar=0x0) returned 13 [0074.953] GetProcAddress (hModule=0x75260000, lpProcName="LoadResource") returned 0x752778f0 [0074.953] LoadResource (hModule=0x0, hResInfo=0xf97370) returned 0xf9a944 [0074.953] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.953] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.953] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.953] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.954] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] CharUpperBuffW (in: lpsz="KAAEBMNAAVJBRZURMCRW", cchLength=0x14 | out: lpsz="KAAEBMNAAVJBRZURMCRW") returned 0x14 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.955] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.956] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.958] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.958] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.958] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.958] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.958] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.958] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.958] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.959] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x3f34ff8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LockResource", lpUsedDefaultChar=0x0) returned 13 [0074.959] GetProcAddress (hModule=0x75260000, lpProcName="LockResource") returned 0x75277a50 [0074.959] LockResource (hResData=0xf9a944) returned 0xf9a944 [0074.959] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.959] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.959] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.960] CharLowerBuffW (in: lpsz="byte[101129]", cchLength=0xc | out: lpsz="byte[101129]") returned 0xc [0074.968] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0074.969] CharUpperBuffW (in: lpsz="NQAVEYZBZJEXPTPYRFTKO", cchLength=0x15 | out: lpsz="NQAVEYZBZJEXPTPYRFTKO") returned 0x15 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.969] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.969] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.970] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] CharUpperBuffW (in: lpsz="JDWYDLJUCYGMBZLBLG_H", cchLength=0x14 | out: lpsz="JDWYDLJUCYGMBZLBLG_H") returned 0x14 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.971] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.972] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.972] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.974] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.975] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] CharUpperBuffW (in: lpsz="FTGNMEKDAAFZEWQDECSC", cchLength=0x14 | out: lpsz="FTGNMEKDAAFZEWQDECSC") returned 0x14 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.976] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.976] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0074.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x3f35310, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindResourceW", lpUsedDefaultChar=0x0) returned 14 [0074.977] GetProcAddress (hModule=0x75260000, lpProcName="FindResourceW") returned 0x75283a50 [0074.977] FindResourceW (hModule=0x0, lpName="certcli3", lpType=0xa) returned 0xf97380 [0074.977] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.977] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.977] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.977] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.978] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] CharUpperBuffW (in: lpsz="XCNGMGEAGHSUDDARJDYP", cchLength=0x14 | out: lpsz="XCNGMGEAGHSUDDARJDYP") returned 0x14 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.979] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.982] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.983] CharLowerBuffW (in: lpsz="dword", cchLength=0x5 | out: lpsz="dword") returned 0x5 [0074.984] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0074.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x3f35040, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SizeofResource", lpUsedDefaultChar=0x0) returned 15 [0074.984] GetProcAddress (hModule=0x75260000, lpProcName="SizeofResource") returned 0x75278cb0 [0074.984] SizeofResource (hModule=0x0, hResInfo=0xf97380) returned 0x18b09 [0074.984] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.984] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.984] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.984] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.984] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.984] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.984] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.984] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.985] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.985] CharUpperBuffW (in: lpsz="CTP_INOGFOQ_WWYF_Z_W", cchLength=0x14 | out: lpsz="CTP_INOGFOQ_WWYF_Z_W") returned 0x14 [0074.987] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.987] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.987] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.987] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x3f34e48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadResource", lpUsedDefaultChar=0x0) returned 13 [0074.987] GetProcAddress (hModule=0x75260000, lpProcName="LoadResource") returned 0x752778f0 [0074.987] LoadResource (hModule=0x0, hResInfo=0xf97380) returned 0xfb3450 [0074.987] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.987] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.987] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.988] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] CharUpperBuffW (in: lpsz="KAAEBMNAAVJBRZURMCRW", cchLength=0x14 | out: lpsz="KAAEBMNAAVJBRZURMCRW") returned 0x14 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.989] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.990] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.991] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.991] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0074.991] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.991] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.991] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.991] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.991] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.993] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.993] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.993] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.993] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.993] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0074.993] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0074.994] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0074.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x3f34f38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LockResource", lpUsedDefaultChar=0x0) returned 13 [0074.994] GetProcAddress (hModule=0x75260000, lpProcName="LockResource") returned 0x75277a50 [0074.994] LockResource (hResData=0xfb3450) returned 0xfb3450 [0074.994] FreeLibrary (hLibModule=0x75260000) returned 1 [0074.994] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0074.994] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0074.994] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.994] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.994] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.994] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.994] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.994] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0074.995] CharLowerBuffW (in: lpsz="byte[101129]", cchLength=0xc | out: lpsz="byte[101129]") returned 0xc [0075.002] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0075.003] CharUpperBuffW (in: lpsz="NQAVEYZBZJEXPTPYRFTKO", cchLength=0x15 | out: lpsz="NQAVEYZBZJEXPTPYRFTKO") returned 0x15 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.003] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.003] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.004] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] CharUpperBuffW (in: lpsz="JDWYDLJUCYGMBZLBLG_H", cchLength=0x14 | out: lpsz="JDWYDLJUCYGMBZLBLG_H") returned 0x14 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.005] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.006] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.010] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0075.010] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] CharUpperBuffW (in: lpsz="FTGNMEKDAAFZEWQDECSC", cchLength=0x14 | out: lpsz="FTGNMEKDAAFZEWQDECSC") returned 0x14 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.011] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.012] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0075.012] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0075.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0075.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindResourceW", cchWideChar=14, lpMultiByteStr=0x3f352b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindResourceW", lpUsedDefaultChar=0x0) returned 14 [0075.013] GetProcAddress (hModule=0x75260000, lpProcName="FindResourceW") returned 0x75283a50 [0075.013] FindResourceW (hModule=0x0, lpName="EduPrintProv4", lpType=0xa) returned 0xf97390 [0075.013] FreeLibrary (hLibModule=0x75260000) returned 1 [0075.013] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.013] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.013] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.014] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.015] CharUpperBuffW (in: lpsz="XCNGMGEAGHSUDDARJDYP", cchLength=0x14 | out: lpsz="XCNGMGEAGHSUDDARJDYP") returned 0x14 [0075.019] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.019] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.019] CharLowerBuffW (in: lpsz="dword", cchLength=0x5 | out: lpsz="dword") returned 0x5 [0075.019] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0075.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0075.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SizeofResource", cchWideChar=15, lpMultiByteStr=0x3f34dd0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SizeofResource", lpUsedDefaultChar=0x0) returned 15 [0075.019] GetProcAddress (hModule=0x75260000, lpProcName="SizeofResource") returned 0x75278cb0 [0075.020] SizeofResource (hModule=0x0, hResInfo=0xf97390) returned 0x18b07 [0075.020] FreeLibrary (hLibModule=0x75260000) returned 1 [0075.020] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.020] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.020] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.021] CharUpperBuffW (in: lpsz="CTP_INOGFOQ_WWYF_Z_W", cchLength=0x14 | out: lpsz="CTP_INOGFOQ_WWYF_Z_W") returned 0x14 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.022] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.023] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.026] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.026] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.026] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.026] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.026] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.027] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.028] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0075.028] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0075.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LoadResource", cchWideChar=13, lpMultiByteStr=0x3f34f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoadResource", lpUsedDefaultChar=0x0) returned 13 [0075.028] GetProcAddress (hModule=0x75260000, lpProcName="LoadResource") returned 0x752778f0 [0075.028] LoadResource (hModule=0x0, hResInfo=0xf97390) returned 0xfcbf5c [0075.028] FreeLibrary (hLibModule=0x75260000) returned 1 [0075.028] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.028] CharUpperBuffW (in: lpsz="PPGXUNSN_ZHHGMPUGKAH", cchLength=0x14 | out: lpsz="PPGXUNSN_ZHHGMPUGKAH") returned 0x14 [0075.028] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.028] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.028] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.028] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.029] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] CharUpperBuffW (in: lpsz="KAAEBMNAAVJBRZURMCRW", cchLength=0x14 | out: lpsz="KAAEBMNAAVJBRZURMCRW") returned 0x14 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.030] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.031] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] PeekMessageW (in: lpMsg=0x140ed14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ed14) returned 0 [0075.032] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0075.032] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75260000 [0075.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LockResource", cchWideChar=13, lpMultiByteStr=0x3f34f38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LockResource", lpUsedDefaultChar=0x0) returned 13 [0075.032] GetProcAddress (hModule=0x75260000, lpProcName="LockResource") returned 0x75277a50 [0075.032] LockResource (hResData=0xfcbf5c) returned 0xfcbf5c [0075.032] FreeLibrary (hLibModule=0x75260000) returned 1 [0075.032] PeekMessageW (in: lpMsg=0x140f594, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f594) returned 0 [0075.032] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0075.032] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.033] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.033] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.033] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.035] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.036] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.036] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.036] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.036] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.036] CharLowerBuffW (in: lpsz="byte[101127]", cchLength=0xc | out: lpsz="byte[101127]") returned 0xc [0075.055] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0075.055] CharUpperBuffW (in: lpsz="DECDATA", cchLength=0x7 | out: lpsz="DECDATA") returned 0x7 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.064] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.065] SetLastError (dwErrCode=0x0) [0075.065] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.065] CharUpperBuffW (in: lpsz="DEYLPAVMIYPLGNTXMXUF", cchLength=0x14 | out: lpsz="DEYLPAVMIYPLGNTXMXUF") returned 0x14 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.065] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.066] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x76a10000 [0075.067] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.067] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.067] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] CharUpperBuffW (in: lpsz="TOXURRXVSFXJPRYAKVAW", cchLength=0x14 | out: lpsz="TOXURRXVSFXJPRYAKVAW") returned 0x14 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.068] PeekMessageW (in: lpMsg=0x140ee64, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee64) returned 0 [0075.081] CharUpperBuffW (in: lpsz="IVYRHZH_MOUGEF_BWEWN", cchLength=0x14 | out: lpsz="IVYRHZH_MOUGEF_BWEWN") returned 0x14 [0075.082] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.082] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.082] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.082] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.082] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptAcquireContext", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0075.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptAcquireContext", cchWideChar=20, lpMultiByteStr=0x1625a00, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptAcquireContext", lpUsedDefaultChar=0x0) returned 20 [0075.082] GetProcAddress (hModule=0x76a10000, lpProcName="CryptAcquireContext") returned 0x0 [0075.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptAcquireContextA", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0075.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptAcquireContextA", cchWideChar=21, lpMultiByteStr=0x1625a00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptAcquireContextA", lpUsedDefaultChar=0x0) returned 21 [0075.083] GetProcAddress (hModule=0x76a10000, lpProcName="CryptAcquireContextA") returned 0x76a30c00 [0075.083] CryptAcquireContextA (in: phProv=0x140ee80, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x140ee80*=0x16199a0) returned 1 [0075.621] TranslateMessage (lpMsg=0x140f6cc) returned 0 [0075.621] DispatchMessageW (lpMsg=0x140f6cc) returned 0x0 [0075.621] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0075.621] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.621] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.621] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] CharUpperBuffW (in: lpsz="OBVGJXECTDKCOAVFINBE", cchLength=0x14 | out: lpsz="OBVGJXECTDKCOAVFINBE") returned 0x14 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.622] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.623] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] CharUpperBuffW (in: lpsz="VCDTDFGNNNRV_IOGQLOW", cchLength=0x14 | out: lpsz="VCDTDFGNNNRV_IOGQLOW") returned 0x14 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.624] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] CharUpperBuffW (in: lpsz="IVYRHZH_MOUGEF_BWEWN", cchLength=0x14 | out: lpsz="IVYRHZH_MOUGEF_BWEWN") returned 0x14 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.625] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.626] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptCreateHash", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0075.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptCreateHash", cchWideChar=16, lpMultiByteStr=0x3f35148, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptCreateHash", lpUsedDefaultChar=0x0) returned 16 [0075.626] GetProcAddress (hModule=0x76a10000, lpProcName="CryptCreateHash") returned 0x76a2f930 [0075.627] CryptCreateHash (in: hProv=0x16199a0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x140eec8 | out: phHash=0x140eec8) returned 1 [0075.628] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.628] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.628] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0075.628] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.628] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arhuglrzqqhxdljmdyeuaooadblsqlxmedjsytthyqrobzuiwk", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0075.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arhuglrzqqhxdljmdyeuaooadblsqlxmedjsytthyqrobzuiwk", cchWideChar=51, lpMultiByteStr=0x15f5d40, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="arhuglrzqqhxdljmdyeuaooadblsqlxmedjsytthyqrobzuiwk", lpUsedDefaultChar=0x0) returned 51 [0075.629] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.629] CharLowerBuffW (in: lpsz="byte[50]", cchLength=0x8 | out: lpsz="byte[50]") returned 0x8 [0075.629] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arhuglrzqqhxdljmdyeuaooadblsqlxmedjsytthyqrobzuiwk", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0075.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="arhuglrzqqhxdljmdyeuaooadblsqlxmedjsytthyqrobzuiwk", cchWideChar=51, lpMultiByteStr=0x15f5900, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="arhuglrzqqhxdljmdyeuaooadblsqlxmedjsytthyqrobzuiwk", lpUsedDefaultChar=0x0) returned 51 [0075.630] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.630] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.630] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.630] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.630] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] CharUpperBuffW (in: lpsz="HFD_PPEYGZGWODHGGEET", cchLength=0x14 | out: lpsz="HFD_PPEYGZGWODHGGEET") returned 0x14 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.631] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.632] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] CharUpperBuffW (in: lpsz="KQYVXGPV_HFXAPVUEWAP", cchLength=0x14 | out: lpsz="KQYVXGPV_HFXAPVUEWAP") returned 0x14 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.650] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.651] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.652] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.652] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptHashData", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0075.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptHashData", cchWideChar=14, lpMultiByteStr=0x3f364e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptHashData", lpUsedDefaultChar=0x0) returned 14 [0075.652] GetProcAddress (hModule=0x76a10000, lpProcName="CryptHashData") returned 0x76a2f950 [0075.652] CryptHashData (hHash=0x15f5cc0, pbData=0x15f5b00, dwDataLen=0x32, dwFlags=0x1) returned 1 [0075.652] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.652] CharUpperBuffW (in: lpsz="ISADYLKKPXUPXARQNXBP", cchLength=0x14 | out: lpsz="ISADYLKKPXUPXARQNXBP") returned 0x14 [0075.652] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.656] CharUpperBuffW (in: lpsz="VCDTDFGNNNRV_IOGQLOW", cchLength=0x14 | out: lpsz="VCDTDFGNNNRV_IOGQLOW") returned 0x14 [0075.656] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.656] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.656] CharUpperBuffW (in: lpsz="IVYRHZH_MOUGEF_BWEWN", cchLength=0x14 | out: lpsz="IVYRHZH_MOUGEF_BWEWN") returned 0x14 [0075.656] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDeriveKey", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0075.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDeriveKey", cchWideChar=15, lpMultiByteStr=0x3f35b38, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptDeriveKey", lpUsedDefaultChar=0x0) returned 15 [0075.656] GetProcAddress (hModule=0x76a10000, lpProcName="CryptDeriveKey") returned 0x76a45b70 [0075.656] CryptDeriveKey (in: hProv=0x16199a0, Algid=0x6610, hBaseData=0x15f5cc0, dwFlags=0x1, phKey=0x140eec8 | out: phKey=0x140eec8*=0x15f5b80) returned 1 [0075.672] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.672] CharUpperBuffW (in: lpsz="HDHIEQUDWQVBNLSHSHRX", cchLength=0x14 | out: lpsz="HDHIEQUDWQVBNLSHSHRX") returned 0x14 [0075.676] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.676] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDestroyHash", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0075.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDestroyHash", cchWideChar=17, lpMultiByteStr=0x15f6948, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptDestroyHash", lpUsedDefaultChar=0x0) returned 17 [0075.677] GetProcAddress (hModule=0x76a10000, lpProcName="CryptDestroyHash") returned 0x76a2fbf0 [0075.677] CryptDestroyHash (hHash=0x15f5cc0) returned 1 [0075.677] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.713] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.713] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.714] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.718] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0075.718] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.718] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.718] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.718] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.718] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.718] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.719] CharLowerBuffW (in: lpsz="byte[203256]", cchLength=0xc | out: lpsz="byte[203256]") returned 0xc [0075.719] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.735] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.735] CharUpperBuffW (in: lpsz="EYRTITKXAS_NMZLEDUFW", cchLength=0x14 | out: lpsz="EYRTITKXAS_NMZLEDUFW") returned 0x14 [0075.735] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.736] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.741] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.742] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] CharUpperBuffW (in: lpsz="KQYVXGPV_HFXAPVUEWAP", cchLength=0x14 | out: lpsz="KQYVXGPV_HFXAPVUEWAP") returned 0x14 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.743] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] CharUpperBuffW (in: lpsz="YODCYMLMBCEOGXXGRJUO", cchLength=0x14 | out: lpsz="YODCYMLMBCEOGXXGRJUO") returned 0x14 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.744] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.749] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDecrypt", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDecrypt", cchWideChar=13, lpMultiByteStr=0x3f35d18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptDecrypt", lpUsedDefaultChar=0x0) returned 13 [0075.749] GetProcAddress (hModule=0x76a10000, lpProcName="CryptDecrypt") returned 0x76a310f0 [0075.749] CryptDecrypt (in: hKey=0x15f5b80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43b2c78, pdwDataLen=0x140eee0 | out: pbData=0x43b2c78, pdwDataLen=0x140eee0) returned 1 [0075.855] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.855] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.861] CharUpperBuffW (in: lpsz="IBMACTSBEJAZSGJADAUK", cchLength=0x14 | out: lpsz="IBMACTSBEJAZSGJADAUK") returned 0x14 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.861] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.862] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.862] CharLowerBuffW (in: lpsz="byte[202241]", cchLength=0xc | out: lpsz="byte[202241]") returned 0xc [0075.862] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.869] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.869] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.869] CharUpperBuffW (in: lpsz="VEPWOGIZFYWAZESAWJWB", cchLength=0x14 | out: lpsz="VEPWOGIZFYWAZESAWJWB") returned 0x14 [0075.869] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] CharUpperBuffW (in: lpsz="_FED_JCJDPAEOFIMFHNX", cchLength=0x14 | out: lpsz="_FED_JCJDPAEOFIMFHNX") returned 0x14 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.870] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] CharUpperBuffW (in: lpsz="NETLWBNFIIXMILRNSAGQ", cchLength=0x14 | out: lpsz="NETLWBNFIIXMILRNSAGQ") returned 0x14 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.871] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140ee4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140ee4c) returned 0 [0075.872] CharLowerBuffW (in: lpsz="bool", cchLength=0x4 | out: lpsz="bool") returned 0x4 [0075.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDestroyKey", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0075.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CryptDestroyKey", cchWideChar=16, lpMultiByteStr=0x3f363a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CryptDestroyKey", lpUsedDefaultChar=0x0) returned 16 [0075.872] GetProcAddress (hModule=0x76a10000, lpProcName="CryptDestroyKey") returned 0x76a2fc10 [0075.872] CryptDestroyKey (hKey=0x15f5b80) returned 1 [0075.872] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.872] PeekMessageW (in: lpMsg=0x140f6cc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f6cc) returned 0 [0075.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MZ\x90", cchWideChar=202241, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 202241 [0075.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MZ\x90", cchWideChar=202241, lpMultiByteStr=0x44aa600, cbMultiByte=202241, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MZ\x90", lpUsedDefaultChar=0x0) returned 202241 [0075.895] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0075.895] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x140f550, nSize=0x104 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps") returned 0x15 [0075.895] timeGetTime () returned 0x2046b [0075.895] Sleep (dwMilliseconds=0xa) [0075.959] timeGetTime () returned 0x204a9 [0075.959] Sleep (dwMilliseconds=0xa) [0075.973] timeGetTime () returned 0x204b9 [0075.973] Sleep (dwMilliseconds=0xa) [0075.999] timeGetTime () returned 0x204c8 [0075.999] Sleep (dwMilliseconds=0xa) [0076.318] timeGetTime () returned 0x20610 [0076.318] Sleep (dwMilliseconds=0xa) [0076.351] timeGetTime () returned 0x20630 [0076.352] Sleep (dwMilliseconds=0xa) [0076.367] timeGetTime () returned 0x2063f [0076.367] TranslateMessage (lpMsg=0x140fa14) returned 0 [0076.367] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0076.367] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0076.367] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0076.367] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.367] Sleep (dwMilliseconds=0xa) [0076.388] timeGetTime () returned 0x2064f [0076.388] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.388] Sleep (dwMilliseconds=0xa) [0076.415] timeGetTime () returned 0x20670 [0076.415] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.415] Sleep (dwMilliseconds=0xa) [0076.473] timeGetTime () returned 0x206ad [0076.474] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.474] Sleep (dwMilliseconds=0xa) [0076.491] timeGetTime () returned 0x206bc [0076.491] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.491] Sleep (dwMilliseconds=0xa) [0076.507] timeGetTime () returned 0x206cc [0076.507] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.507] Sleep (dwMilliseconds=0xa) [0076.522] timeGetTime () returned 0x206dd [0076.522] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.522] Sleep (dwMilliseconds=0xa) [0076.540] timeGetTime () returned 0x206eb [0076.540] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.540] Sleep (dwMilliseconds=0xa) [0076.599] timeGetTime () returned 0x2072a [0076.599] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.599] Sleep (dwMilliseconds=0xa) [0076.632] timeGetTime () returned 0x20749 [0076.632] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.633] Sleep (dwMilliseconds=0xa) [0076.671] timeGetTime () returned 0x2076f [0076.671] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.671] Sleep (dwMilliseconds=0xa) [0076.716] timeGetTime () returned 0x20797 [0076.716] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.716] Sleep (dwMilliseconds=0xa) [0076.741] timeGetTime () returned 0x207b7 [0076.741] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.741] Sleep (dwMilliseconds=0xa) [0076.756] timeGetTime () returned 0x207c6 [0076.756] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.756] Sleep (dwMilliseconds=0xa) [0076.771] timeGetTime () returned 0x207d6 [0076.771] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.771] Sleep (dwMilliseconds=0xa) [0076.790] timeGetTime () returned 0x207e6 [0076.790] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.790] Sleep (dwMilliseconds=0xa) [0076.817] timeGetTime () returned 0x20804 [0076.817] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.817] Sleep (dwMilliseconds=0xa) [0076.833] timeGetTime () returned 0x20814 [0076.833] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.833] Sleep (dwMilliseconds=0xa) [0076.849] timeGetTime () returned 0x20824 [0076.849] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.849] Sleep (dwMilliseconds=0xa) [0076.863] timeGetTime () returned 0x20833 [0076.863] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.863] Sleep (dwMilliseconds=0xa) [0076.887] timeGetTime () returned 0x20843 [0076.887] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.887] Sleep (dwMilliseconds=0xa) [0076.918] timeGetTime () returned 0x20862 [0076.918] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.918] Sleep (dwMilliseconds=0xa) [0076.941] timeGetTime () returned 0x20881 [0076.941] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.941] Sleep (dwMilliseconds=0xa) [0076.959] timeGetTime () returned 0x20891 [0076.959] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.959] Sleep (dwMilliseconds=0xa) [0076.974] timeGetTime () returned 0x208a1 [0076.974] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.974] Sleep (dwMilliseconds=0xa) [0076.995] timeGetTime () returned 0x208b0 [0076.995] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0076.995] Sleep (dwMilliseconds=0xa) [0077.023] timeGetTime () returned 0x208d1 [0077.023] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.023] Sleep (dwMilliseconds=0xa) [0077.037] timeGetTime () returned 0x208df [0077.037] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.037] Sleep (dwMilliseconds=0xa) [0077.050] timeGetTime () returned 0x208ef [0077.050] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.050] Sleep (dwMilliseconds=0xa) [0077.066] timeGetTime () returned 0x208fe [0077.066] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.066] Sleep (dwMilliseconds=0xa) [0077.082] timeGetTime () returned 0x2090e [0077.082] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.082] Sleep (dwMilliseconds=0xa) [0077.098] timeGetTime () returned 0x2091e [0077.098] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.098] Sleep (dwMilliseconds=0xa) [0077.113] timeGetTime () returned 0x2092d [0077.113] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0077.113] TranslateMessage (lpMsg=0x140fa14) returned 0 [0077.113] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0077.113] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0077.114] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0077.114] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.114] Sleep (dwMilliseconds=0xa) [0077.131] timeGetTime () returned 0x2093f [0077.131] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.131] Sleep (dwMilliseconds=0xa) [0077.144] timeGetTime () returned 0x2094d [0077.144] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.144] Sleep (dwMilliseconds=0xa) [0077.160] timeGetTime () returned 0x2095c [0077.160] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.160] Sleep (dwMilliseconds=0xa) [0077.175] timeGetTime () returned 0x2096c [0077.175] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.175] Sleep (dwMilliseconds=0xa) [0077.191] timeGetTime () returned 0x2097c [0077.192] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.192] Sleep (dwMilliseconds=0xa) [0077.206] timeGetTime () returned 0x2098b [0077.207] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.207] Sleep (dwMilliseconds=0xa) [0077.343] timeGetTime () returned 0x20a08 [0077.344] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.344] Sleep (dwMilliseconds=0xa) [0077.531] timeGetTime () returned 0x20ac4 [0077.532] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.532] Sleep (dwMilliseconds=0xa) [0077.610] timeGetTime () returned 0x20b12 [0077.610] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.610] Sleep (dwMilliseconds=0xa) [0077.746] timeGetTime () returned 0x20ba0 [0077.746] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.746] Sleep (dwMilliseconds=0xa) [0077.795] timeGetTime () returned 0x20bcd [0077.795] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.795] Sleep (dwMilliseconds=0xa) [0077.845] timeGetTime () returned 0x20bfc [0077.845] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.845] Sleep (dwMilliseconds=0xa) [0077.889] timeGetTime () returned 0x20c2b [0077.889] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0077.889] TranslateMessage (lpMsg=0x140fa14) returned 0 [0077.889] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0077.889] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0077.889] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0077.889] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.889] Sleep (dwMilliseconds=0xa) [0077.927] timeGetTime () returned 0x20c5a [0077.927] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.927] Sleep (dwMilliseconds=0xa) [0077.983] timeGetTime () returned 0x20c89 [0077.983] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0077.983] Sleep (dwMilliseconds=0xa) [0078.030] timeGetTime () returned 0x20cb8 [0078.030] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.030] Sleep (dwMilliseconds=0xa) [0078.068] timeGetTime () returned 0x20ce8 [0078.068] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.068] Sleep (dwMilliseconds=0xa) [0078.094] timeGetTime () returned 0x20cf6 [0078.094] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.094] Sleep (dwMilliseconds=0xa) [0078.124] timeGetTime () returned 0x20d15 [0078.124] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.124] Sleep (dwMilliseconds=0xa) [0078.161] timeGetTime () returned 0x20d44 [0078.161] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.161] Sleep (dwMilliseconds=0xa) [0078.176] timeGetTime () returned 0x20d54 [0078.176] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.176] Sleep (dwMilliseconds=0xa) [0078.198] timeGetTime () returned 0x20d63 [0078.198] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.198] Sleep (dwMilliseconds=0xa) [0078.257] timeGetTime () returned 0x20da2 [0078.257] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.257] Sleep (dwMilliseconds=0xa) [0078.273] timeGetTime () returned 0x20db2 [0078.273] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.273] Sleep (dwMilliseconds=0xa) [0078.287] timeGetTime () returned 0x20dc1 [0078.287] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.287] Sleep (dwMilliseconds=0xa) [0078.307] timeGetTime () returned 0x20dd1 [0078.307] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.307] Sleep (dwMilliseconds=0xa) [0078.337] timeGetTime () returned 0x20df0 [0078.338] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.338] Sleep (dwMilliseconds=0xa) [0078.373] timeGetTime () returned 0x20e0f [0078.373] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.373] Sleep (dwMilliseconds=0xa) [0078.396] timeGetTime () returned 0x20e2f [0078.396] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.396] Sleep (dwMilliseconds=0xa) [0078.416] timeGetTime () returned 0x20e3e [0078.416] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.416] Sleep (dwMilliseconds=0xa) [0078.450] timeGetTime () returned 0x20e5d [0078.450] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.450] Sleep (dwMilliseconds=0xa) [0078.480] timeGetTime () returned 0x20e7d [0078.480] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.480] Sleep (dwMilliseconds=0xa) [0078.523] timeGetTime () returned 0x20eac [0078.523] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.523] Sleep (dwMilliseconds=0xa) [0078.543] timeGetTime () returned 0x20ebb [0078.543] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.543] Sleep (dwMilliseconds=0xa) [0078.578] timeGetTime () returned 0x20eda [0078.578] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.578] Sleep (dwMilliseconds=0xa) [0078.603] timeGetTime () returned 0x20efa [0078.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.603] Sleep (dwMilliseconds=0xa) [0078.642] timeGetTime () returned 0x20f19 [0078.642] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0078.642] TranslateMessage (lpMsg=0x140fa14) returned 0 [0078.642] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0078.642] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0078.642] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0078.642] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.642] Sleep (dwMilliseconds=0xa) [0078.684] timeGetTime () returned 0x20f48 [0078.684] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.684] Sleep (dwMilliseconds=0xa) [0078.719] timeGetTime () returned 0x20f67 [0078.719] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.719] Sleep (dwMilliseconds=0xa) [0078.762] timeGetTime () returned 0x20f96 [0078.762] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.762] Sleep (dwMilliseconds=0xa) [0078.796] timeGetTime () returned 0x20fb7 [0078.796] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.796] Sleep (dwMilliseconds=0xa) [0078.952] timeGetTime () returned 0x21051 [0078.952] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.952] Sleep (dwMilliseconds=0xa) [0078.995] timeGetTime () returned 0x21080 [0078.996] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0078.996] Sleep (dwMilliseconds=0xa) [0079.021] timeGetTime () returned 0x210a0 [0079.021] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.021] Sleep (dwMilliseconds=0xa) [0079.092] timeGetTime () returned 0x210de [0079.092] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.092] Sleep (dwMilliseconds=0xa) [0079.148] timeGetTime () returned 0x2111d [0079.148] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.148] Sleep (dwMilliseconds=0xa) [0079.160] timeGetTime () returned 0x2112c [0079.160] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.160] Sleep (dwMilliseconds=0xa) [0079.203] timeGetTime () returned 0x2114b [0079.203] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.204] Sleep (dwMilliseconds=0xa) [0079.256] timeGetTime () returned 0x2118a [0079.256] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.256] Sleep (dwMilliseconds=0xa) [0079.281] timeGetTime () returned 0x2119a [0079.281] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.281] Sleep (dwMilliseconds=0xa) [0079.312] timeGetTime () returned 0x211b9 [0079.312] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.312] Sleep (dwMilliseconds=0xa) [0079.335] timeGetTime () returned 0x211d8 [0079.335] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.335] Sleep (dwMilliseconds=0xa) [0079.359] timeGetTime () returned 0x211eb [0079.359] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.359] Sleep (dwMilliseconds=0xa) [0079.386] timeGetTime () returned 0x21207 [0079.386] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0079.386] TranslateMessage (lpMsg=0x140fa14) returned 0 [0079.386] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0079.386] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0079.386] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0079.387] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.387] Sleep (dwMilliseconds=0xa) [0079.411] timeGetTime () returned 0x21226 [0079.411] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.411] Sleep (dwMilliseconds=0xa) [0079.426] timeGetTime () returned 0x21236 [0079.426] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.426] Sleep (dwMilliseconds=0xa) [0079.441] timeGetTime () returned 0x21245 [0079.441] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.441] Sleep (dwMilliseconds=0xa) [0079.457] timeGetTime () returned 0x21255 [0079.457] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.457] Sleep (dwMilliseconds=0xa) [0079.472] timeGetTime () returned 0x21265 [0079.472] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.472] Sleep (dwMilliseconds=0xa) [0079.488] timeGetTime () returned 0x21274 [0079.488] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.488] Sleep (dwMilliseconds=0xa) [0079.503] timeGetTime () returned 0x21284 [0079.503] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.503] Sleep (dwMilliseconds=0xa) [0079.519] timeGetTime () returned 0x21294 [0079.519] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.519] Sleep (dwMilliseconds=0xa) [0079.535] timeGetTime () returned 0x212a3 [0079.535] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.535] Sleep (dwMilliseconds=0xa) [0079.550] timeGetTime () returned 0x212b3 [0079.550] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.550] Sleep (dwMilliseconds=0xa) [0079.568] timeGetTime () returned 0x212c5 [0079.568] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.568] Sleep (dwMilliseconds=0xa) [0079.582] timeGetTime () returned 0x212d2 [0079.582] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.582] Sleep (dwMilliseconds=0xa) [0079.597] timeGetTime () returned 0x212e2 [0079.598] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.598] Sleep (dwMilliseconds=0xa) [0079.613] timeGetTime () returned 0x212f1 [0079.613] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.613] Sleep (dwMilliseconds=0xa) [0079.632] timeGetTime () returned 0x21303 [0079.632] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.632] Sleep (dwMilliseconds=0xa) [0079.667] timeGetTime () returned 0x21320 [0079.668] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.668] Sleep (dwMilliseconds=0xa) [0079.695] timeGetTime () returned 0x2133f [0079.695] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.695] Sleep (dwMilliseconds=0xa) [0079.708] timeGetTime () returned 0x2134f [0079.708] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.708] Sleep (dwMilliseconds=0xa) [0079.740] timeGetTime () returned 0x2136e [0079.740] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.740] Sleep (dwMilliseconds=0xa) [0079.765] timeGetTime () returned 0x2137e [0079.765] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.765] Sleep (dwMilliseconds=0xa) [0079.788] timeGetTime () returned 0x2139d [0079.788] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.788] Sleep (dwMilliseconds=0xa) [0079.807] timeGetTime () returned 0x213ad [0079.807] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.808] Sleep (dwMilliseconds=0xa) [0079.834] timeGetTime () returned 0x213cc [0079.834] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.834] Sleep (dwMilliseconds=0xa) [0079.850] timeGetTime () returned 0x213dc [0079.850] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.850] Sleep (dwMilliseconds=0xa) [0079.863] timeGetTime () returned 0x213eb [0079.863] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.863] Sleep (dwMilliseconds=0xa) [0079.879] timeGetTime () returned 0x213fb [0079.879] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.879] Sleep (dwMilliseconds=0xa) [0079.897] timeGetTime () returned 0x2140b [0079.897] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.897] Sleep (dwMilliseconds=0xa) [0079.911] timeGetTime () returned 0x2141a [0079.911] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.911] Sleep (dwMilliseconds=0xa) [0079.926] timeGetTime () returned 0x2142a [0079.926] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.926] Sleep (dwMilliseconds=0xa) [0079.941] timeGetTime () returned 0x21439 [0079.941] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.941] Sleep (dwMilliseconds=0xa) [0079.957] timeGetTime () returned 0x21449 [0079.957] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.957] Sleep (dwMilliseconds=0xa) [0079.974] timeGetTime () returned 0x21459 [0079.974] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.974] Sleep (dwMilliseconds=0xa) [0079.993] timeGetTime () returned 0x21468 [0079.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0079.993] Sleep (dwMilliseconds=0xa) [0080.021] timeGetTime () returned 0x21487 [0080.021] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.021] Sleep (dwMilliseconds=0xa) [0080.035] timeGetTime () returned 0x21497 [0080.035] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.035] Sleep (dwMilliseconds=0xa) [0080.051] timeGetTime () returned 0x214a7 [0080.051] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.051] Sleep (dwMilliseconds=0xa) [0080.066] timeGetTime () returned 0x214b6 [0080.066] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.066] Sleep (dwMilliseconds=0xa) [0080.082] timeGetTime () returned 0x214c6 [0080.082] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.082] Sleep (dwMilliseconds=0xa) [0080.097] timeGetTime () returned 0x214d6 [0080.097] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.097] Sleep (dwMilliseconds=0xa) [0080.113] timeGetTime () returned 0x214e5 [0080.113] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.113] Sleep (dwMilliseconds=0xa) [0080.129] timeGetTime () returned 0x214f5 [0080.129] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0080.129] TranslateMessage (lpMsg=0x140fa14) returned 0 [0080.129] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0080.129] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0080.129] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0080.129] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.129] Sleep (dwMilliseconds=0xa) [0080.144] timeGetTime () returned 0x21505 [0080.144] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.144] Sleep (dwMilliseconds=0xa) [0080.159] timeGetTime () returned 0x21514 [0080.159] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.160] Sleep (dwMilliseconds=0xa) [0080.177] timeGetTime () returned 0x21524 [0080.177] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.177] Sleep (dwMilliseconds=0xa) [0080.191] timeGetTime () returned 0x21533 [0080.191] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.191] Sleep (dwMilliseconds=0xa) [0080.207] timeGetTime () returned 0x21543 [0080.207] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.207] Sleep (dwMilliseconds=0xa) [0080.251] timeGetTime () returned 0x21564 [0080.251] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.251] Sleep (dwMilliseconds=0xa) [0080.269] timeGetTime () returned 0x21582 [0080.269] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.269] Sleep (dwMilliseconds=0xa) [0080.291] timeGetTime () returned 0x21597 [0080.291] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.291] Sleep (dwMilliseconds=0xa) [0080.316] timeGetTime () returned 0x215b0 [0080.316] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.316] Sleep (dwMilliseconds=0xa) [0080.332] timeGetTime () returned 0x215c0 [0080.332] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.332] Sleep (dwMilliseconds=0xa) [0080.347] timeGetTime () returned 0x215d0 [0080.347] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.347] Sleep (dwMilliseconds=0xa) [0080.363] timeGetTime () returned 0x215df [0080.363] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.363] Sleep (dwMilliseconds=0xa) [0080.378] timeGetTime () returned 0x215ef [0080.379] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.379] Sleep (dwMilliseconds=0xa) [0080.395] timeGetTime () returned 0x215ff [0080.395] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.395] Sleep (dwMilliseconds=0xa) [0080.410] timeGetTime () returned 0x2160e [0080.410] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.410] Sleep (dwMilliseconds=0xa) [0080.425] timeGetTime () returned 0x2161e [0080.425] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.425] Sleep (dwMilliseconds=0xa) [0080.441] timeGetTime () returned 0x2162e [0080.441] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.441] Sleep (dwMilliseconds=0xa) [0080.456] timeGetTime () returned 0x2163d [0080.456] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.456] Sleep (dwMilliseconds=0xa) [0080.472] timeGetTime () returned 0x2164d [0080.472] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.472] Sleep (dwMilliseconds=0xa) [0080.488] timeGetTime () returned 0x2165c [0080.488] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.488] Sleep (dwMilliseconds=0xa) [0080.503] timeGetTime () returned 0x2166c [0080.503] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.503] Sleep (dwMilliseconds=0xa) [0080.519] timeGetTime () returned 0x2167c [0080.519] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.519] Sleep (dwMilliseconds=0xa) [0080.535] timeGetTime () returned 0x2168b [0080.535] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.535] Sleep (dwMilliseconds=0xa) [0080.550] timeGetTime () returned 0x2169b [0080.550] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.550] Sleep (dwMilliseconds=0xa) [0080.567] timeGetTime () returned 0x216aa [0080.567] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.567] Sleep (dwMilliseconds=0xa) [0080.581] timeGetTime () returned 0x216ba [0080.581] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.581] Sleep (dwMilliseconds=0xa) [0080.597] timeGetTime () returned 0x216ca [0080.597] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.597] Sleep (dwMilliseconds=0xa) [0080.616] timeGetTime () returned 0x216dc [0080.616] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.616] Sleep (dwMilliseconds=0xa) [0080.630] timeGetTime () returned 0x216eb [0080.630] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.630] Sleep (dwMilliseconds=0xa) [0080.643] timeGetTime () returned 0x216f8 [0080.644] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.644] Sleep (dwMilliseconds=0xa) [0080.655] timeGetTime () returned 0x21704 [0080.655] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.655] Sleep (dwMilliseconds=0xa) [0080.676] timeGetTime () returned 0x2171a [0080.677] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.677] Sleep (dwMilliseconds=0xa) [0080.700] timeGetTime () returned 0x2172e [0080.700] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.700] Sleep (dwMilliseconds=0xa) [0080.715] timeGetTime () returned 0x2173e [0080.715] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.715] Sleep (dwMilliseconds=0xa) [0080.730] timeGetTime () returned 0x2174e [0080.730] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.730] Sleep (dwMilliseconds=0xa) [0080.745] timeGetTime () returned 0x2175d [0080.745] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.745] Sleep (dwMilliseconds=0xa) [0080.762] timeGetTime () returned 0x2176d [0080.762] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.762] Sleep (dwMilliseconds=0xa) [0080.777] timeGetTime () returned 0x2177d [0080.777] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.777] Sleep (dwMilliseconds=0xa) [0080.792] timeGetTime () returned 0x2178c [0080.792] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.792] Sleep (dwMilliseconds=0xa) [0080.813] timeGetTime () returned 0x217a1 [0080.813] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.813] Sleep (dwMilliseconds=0xa) [0080.839] timeGetTime () returned 0x217bb [0080.839] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.839] Sleep (dwMilliseconds=0xa) [0080.854] timeGetTime () returned 0x217cb [0080.854] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.854] Sleep (dwMilliseconds=0xa) [0080.871] timeGetTime () returned 0x217da [0080.871] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.871] Sleep (dwMilliseconds=0xa) [0080.886] timeGetTime () returned 0x217ea [0080.886] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0080.886] TranslateMessage (lpMsg=0x140fa14) returned 0 [0080.886] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0080.886] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0080.886] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0080.886] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.886] Sleep (dwMilliseconds=0xa) [0080.902] timeGetTime () returned 0x217fa [0080.902] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.902] Sleep (dwMilliseconds=0xa) [0080.918] timeGetTime () returned 0x21809 [0080.918] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.918] Sleep (dwMilliseconds=0xa) [0080.933] timeGetTime () returned 0x21819 [0080.933] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.933] Sleep (dwMilliseconds=0xa) [0080.948] timeGetTime () returned 0x21828 [0080.948] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.948] Sleep (dwMilliseconds=0xa) [0080.963] timeGetTime () returned 0x21838 [0080.963] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.963] Sleep (dwMilliseconds=0xa) [0080.979] timeGetTime () returned 0x21848 [0080.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.979] Sleep (dwMilliseconds=0xa) [0080.995] timeGetTime () returned 0x21857 [0080.995] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0080.995] Sleep (dwMilliseconds=0xa) [0081.011] timeGetTime () returned 0x21867 [0081.011] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.011] Sleep (dwMilliseconds=0xa) [0081.026] timeGetTime () returned 0x21877 [0081.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.026] Sleep (dwMilliseconds=0xa) [0081.042] timeGetTime () returned 0x21886 [0081.042] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.042] Sleep (dwMilliseconds=0xa) [0081.057] timeGetTime () returned 0x21896 [0081.057] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.058] Sleep (dwMilliseconds=0xa) [0081.073] timeGetTime () returned 0x218a5 [0081.073] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.073] Sleep (dwMilliseconds=0xa) [0081.088] timeGetTime () returned 0x218b5 [0081.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.088] Sleep (dwMilliseconds=0xa) [0081.104] timeGetTime () returned 0x218c5 [0081.104] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.104] Sleep (dwMilliseconds=0xa) [0081.119] timeGetTime () returned 0x218d4 [0081.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.119] Sleep (dwMilliseconds=0xa) [0081.137] timeGetTime () returned 0x218e4 [0081.137] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.137] Sleep (dwMilliseconds=0xa) [0081.151] timeGetTime () returned 0x218f3 [0081.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.151] Sleep (dwMilliseconds=0xa) [0081.166] timeGetTime () returned 0x21903 [0081.166] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.166] Sleep (dwMilliseconds=0xa) [0081.182] timeGetTime () returned 0x21913 [0081.182] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.182] Sleep (dwMilliseconds=0xa) [0081.198] timeGetTime () returned 0x21922 [0081.198] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.198] Sleep (dwMilliseconds=0xa) [0081.213] timeGetTime () returned 0x21932 [0081.213] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.213] Sleep (dwMilliseconds=0xa) [0081.269] timeGetTime () returned 0x21961 [0081.269] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.269] Sleep (dwMilliseconds=0xa) [0081.298] timeGetTime () returned 0x21980 [0081.298] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.298] Sleep (dwMilliseconds=0xa) [0081.323] timeGetTime () returned 0x2199f [0081.323] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.323] Sleep (dwMilliseconds=0xa) [0081.338] timeGetTime () returned 0x219af [0081.338] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.338] Sleep (dwMilliseconds=0xa) [0081.354] timeGetTime () returned 0x219bf [0081.354] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.354] Sleep (dwMilliseconds=0xa) [0081.372] timeGetTime () returned 0x219ce [0081.372] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.372] Sleep (dwMilliseconds=0xa) [0081.385] timeGetTime () returned 0x219de [0081.385] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.385] Sleep (dwMilliseconds=0xa) [0081.403] timeGetTime () returned 0x219ef [0081.403] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.403] Sleep (dwMilliseconds=0xa) [0081.417] timeGetTime () returned 0x219fd [0081.417] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.417] Sleep (dwMilliseconds=0xa) [0081.432] timeGetTime () returned 0x21a0d [0081.432] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.432] Sleep (dwMilliseconds=0xa) [0081.448] timeGetTime () returned 0x21a1c [0081.448] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.448] Sleep (dwMilliseconds=0xa) [0081.463] timeGetTime () returned 0x21a2c [0081.463] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.463] Sleep (dwMilliseconds=0xa) [0081.482] timeGetTime () returned 0x21a3e [0081.482] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.482] Sleep (dwMilliseconds=0xa) [0081.510] timeGetTime () returned 0x21a5b [0081.510] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.510] Sleep (dwMilliseconds=0xa) [0081.546] timeGetTime () returned 0x21a7a [0081.547] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.547] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x1a, wParam=0x0, lParam=0xcfe428) returned 0x0 [0081.547] Sleep (dwMilliseconds=0xa) [0081.576] timeGetTime () returned 0x21a9a [0081.576] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.620] Sleep (dwMilliseconds=0xa) [0081.652] timeGetTime () returned 0x21ae8 [0081.652] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0081.652] TranslateMessage (lpMsg=0x140fa14) returned 0 [0081.652] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0081.652] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0081.652] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0081.652] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.652] Sleep (dwMilliseconds=0xa) [0081.766] timeGetTime () returned 0x21b55 [0081.766] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.766] Sleep (dwMilliseconds=0xa) [0081.829] timeGetTime () returned 0x21b93 [0081.829] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.829] Sleep (dwMilliseconds=0xa) [0081.884] timeGetTime () returned 0x21bc3 [0081.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.884] Sleep (dwMilliseconds=0xa) [0081.914] timeGetTime () returned 0x21bef [0081.914] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.914] Sleep (dwMilliseconds=0xa) [0081.945] timeGetTime () returned 0x21c08 [0081.945] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.945] Sleep (dwMilliseconds=0xa) [0081.991] timeGetTime () returned 0x21c37 [0081.991] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0081.991] Sleep (dwMilliseconds=0xa) [0082.003] timeGetTime () returned 0x21c47 [0082.004] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.004] Sleep (dwMilliseconds=0xa) [0082.018] timeGetTime () returned 0x21c56 [0082.018] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.018] Sleep (dwMilliseconds=0xa) [0082.035] timeGetTime () returned 0x21c66 [0082.035] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.035] Sleep (dwMilliseconds=0xa) [0082.057] timeGetTime () returned 0x21c7d [0082.057] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.057] Sleep (dwMilliseconds=0xa) [0082.100] timeGetTime () returned 0x21c9a [0082.100] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.100] Sleep (dwMilliseconds=0xa) [0082.119] timeGetTime () returned 0x21cba [0082.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.119] Sleep (dwMilliseconds=0xa) [0082.133] timeGetTime () returned 0x21cc9 [0082.133] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.133] Sleep (dwMilliseconds=0xa) [0082.148] timeGetTime () returned 0x21cd9 [0082.148] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.148] Sleep (dwMilliseconds=0xa) [0082.165] timeGetTime () returned 0x21ce9 [0082.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.165] Sleep (dwMilliseconds=0xa) [0082.180] timeGetTime () returned 0x21cf8 [0082.180] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.180] Sleep (dwMilliseconds=0xa) [0082.196] timeGetTime () returned 0x21d08 [0082.196] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.196] Sleep (dwMilliseconds=0xa) [0082.211] timeGetTime () returned 0x21d17 [0082.211] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.211] Sleep (dwMilliseconds=0xa) [0082.258] timeGetTime () returned 0x21d46 [0082.259] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.259] Sleep (dwMilliseconds=0xa) [0082.273] timeGetTime () returned 0x21d56 [0082.273] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.273] Sleep (dwMilliseconds=0xa) [0082.289] timeGetTime () returned 0x21d66 [0082.289] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.289] Sleep (dwMilliseconds=0xa) [0082.304] timeGetTime () returned 0x21d75 [0082.304] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.304] Sleep (dwMilliseconds=0xa) [0082.320] timeGetTime () returned 0x21d85 [0082.320] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.320] Sleep (dwMilliseconds=0xa) [0082.336] timeGetTime () returned 0x21d94 [0082.336] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.336] Sleep (dwMilliseconds=0xa) [0082.351] timeGetTime () returned 0x21da4 [0082.351] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.351] Sleep (dwMilliseconds=0xa) [0082.367] timeGetTime () returned 0x21db4 [0082.367] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.367] Sleep (dwMilliseconds=0xa) [0082.383] timeGetTime () returned 0x21dc3 [0082.383] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.383] Sleep (dwMilliseconds=0xa) [0082.407] timeGetTime () returned 0x21dd3 [0082.407] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0082.407] TranslateMessage (lpMsg=0x140fa14) returned 0 [0082.407] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0082.407] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0082.407] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0082.408] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.408] Sleep (dwMilliseconds=0xa) [0082.430] timeGetTime () returned 0x21df2 [0082.430] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.430] Sleep (dwMilliseconds=0xa) [0082.445] timeGetTime () returned 0x21e02 [0082.445] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.445] Sleep (dwMilliseconds=0xa) [0082.461] timeGetTime () returned 0x21e11 [0082.461] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.461] Sleep (dwMilliseconds=0xa) [0082.476] timeGetTime () returned 0x21e21 [0082.476] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.476] Sleep (dwMilliseconds=0xa) [0082.492] timeGetTime () returned 0x21e31 [0082.492] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.492] Sleep (dwMilliseconds=0xa) [0082.508] timeGetTime () returned 0x21e40 [0082.508] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.508] Sleep (dwMilliseconds=0xa) [0082.533] timeGetTime () returned 0x21e59 [0082.533] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.533] Sleep (dwMilliseconds=0xa) [0082.551] timeGetTime () returned 0x21e68 [0082.551] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.551] Sleep (dwMilliseconds=0xa) [0082.579] timeGetTime () returned 0x21e7f [0082.579] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.579] Sleep (dwMilliseconds=0xa) [0082.607] timeGetTime () returned 0x21e9e [0082.607] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.607] Sleep (dwMilliseconds=0xa) [0082.634] timeGetTime () returned 0x21ebd [0082.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.634] Sleep (dwMilliseconds=0xa) [0082.688] timeGetTime () returned 0x21eec [0082.688] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.688] Sleep (dwMilliseconds=0xa) [0082.850] timeGetTime () returned 0x21f88 [0082.850] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.850] Sleep (dwMilliseconds=0xa) [0082.930] timeGetTime () returned 0x21fe6 [0082.930] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.930] Sleep (dwMilliseconds=0xa) [0082.975] timeGetTime () returned 0x22005 [0082.975] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0082.975] Sleep (dwMilliseconds=0xa) [0083.000] timeGetTime () returned 0x22025 [0083.000] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.000] Sleep (dwMilliseconds=0xa) [0083.053] timeGetTime () returned 0x22054 [0083.054] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.054] Sleep (dwMilliseconds=0xa) [0083.071] timeGetTime () returned 0x22073 [0083.071] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.071] Sleep (dwMilliseconds=0xa) [0083.086] timeGetTime () returned 0x22082 [0083.086] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.086] Sleep (dwMilliseconds=0xa) [0083.102] timeGetTime () returned 0x22093 [0083.102] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.102] Sleep (dwMilliseconds=0xa) [0083.144] timeGetTime () returned 0x220b1 [0083.144] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.144] Sleep (dwMilliseconds=0xa) [0083.180] timeGetTime () returned 0x220e0 [0083.180] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0083.180] TranslateMessage (lpMsg=0x140fa14) returned 0 [0083.180] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0083.180] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0083.180] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0083.180] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.180] Sleep (dwMilliseconds=0xa) [0083.254] timeGetTime () returned 0x2211f [0083.254] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.254] Sleep (dwMilliseconds=0xa) [0083.273] timeGetTime () returned 0x2213e [0083.273] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.273] Sleep (dwMilliseconds=0xa) [0083.289] timeGetTime () returned 0x2214e [0083.289] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.289] Sleep (dwMilliseconds=0xa) [0083.304] timeGetTime () returned 0x2215d [0083.304] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.304] Sleep (dwMilliseconds=0xa) [0083.321] timeGetTime () returned 0x2216d [0083.321] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.321] Sleep (dwMilliseconds=0xa) [0083.336] timeGetTime () returned 0x2217c [0083.336] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.336] Sleep (dwMilliseconds=0xa) [0083.351] timeGetTime () returned 0x2218c [0083.351] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.351] Sleep (dwMilliseconds=0xa) [0083.367] timeGetTime () returned 0x2219c [0083.367] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.367] Sleep (dwMilliseconds=0xa) [0083.386] timeGetTime () returned 0x221ab [0083.386] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.386] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0083.386] Sleep (dwMilliseconds=0xa) [0083.399] timeGetTime () returned 0x221bb [0083.399] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.425] Sleep (dwMilliseconds=0xa) [0083.445] timeGetTime () returned 0x221ea [0083.445] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.445] Sleep (dwMilliseconds=0xa) [0083.461] timeGetTime () returned 0x221f9 [0083.461] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.461] Sleep (dwMilliseconds=0xa) [0083.476] timeGetTime () returned 0x22209 [0083.476] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.477] Sleep (dwMilliseconds=0xa) [0083.494] timeGetTime () returned 0x22219 [0083.494] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.494] Sleep (dwMilliseconds=0xa) [0083.508] timeGetTime () returned 0x22228 [0083.508] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.508] Sleep (dwMilliseconds=0xa) [0083.524] timeGetTime () returned 0x22238 [0083.524] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.524] Sleep (dwMilliseconds=0xa) [0083.541] timeGetTime () returned 0x22248 [0083.541] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.541] Sleep (dwMilliseconds=0xa) [0083.555] timeGetTime () returned 0x22257 [0083.555] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.555] Sleep (dwMilliseconds=0xa) [0083.576] timeGetTime () returned 0x22267 [0083.576] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.576] Sleep (dwMilliseconds=0xa) [0083.602] timeGetTime () returned 0x22286 [0083.602] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.602] Sleep (dwMilliseconds=0xa) [0083.618] timeGetTime () returned 0x22296 [0083.618] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.618] Sleep (dwMilliseconds=0xa) [0083.633] timeGetTime () returned 0x222a5 [0083.633] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.633] Sleep (dwMilliseconds=0xa) [0083.648] timeGetTime () returned 0x222b5 [0083.648] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.648] Sleep (dwMilliseconds=0xa) [0083.671] timeGetTime () returned 0x222cc [0083.671] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.672] Sleep (dwMilliseconds=0xa) [0083.700] timeGetTime () returned 0x222e4 [0083.700] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.700] Sleep (dwMilliseconds=0xa) [0083.753] timeGetTime () returned 0x22313 [0083.753] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.754] Sleep (dwMilliseconds=0xa) [0083.795] timeGetTime () returned 0x22342 [0083.795] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.795] Sleep (dwMilliseconds=0xa) [0083.823] timeGetTime () returned 0x22361 [0083.823] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.823] Sleep (dwMilliseconds=0xa) [0083.836] timeGetTime () returned 0x22370 [0083.836] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.836] Sleep (dwMilliseconds=0xa) [0083.852] timeGetTime () returned 0x22380 [0083.852] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.852] Sleep (dwMilliseconds=0xa) [0083.867] timeGetTime () returned 0x22390 [0083.867] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.867] Sleep (dwMilliseconds=0xa) [0083.883] timeGetTime () returned 0x2239f [0083.883] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.883] Sleep (dwMilliseconds=0xa) [0083.902] timeGetTime () returned 0x223af [0083.902] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.902] Sleep (dwMilliseconds=0xa) [0083.914] timeGetTime () returned 0x223bf [0083.914] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0083.914] Sleep (dwMilliseconds=0xa) [0084.047] timeGetTime () returned 0x2243c [0084.047] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0084.047] TranslateMessage (lpMsg=0x140fa14) returned 0 [0084.047] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0084.047] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0084.047] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0084.047] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.047] Sleep (dwMilliseconds=0xa) [0084.097] timeGetTime () returned 0x2246a [0084.097] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.097] Sleep (dwMilliseconds=0xa) [0084.119] timeGetTime () returned 0x2248a [0084.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.119] Sleep (dwMilliseconds=0xa) [0084.143] timeGetTime () returned 0x22499 [0084.143] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.143] Sleep (dwMilliseconds=0xa) [0084.178] timeGetTime () returned 0x224b9 [0084.178] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.178] Sleep (dwMilliseconds=0xa) [0084.208] timeGetTime () returned 0x224d8 [0084.208] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.208] Sleep (dwMilliseconds=0xa) [0084.255] timeGetTime () returned 0x22507 [0084.255] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.255] Sleep (dwMilliseconds=0xa) [0084.278] timeGetTime () returned 0x22526 [0084.278] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.278] Sleep (dwMilliseconds=0xa) [0084.299] timeGetTime () returned 0x22536 [0084.299] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.299] Sleep (dwMilliseconds=0xa) [0084.320] timeGetTime () returned 0x22555 [0084.320] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.320] Sleep (dwMilliseconds=0xa) [0084.336] timeGetTime () returned 0x22564 [0084.336] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.336] Sleep (dwMilliseconds=0xa) [0084.351] timeGetTime () returned 0x22574 [0084.351] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.351] Sleep (dwMilliseconds=0xa) [0084.367] timeGetTime () returned 0x22584 [0084.367] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.367] Sleep (dwMilliseconds=0xa) [0084.383] timeGetTime () returned 0x22593 [0084.383] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.383] Sleep (dwMilliseconds=0xa) [0084.398] timeGetTime () returned 0x225a3 [0084.398] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.398] Sleep (dwMilliseconds=0xa) [0084.414] timeGetTime () returned 0x225b3 [0084.414] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.414] Sleep (dwMilliseconds=0xa) [0084.430] timeGetTime () returned 0x225c2 [0084.430] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.430] Sleep (dwMilliseconds=0xa) [0084.446] timeGetTime () returned 0x225d2 [0084.446] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.446] Sleep (dwMilliseconds=0xa) [0084.461] timeGetTime () returned 0x225e1 [0084.461] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.461] Sleep (dwMilliseconds=0xa) [0084.476] timeGetTime () returned 0x225f1 [0084.476] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.476] Sleep (dwMilliseconds=0xa) [0084.493] timeGetTime () returned 0x22601 [0084.493] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.493] Sleep (dwMilliseconds=0xa) [0084.508] timeGetTime () returned 0x22610 [0084.510] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.510] Sleep (dwMilliseconds=0xa) [0084.524] timeGetTime () returned 0x22620 [0084.524] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.524] Sleep (dwMilliseconds=0xa) [0084.539] timeGetTime () returned 0x22630 [0084.539] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.539] Sleep (dwMilliseconds=0xa) [0084.555] timeGetTime () returned 0x2263f [0084.555] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.555] Sleep (dwMilliseconds=0xa) [0084.570] timeGetTime () returned 0x2264f [0084.570] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.570] Sleep (dwMilliseconds=0xa) [0084.586] timeGetTime () returned 0x2265e [0084.586] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.586] Sleep (dwMilliseconds=0xa) [0084.601] timeGetTime () returned 0x2266e [0084.601] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.601] Sleep (dwMilliseconds=0xa) [0084.617] timeGetTime () returned 0x2267e [0084.617] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.617] Sleep (dwMilliseconds=0xa) [0084.632] timeGetTime () returned 0x2268d [0084.633] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.633] Sleep (dwMilliseconds=0xa) [0084.649] timeGetTime () returned 0x2269d [0084.649] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.649] Sleep (dwMilliseconds=0xa) [0084.671] timeGetTime () returned 0x226ad [0084.671] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.672] Sleep (dwMilliseconds=0xa) [0084.695] timeGetTime () returned 0x226cc [0084.695] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.695] Sleep (dwMilliseconds=0xa) [0084.711] timeGetTime () returned 0x226db [0084.711] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.711] Sleep (dwMilliseconds=0xa) [0084.726] timeGetTime () returned 0x226eb [0084.726] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.727] Sleep (dwMilliseconds=0xa) [0084.744] timeGetTime () returned 0x226fb [0084.744] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.744] Sleep (dwMilliseconds=0xa) [0084.757] timeGetTime () returned 0x2270a [0084.758] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.758] Sleep (dwMilliseconds=0xa) [0084.773] timeGetTime () returned 0x2271a [0084.773] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.773] Sleep (dwMilliseconds=0xa) [0084.797] timeGetTime () returned 0x2272a [0084.797] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0084.797] TranslateMessage (lpMsg=0x140fa14) returned 0 [0084.797] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0084.797] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0084.798] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0084.798] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.798] Sleep (dwMilliseconds=0xa) [0084.820] timeGetTime () returned 0x22749 [0084.820] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.820] Sleep (dwMilliseconds=0xa) [0084.836] timeGetTime () returned 0x22758 [0084.836] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.836] Sleep (dwMilliseconds=0xa) [0084.851] timeGetTime () returned 0x22768 [0084.851] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.851] Sleep (dwMilliseconds=0xa) [0084.867] timeGetTime () returned 0x22778 [0084.867] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.867] Sleep (dwMilliseconds=0xa) [0084.882] timeGetTime () returned 0x22787 [0084.883] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.883] Sleep (dwMilliseconds=0xa) [0084.898] timeGetTime () returned 0x22797 [0084.898] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.898] Sleep (dwMilliseconds=0xa) [0084.914] timeGetTime () returned 0x227a7 [0084.914] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.914] Sleep (dwMilliseconds=0xa) [0084.929] timeGetTime () returned 0x227b6 [0084.929] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.929] Sleep (dwMilliseconds=0xa) [0084.945] timeGetTime () returned 0x227c6 [0084.945] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.945] Sleep (dwMilliseconds=0xa) [0084.961] timeGetTime () returned 0x227d5 [0084.961] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.961] Sleep (dwMilliseconds=0xa) [0084.976] timeGetTime () returned 0x227e5 [0084.976] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.976] Sleep (dwMilliseconds=0xa) [0084.993] timeGetTime () returned 0x227f5 [0084.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0084.993] Sleep (dwMilliseconds=0xa) [0085.014] timeGetTime () returned 0x2280b [0085.014] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.014] Sleep (dwMilliseconds=0xa) [0085.039] timeGetTime () returned 0x22824 [0085.039] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.039] Sleep (dwMilliseconds=0xa) [0085.055] timeGetTime () returned 0x22833 [0085.055] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.055] Sleep (dwMilliseconds=0xa) [0085.070] timeGetTime () returned 0x22843 [0085.070] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.070] Sleep (dwMilliseconds=0xa) [0085.086] timeGetTime () returned 0x22852 [0085.086] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.086] Sleep (dwMilliseconds=0xa) [0085.101] timeGetTime () returned 0x22862 [0085.101] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.101] Sleep (dwMilliseconds=0xa) [0085.118] timeGetTime () returned 0x22872 [0085.118] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.118] Sleep (dwMilliseconds=0xa) [0085.132] timeGetTime () returned 0x22881 [0085.132] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.133] Sleep (dwMilliseconds=0xa) [0085.148] timeGetTime () returned 0x22891 [0085.148] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.148] Sleep (dwMilliseconds=0xa) [0085.164] timeGetTime () returned 0x228a1 [0085.164] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.164] Sleep (dwMilliseconds=0xa) [0085.179] timeGetTime () returned 0x228b0 [0085.179] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.180] Sleep (dwMilliseconds=0xa) [0085.195] timeGetTime () returned 0x228c0 [0085.195] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.195] Sleep (dwMilliseconds=0xa) [0085.211] timeGetTime () returned 0x228cf [0085.211] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.211] Sleep (dwMilliseconds=0xa) [0085.248] timeGetTime () returned 0x228ef [0085.248] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.249] Sleep (dwMilliseconds=0xa) [0085.273] timeGetTime () returned 0x2290e [0085.273] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.273] Sleep (dwMilliseconds=0xa) [0085.289] timeGetTime () returned 0x2291e [0085.289] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.289] Sleep (dwMilliseconds=0xa) [0085.304] timeGetTime () returned 0x2292d [0085.304] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.304] Sleep (dwMilliseconds=0xa) [0085.321] timeGetTime () returned 0x2293e [0085.321] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.321] Sleep (dwMilliseconds=0xa) [0085.336] timeGetTime () returned 0x2294c [0085.336] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.336] Sleep (dwMilliseconds=0xa) [0085.351] timeGetTime () returned 0x2295c [0085.351] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.351] Sleep (dwMilliseconds=0xa) [0085.367] timeGetTime () returned 0x2296c [0085.367] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.367] Sleep (dwMilliseconds=0xa) [0085.382] timeGetTime () returned 0x2297b [0085.383] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.383] Sleep (dwMilliseconds=0xa) [0085.398] timeGetTime () returned 0x2298b [0085.398] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.398] Sleep (dwMilliseconds=0xa) [0085.414] timeGetTime () returned 0x2299b [0085.414] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.414] Sleep (dwMilliseconds=0xa) [0085.430] timeGetTime () returned 0x229aa [0085.430] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.430] Sleep (dwMilliseconds=0xa) [0085.447] timeGetTime () returned 0x229ba [0085.447] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.447] Sleep (dwMilliseconds=0xa) [0085.461] timeGetTime () returned 0x229c9 [0085.461] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.461] Sleep (dwMilliseconds=0xa) [0085.476] timeGetTime () returned 0x229d9 [0085.476] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.476] Sleep (dwMilliseconds=0xa) [0085.492] timeGetTime () returned 0x229e9 [0085.492] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.492] Sleep (dwMilliseconds=0xa) [0085.503] timeGetTime () returned 0x229f4 [0085.503] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.503] Sleep (dwMilliseconds=0xa) [0085.589] timeGetTime () returned 0x22a48 [0085.589] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0085.589] TranslateMessage (lpMsg=0x140fa14) returned 0 [0085.589] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0085.589] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0085.589] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0085.589] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.589] Sleep (dwMilliseconds=0xa) [0085.603] timeGetTime () returned 0x22a57 [0085.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.603] Sleep (dwMilliseconds=0xa) [0085.619] timeGetTime () returned 0x22a67 [0085.619] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.619] Sleep (dwMilliseconds=0xa) [0085.636] timeGetTime () returned 0x22a77 [0085.636] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.636] Sleep (dwMilliseconds=0xa) [0085.650] timeGetTime () returned 0x22a86 [0085.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.650] Sleep (dwMilliseconds=0xa) [0085.676] timeGetTime () returned 0x22a96 [0085.676] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.676] Sleep (dwMilliseconds=0xa) [0085.697] timeGetTime () returned 0x22ab5 [0085.697] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.697] Sleep (dwMilliseconds=0xa) [0085.712] timeGetTime () returned 0x22ac5 [0085.712] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.712] Sleep (dwMilliseconds=0xa) [0085.728] timeGetTime () returned 0x22ad4 [0085.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.728] Sleep (dwMilliseconds=0xa) [0085.743] timeGetTime () returned 0x22ae4 [0085.743] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.743] Sleep (dwMilliseconds=0xa) [0085.759] timeGetTime () returned 0x22af4 [0085.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.759] Sleep (dwMilliseconds=0xa) [0085.775] timeGetTime () returned 0x22b03 [0085.775] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.775] Sleep (dwMilliseconds=0xa) [0085.791] timeGetTime () returned 0x22b14 [0085.791] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.791] Sleep (dwMilliseconds=0xa) [0085.806] timeGetTime () returned 0x22b23 [0085.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.806] Sleep (dwMilliseconds=0xa) [0085.821] timeGetTime () returned 0x22b32 [0085.821] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.821] Sleep (dwMilliseconds=0xa) [0085.837] timeGetTime () returned 0x22b42 [0085.837] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.838] Sleep (dwMilliseconds=0xa) [0085.854] timeGetTime () returned 0x22b51 [0085.854] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.854] Sleep (dwMilliseconds=0xa) [0085.869] timeGetTime () returned 0x22b61 [0085.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.869] Sleep (dwMilliseconds=0xa) [0085.884] timeGetTime () returned 0x22b71 [0085.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.884] Sleep (dwMilliseconds=0xa) [0085.901] timeGetTime () returned 0x22b80 [0085.901] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.901] Sleep (dwMilliseconds=0xa) [0085.915] timeGetTime () returned 0x22b90 [0085.915] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.915] Sleep (dwMilliseconds=0xa) [0085.931] timeGetTime () returned 0x22ba0 [0085.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.931] Sleep (dwMilliseconds=0xa) [0085.946] timeGetTime () returned 0x22baf [0085.946] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.946] Sleep (dwMilliseconds=0xa) [0085.963] timeGetTime () returned 0x22bbf [0085.963] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.963] Sleep (dwMilliseconds=0xa) [0085.978] timeGetTime () returned 0x22bce [0085.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.978] Sleep (dwMilliseconds=0xa) [0085.993] timeGetTime () returned 0x22bde [0085.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0085.993] Sleep (dwMilliseconds=0xa) [0086.009] timeGetTime () returned 0x22bee [0086.009] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.009] Sleep (dwMilliseconds=0xa) [0086.025] timeGetTime () returned 0x22bfd [0086.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.025] Sleep (dwMilliseconds=0xa) [0086.040] timeGetTime () returned 0x22c0d [0086.040] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.040] Sleep (dwMilliseconds=0xa) [0086.056] timeGetTime () returned 0x22c1d [0086.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.056] Sleep (dwMilliseconds=0xa) [0086.072] timeGetTime () returned 0x22c2c [0086.072] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.072] Sleep (dwMilliseconds=0xa) [0086.088] timeGetTime () returned 0x22c3c [0086.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.088] Sleep (dwMilliseconds=0xa) [0086.103] timeGetTime () returned 0x22c4b [0086.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.103] Sleep (dwMilliseconds=0xa) [0086.118] timeGetTime () returned 0x22c5b [0086.118] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.118] Sleep (dwMilliseconds=0xa) [0086.134] timeGetTime () returned 0x22c6b [0086.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.134] Sleep (dwMilliseconds=0xa) [0086.151] timeGetTime () returned 0x22c7a [0086.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.151] Sleep (dwMilliseconds=0xa) [0086.165] timeGetTime () returned 0x22c8a [0086.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.165] Sleep (dwMilliseconds=0xa) [0086.181] timeGetTime () returned 0x22c9a [0086.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.181] Sleep (dwMilliseconds=0xa) [0086.196] timeGetTime () returned 0x22ca9 [0086.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.197] Sleep (dwMilliseconds=0xa) [0086.212] timeGetTime () returned 0x22cb9 [0086.212] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.212] Sleep (dwMilliseconds=0xa) [0086.245] timeGetTime () returned 0x22cd8 [0086.245] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.245] Sleep (dwMilliseconds=0xa) [0086.259] timeGetTime () returned 0x22ce8 [0086.259] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.259] Sleep (dwMilliseconds=0xa) [0086.275] timeGetTime () returned 0x22cf7 [0086.275] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.275] Sleep (dwMilliseconds=0xa) [0086.290] timeGetTime () returned 0x22d07 [0086.290] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.290] Sleep (dwMilliseconds=0xa) [0086.306] timeGetTime () returned 0x22d17 [0086.306] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.306] Sleep (dwMilliseconds=0xa) [0086.321] timeGetTime () returned 0x22d26 [0086.321] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.321] Sleep (dwMilliseconds=0xa) [0086.337] timeGetTime () returned 0x22d36 [0086.337] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0086.337] TranslateMessage (lpMsg=0x140fa14) returned 0 [0086.337] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0086.337] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0086.337] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0086.337] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.338] Sleep (dwMilliseconds=0xa) [0086.353] timeGetTime () returned 0x22d45 [0086.353] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.353] Sleep (dwMilliseconds=0xa) [0086.368] timeGetTime () returned 0x22d55 [0086.368] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.368] Sleep (dwMilliseconds=0xa) [0086.384] timeGetTime () returned 0x22d65 [0086.384] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.384] Sleep (dwMilliseconds=0xa) [0086.400] timeGetTime () returned 0x22d74 [0086.400] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.400] Sleep (dwMilliseconds=0xa) [0086.415] timeGetTime () returned 0x22d84 [0086.415] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.415] Sleep (dwMilliseconds=0xa) [0086.431] timeGetTime () returned 0x22d94 [0086.431] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.431] Sleep (dwMilliseconds=0xa) [0086.446] timeGetTime () returned 0x22da3 [0086.446] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.446] Sleep (dwMilliseconds=0xa) [0086.462] timeGetTime () returned 0x22db3 [0086.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.462] Sleep (dwMilliseconds=0xa) [0086.477] timeGetTime () returned 0x22dc2 [0086.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.478] Sleep (dwMilliseconds=0xa) [0086.493] timeGetTime () returned 0x22dd2 [0086.493] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.493] Sleep (dwMilliseconds=0xa) [0086.509] timeGetTime () returned 0x22de2 [0086.509] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.509] Sleep (dwMilliseconds=0xa) [0086.525] timeGetTime () returned 0x22df1 [0086.525] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.525] Sleep (dwMilliseconds=0xa) [0086.540] timeGetTime () returned 0x22e01 [0086.540] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.540] Sleep (dwMilliseconds=0xa) [0086.556] timeGetTime () returned 0x22e11 [0086.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.556] Sleep (dwMilliseconds=0xa) [0086.572] timeGetTime () returned 0x22e20 [0086.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.572] Sleep (dwMilliseconds=0xa) [0086.588] timeGetTime () returned 0x22e30 [0086.588] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.588] Sleep (dwMilliseconds=0xa) [0086.603] timeGetTime () returned 0x22e3f [0086.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.603] Sleep (dwMilliseconds=0xa) [0086.618] timeGetTime () returned 0x22e4f [0086.618] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.618] Sleep (dwMilliseconds=0xa) [0086.634] timeGetTime () returned 0x22e5f [0086.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.634] Sleep (dwMilliseconds=0xa) [0086.650] timeGetTime () returned 0x22e6e [0086.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.650] Sleep (dwMilliseconds=0xa) [0086.671] timeGetTime () returned 0x22e7e [0086.671] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.671] Sleep (dwMilliseconds=0xa) [0086.696] timeGetTime () returned 0x22e9d [0086.696] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.696] Sleep (dwMilliseconds=0xa) [0086.712] timeGetTime () returned 0x22ead [0086.712] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.712] Sleep (dwMilliseconds=0xa) [0086.727] timeGetTime () returned 0x22ebc [0086.727] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.728] Sleep (dwMilliseconds=0xa) [0086.747] timeGetTime () returned 0x22ecc [0086.747] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.747] Sleep (dwMilliseconds=0xa) [0086.759] timeGetTime () returned 0x22edc [0086.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.759] Sleep (dwMilliseconds=0xa) [0086.776] timeGetTime () returned 0x22eec [0086.776] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.776] Sleep (dwMilliseconds=0xa) [0086.790] timeGetTime () returned 0x22efb [0086.790] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.790] Sleep (dwMilliseconds=0xa) [0086.806] timeGetTime () returned 0x22f0b [0086.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.806] Sleep (dwMilliseconds=0xa) [0086.822] timeGetTime () returned 0x22f1a [0086.822] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.822] Sleep (dwMilliseconds=0xa) [0086.837] timeGetTime () returned 0x22f2a [0086.837] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.837] Sleep (dwMilliseconds=0xa) [0086.853] timeGetTime () returned 0x22f39 [0086.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.853] Sleep (dwMilliseconds=0xa) [0086.869] timeGetTime () returned 0x22f49 [0086.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.869] Sleep (dwMilliseconds=0xa) [0086.884] timeGetTime () returned 0x22f59 [0086.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.884] Sleep (dwMilliseconds=0xa) [0086.900] timeGetTime () returned 0x22f68 [0086.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.900] Sleep (dwMilliseconds=0xa) [0086.916] timeGetTime () returned 0x22f78 [0086.916] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.916] Sleep (dwMilliseconds=0xa) [0086.933] timeGetTime () returned 0x22f8a [0086.933] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.933] Sleep (dwMilliseconds=0xa) [0086.947] timeGetTime () returned 0x22f97 [0086.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.947] Sleep (dwMilliseconds=0xa) [0086.962] timeGetTime () returned 0x22fa7 [0086.962] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.962] Sleep (dwMilliseconds=0xa) [0086.979] timeGetTime () returned 0x22fb6 [0086.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.979] Sleep (dwMilliseconds=0xa) [0086.993] timeGetTime () returned 0x22fc6 [0086.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0086.993] Sleep (dwMilliseconds=0xa) [0087.009] timeGetTime () returned 0x22fd6 [0087.009] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.009] Sleep (dwMilliseconds=0xa) [0087.025] timeGetTime () returned 0x22fe5 [0087.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.025] Sleep (dwMilliseconds=0xa) [0087.041] timeGetTime () returned 0x22ff5 [0087.041] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.041] Sleep (dwMilliseconds=0xa) [0087.060] timeGetTime () returned 0x23005 [0087.060] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.060] Sleep (dwMilliseconds=0xa) [0087.071] timeGetTime () returned 0x23014 [0087.071] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.071] Sleep (dwMilliseconds=0xa) [0087.087] timeGetTime () returned 0x23024 [0087.087] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0087.087] TranslateMessage (lpMsg=0x140fa14) returned 0 [0087.087] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0087.087] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0087.087] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0087.087] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.087] Sleep (dwMilliseconds=0xa) [0087.103] timeGetTime () returned 0x23033 [0087.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.103] Sleep (dwMilliseconds=0xa) [0087.119] timeGetTime () returned 0x23043 [0087.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.119] Sleep (dwMilliseconds=0xa) [0087.134] timeGetTime () returned 0x23053 [0087.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.134] Sleep (dwMilliseconds=0xa) [0087.150] timeGetTime () returned 0x23062 [0087.150] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.150] Sleep (dwMilliseconds=0xa) [0087.165] timeGetTime () returned 0x23072 [0087.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.165] Sleep (dwMilliseconds=0xa) [0087.181] timeGetTime () returned 0x23082 [0087.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.181] Sleep (dwMilliseconds=0xa) [0087.196] timeGetTime () returned 0x23091 [0087.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.197] Sleep (dwMilliseconds=0xa) [0087.212] timeGetTime () returned 0x230a1 [0087.212] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.212] Sleep (dwMilliseconds=0xa) [0087.270] timeGetTime () returned 0x230d0 [0087.270] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.270] Sleep (dwMilliseconds=0xa) [0087.290] timeGetTime () returned 0x230ef [0087.290] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.290] Sleep (dwMilliseconds=0xa) [0087.306] timeGetTime () returned 0x230ff [0087.306] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.306] Sleep (dwMilliseconds=0xa) [0087.321] timeGetTime () returned 0x2310e [0087.321] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.321] Sleep (dwMilliseconds=0xa) [0087.338] timeGetTime () returned 0x2311e [0087.338] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.338] Sleep (dwMilliseconds=0xa) [0087.353] timeGetTime () returned 0x2312d [0087.353] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.353] Sleep (dwMilliseconds=0xa) [0087.369] timeGetTime () returned 0x2313d [0087.369] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.369] Sleep (dwMilliseconds=0xa) [0087.386] timeGetTime () returned 0x2314d [0087.386] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.386] Sleep (dwMilliseconds=0xa) [0087.400] timeGetTime () returned 0x2315c [0087.400] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.400] Sleep (dwMilliseconds=0xa) [0087.415] timeGetTime () returned 0x2316c [0087.415] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.415] Sleep (dwMilliseconds=0xa) [0087.431] timeGetTime () returned 0x2317c [0087.431] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.431] Sleep (dwMilliseconds=0xa) [0087.446] timeGetTime () returned 0x2318b [0087.446] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.446] Sleep (dwMilliseconds=0xa) [0087.462] timeGetTime () returned 0x2319b [0087.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.462] Sleep (dwMilliseconds=0xa) [0087.478] timeGetTime () returned 0x231aa [0087.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.478] Sleep (dwMilliseconds=0xa) [0087.493] timeGetTime () returned 0x231ba [0087.493] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.493] Sleep (dwMilliseconds=0xa) [0087.509] timeGetTime () returned 0x231ca [0087.509] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.509] Sleep (dwMilliseconds=0xa) [0087.526] timeGetTime () returned 0x231d9 [0087.526] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.526] Sleep (dwMilliseconds=0xa) [0087.540] timeGetTime () returned 0x231e9 [0087.540] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.541] Sleep (dwMilliseconds=0xa) [0087.556] timeGetTime () returned 0x231f9 [0087.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.556] Sleep (dwMilliseconds=0xa) [0087.572] timeGetTime () returned 0x23208 [0087.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.572] Sleep (dwMilliseconds=0xa) [0087.588] timeGetTime () returned 0x23218 [0087.588] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.588] Sleep (dwMilliseconds=0xa) [0087.604] timeGetTime () returned 0x23228 [0087.604] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.604] Sleep (dwMilliseconds=0xa) [0087.618] timeGetTime () returned 0x23237 [0087.619] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.619] Sleep (dwMilliseconds=0xa) [0087.634] timeGetTime () returned 0x23247 [0087.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.634] Sleep (dwMilliseconds=0xa) [0087.650] timeGetTime () returned 0x23256 [0087.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.650] Sleep (dwMilliseconds=0xa) [0087.675] timeGetTime () returned 0x23268 [0087.676] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.676] Sleep (dwMilliseconds=0xa) [0087.697] timeGetTime () returned 0x23285 [0087.697] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.697] Sleep (dwMilliseconds=0xa) [0087.713] timeGetTime () returned 0x23295 [0087.713] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.713] Sleep (dwMilliseconds=0xa) [0087.728] timeGetTime () returned 0x232a4 [0087.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.728] Sleep (dwMilliseconds=0xa) [0087.743] timeGetTime () returned 0x232b4 [0087.743] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.743] Sleep (dwMilliseconds=0xa) [0087.759] timeGetTime () returned 0x232c4 [0087.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.759] Sleep (dwMilliseconds=0xa) [0087.777] timeGetTime () returned 0x232d5 [0087.777] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.777] Sleep (dwMilliseconds=0xa) [0087.791] timeGetTime () returned 0x232e3 [0087.791] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.791] Sleep (dwMilliseconds=0xa) [0087.806] timeGetTime () returned 0x232f3 [0087.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.806] Sleep (dwMilliseconds=0xa) [0087.823] timeGetTime () returned 0x23302 [0087.823] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.823] Sleep (dwMilliseconds=0xa) [0087.838] timeGetTime () returned 0x23312 [0087.838] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0087.840] TranslateMessage (lpMsg=0x140fa14) returned 0 [0087.840] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0087.840] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0087.840] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0087.840] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.840] Sleep (dwMilliseconds=0xa) [0087.853] timeGetTime () returned 0x23321 [0087.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.853] Sleep (dwMilliseconds=0xa) [0087.868] timeGetTime () returned 0x23331 [0087.868] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.868] Sleep (dwMilliseconds=0xa) [0087.884] timeGetTime () returned 0x23341 [0087.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.884] Sleep (dwMilliseconds=0xa) [0087.901] timeGetTime () returned 0x23350 [0087.901] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.901] Sleep (dwMilliseconds=0xa) [0087.916] timeGetTime () returned 0x23360 [0087.916] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.916] Sleep (dwMilliseconds=0xa) [0087.931] timeGetTime () returned 0x23370 [0087.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.931] Sleep (dwMilliseconds=0xa) [0087.946] timeGetTime () returned 0x2337f [0087.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.947] Sleep (dwMilliseconds=0xa) [0087.962] timeGetTime () returned 0x2338f [0087.962] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.962] Sleep (dwMilliseconds=0xa) [0087.978] timeGetTime () returned 0x2339f [0087.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.978] Sleep (dwMilliseconds=0xa) [0087.993] timeGetTime () returned 0x233ae [0087.994] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0087.994] Sleep (dwMilliseconds=0xa) [0088.010] timeGetTime () returned 0x233be [0088.010] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.010] Sleep (dwMilliseconds=0xa) [0088.025] timeGetTime () returned 0x233cd [0088.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.025] Sleep (dwMilliseconds=0xa) [0088.040] timeGetTime () returned 0x233dd [0088.040] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.040] Sleep (dwMilliseconds=0xa) [0088.056] timeGetTime () returned 0x233ed [0088.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.056] Sleep (dwMilliseconds=0xa) [0088.073] timeGetTime () returned 0x233fe [0088.073] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.073] Sleep (dwMilliseconds=0xa) [0088.088] timeGetTime () returned 0x2340c [0088.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.088] Sleep (dwMilliseconds=0xa) [0088.103] timeGetTime () returned 0x2341b [0088.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.103] Sleep (dwMilliseconds=0xa) [0088.119] timeGetTime () returned 0x2342b [0088.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.119] Sleep (dwMilliseconds=0xa) [0088.134] timeGetTime () returned 0x2343b [0088.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.134] Sleep (dwMilliseconds=0xa) [0088.151] timeGetTime () returned 0x2344a [0088.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.151] Sleep (dwMilliseconds=0xa) [0088.170] timeGetTime () returned 0x2345f [0088.170] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.170] Sleep (dwMilliseconds=0xa) [0088.181] timeGetTime () returned 0x2346a [0088.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.181] Sleep (dwMilliseconds=0xa) [0088.197] timeGetTime () returned 0x23479 [0088.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.197] Sleep (dwMilliseconds=0xa) [0088.212] timeGetTime () returned 0x23489 [0088.212] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.212] Sleep (dwMilliseconds=0xa) [0088.295] timeGetTime () returned 0x234d7 [0088.295] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.295] Sleep (dwMilliseconds=0xa) [0088.306] timeGetTime () returned 0x234e7 [0088.306] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.306] Sleep (dwMilliseconds=0xa) [0088.322] timeGetTime () returned 0x234f6 [0088.322] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.322] Sleep (dwMilliseconds=0xa) [0088.337] timeGetTime () returned 0x23506 [0088.337] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.337] Sleep (dwMilliseconds=0xa) [0088.354] timeGetTime () returned 0x23515 [0088.354] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.354] Sleep (dwMilliseconds=0xa) [0088.368] timeGetTime () returned 0x23525 [0088.368] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.368] Sleep (dwMilliseconds=0xa) [0088.384] timeGetTime () returned 0x23535 [0088.384] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.384] Sleep (dwMilliseconds=0xa) [0088.400] timeGetTime () returned 0x23544 [0088.400] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.400] Sleep (dwMilliseconds=0xa) [0088.415] timeGetTime () returned 0x23554 [0088.415] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.415] Sleep (dwMilliseconds=0xa) [0088.433] timeGetTime () returned 0x23566 [0088.433] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.433] Sleep (dwMilliseconds=0xa) [0088.446] timeGetTime () returned 0x23573 [0088.446] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.446] Sleep (dwMilliseconds=0xa) [0088.462] timeGetTime () returned 0x23583 [0088.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.462] Sleep (dwMilliseconds=0xa) [0088.478] timeGetTime () returned 0x23593 [0088.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.478] Sleep (dwMilliseconds=0xa) [0088.493] timeGetTime () returned 0x235a2 [0088.493] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.493] Sleep (dwMilliseconds=0xa) [0088.509] timeGetTime () returned 0x235b2 [0088.509] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.509] Sleep (dwMilliseconds=0xa) [0088.524] timeGetTime () returned 0x235c1 [0088.525] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.525] Sleep (dwMilliseconds=0xa) [0088.541] timeGetTime () returned 0x235d1 [0088.541] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.541] Sleep (dwMilliseconds=0xa) [0088.556] timeGetTime () returned 0x235e1 [0088.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.556] Sleep (dwMilliseconds=0xa) [0088.572] timeGetTime () returned 0x235f0 [0088.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.572] Sleep (dwMilliseconds=0xa) [0088.587] timeGetTime () returned 0x23600 [0088.587] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0088.587] TranslateMessage (lpMsg=0x140fa14) returned 0 [0088.587] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0088.587] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0088.587] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0088.587] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.587] Sleep (dwMilliseconds=0xa) [0088.603] timeGetTime () returned 0x2360f [0088.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.603] Sleep (dwMilliseconds=0xa) [0088.618] timeGetTime () returned 0x2361f [0088.618] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.618] Sleep (dwMilliseconds=0xa) [0088.634] timeGetTime () returned 0x2362f [0088.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.634] Sleep (dwMilliseconds=0xa) [0088.649] timeGetTime () returned 0x2363e [0088.649] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.650] Sleep (dwMilliseconds=0xa) [0088.666] timeGetTime () returned 0x2364e [0088.666] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.666] Sleep (dwMilliseconds=0xa) [0088.682] timeGetTime () returned 0x2365e [0088.682] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.682] Sleep (dwMilliseconds=0xa) [0088.696] timeGetTime () returned 0x2366d [0088.696] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.696] Sleep (dwMilliseconds=0xa) [0088.712] timeGetTime () returned 0x2367d [0088.712] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.712] Sleep (dwMilliseconds=0xa) [0088.728] timeGetTime () returned 0x2368c [0088.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.728] Sleep (dwMilliseconds=0xa) [0088.743] timeGetTime () returned 0x2369c [0088.743] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.743] Sleep (dwMilliseconds=0xa) [0088.759] timeGetTime () returned 0x236ac [0088.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.759] Sleep (dwMilliseconds=0xa) [0088.775] timeGetTime () returned 0x236bb [0088.775] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.775] Sleep (dwMilliseconds=0xa) [0088.792] timeGetTime () returned 0x236cb [0088.792] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.792] Sleep (dwMilliseconds=0xa) [0088.806] timeGetTime () returned 0x236db [0088.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.806] Sleep (dwMilliseconds=0xa) [0088.823] timeGetTime () returned 0x236ec [0088.823] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.823] Sleep (dwMilliseconds=0xa) [0088.837] timeGetTime () returned 0x236fa [0088.837] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.837] Sleep (dwMilliseconds=0xa) [0088.853] timeGetTime () returned 0x23709 [0088.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.853] Sleep (dwMilliseconds=0xa) [0088.868] timeGetTime () returned 0x23719 [0088.868] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.868] Sleep (dwMilliseconds=0xa) [0088.884] timeGetTime () returned 0x23729 [0088.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.884] Sleep (dwMilliseconds=0xa) [0088.900] timeGetTime () returned 0x23738 [0088.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.900] Sleep (dwMilliseconds=0xa) [0088.916] timeGetTime () returned 0x23748 [0088.916] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.916] Sleep (dwMilliseconds=0xa) [0088.932] timeGetTime () returned 0x23758 [0088.932] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.932] Sleep (dwMilliseconds=0xa) [0088.949] timeGetTime () returned 0x23767 [0088.949] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.949] Sleep (dwMilliseconds=0xa) [0088.962] timeGetTime () returned 0x23777 [0088.962] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0088.962] Sleep (dwMilliseconds=0xa) [0089.046] timeGetTime () returned 0x237c5 [0089.046] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.046] Sleep (dwMilliseconds=0xa) [0089.071] timeGetTime () returned 0x237e4 [0089.071] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.071] Sleep (dwMilliseconds=0xa) [0089.087] timeGetTime () returned 0x237f4 [0089.087] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.087] Sleep (dwMilliseconds=0xa) [0089.103] timeGetTime () returned 0x23803 [0089.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.103] Sleep (dwMilliseconds=0xa) [0089.118] timeGetTime () returned 0x23813 [0089.118] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.118] Sleep (dwMilliseconds=0xa) [0089.134] timeGetTime () returned 0x23823 [0089.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.134] Sleep (dwMilliseconds=0xa) [0089.150] timeGetTime () returned 0x23832 [0089.150] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.150] Sleep (dwMilliseconds=0xa) [0089.165] timeGetTime () returned 0x23842 [0089.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.165] Sleep (dwMilliseconds=0xa) [0089.181] timeGetTime () returned 0x23852 [0089.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.182] Sleep (dwMilliseconds=0xa) [0089.196] timeGetTime () returned 0x23861 [0089.196] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.197] Sleep (dwMilliseconds=0xa) [0089.213] timeGetTime () returned 0x23872 [0089.213] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.213] Sleep (dwMilliseconds=0xa) [0089.355] timeGetTime () returned 0x238ff [0089.355] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0089.356] TranslateMessage (lpMsg=0x140fa14) returned 0 [0089.356] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0089.356] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0089.356] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0089.356] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.356] Sleep (dwMilliseconds=0xa) [0089.368] timeGetTime () returned 0x2390d [0089.368] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.368] Sleep (dwMilliseconds=0xa) [0089.384] timeGetTime () returned 0x2391d [0089.384] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.384] Sleep (dwMilliseconds=0xa) [0089.399] timeGetTime () returned 0x2392c [0089.400] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.400] Sleep (dwMilliseconds=0xa) [0089.415] timeGetTime () returned 0x2393c [0089.415] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.415] Sleep (dwMilliseconds=0xa) [0089.431] timeGetTime () returned 0x2394c [0089.431] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.431] Sleep (dwMilliseconds=0xa) [0089.446] timeGetTime () returned 0x2395b [0089.446] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.446] Sleep (dwMilliseconds=0xa) [0089.462] timeGetTime () returned 0x2396b [0089.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.462] Sleep (dwMilliseconds=0xa) [0089.477] timeGetTime () returned 0x2397a [0089.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.478] Sleep (dwMilliseconds=0xa) [0089.493] timeGetTime () returned 0x2398a [0089.493] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.493] Sleep (dwMilliseconds=0xa) [0089.510] timeGetTime () returned 0x2399a [0089.510] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.510] Sleep (dwMilliseconds=0xa) [0089.525] timeGetTime () returned 0x239a9 [0089.525] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.525] Sleep (dwMilliseconds=0xa) [0089.541] timeGetTime () returned 0x239ba [0089.541] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.542] Sleep (dwMilliseconds=0xa) [0089.556] timeGetTime () returned 0x239c9 [0089.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.556] Sleep (dwMilliseconds=0xa) [0089.572] timeGetTime () returned 0x239d9 [0089.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.572] Sleep (dwMilliseconds=0xa) [0089.587] timeGetTime () returned 0x239e8 [0089.587] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.587] Sleep (dwMilliseconds=0xa) [0089.603] timeGetTime () returned 0x239f7 [0089.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.603] Sleep (dwMilliseconds=0xa) [0089.618] timeGetTime () returned 0x23a07 [0089.618] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.618] Sleep (dwMilliseconds=0xa) [0089.634] timeGetTime () returned 0x23a17 [0089.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.634] Sleep (dwMilliseconds=0xa) [0089.650] timeGetTime () returned 0x23a26 [0089.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.650] Sleep (dwMilliseconds=0xa) [0089.666] timeGetTime () returned 0x23a36 [0089.666] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.666] Sleep (dwMilliseconds=0xa) [0089.688] timeGetTime () returned 0x23a46 [0089.688] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.688] Sleep (dwMilliseconds=0xa) [0089.712] timeGetTime () returned 0x23a65 [0089.712] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.712] Sleep (dwMilliseconds=0xa) [0089.728] timeGetTime () returned 0x23a74 [0089.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.728] Sleep (dwMilliseconds=0xa) [0089.743] timeGetTime () returned 0x23a84 [0089.743] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.743] Sleep (dwMilliseconds=0xa) [0089.759] timeGetTime () returned 0x23a94 [0089.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.759] Sleep (dwMilliseconds=0xa) [0089.775] timeGetTime () returned 0x23aa3 [0089.775] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.775] Sleep (dwMilliseconds=0xa) [0089.791] timeGetTime () returned 0x23ab3 [0089.791] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.791] Sleep (dwMilliseconds=0xa) [0089.806] timeGetTime () returned 0x23ac3 [0089.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.806] Sleep (dwMilliseconds=0xa) [0089.821] timeGetTime () returned 0x23ad2 [0089.821] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.821] Sleep (dwMilliseconds=0xa) [0089.837] timeGetTime () returned 0x23ae2 [0089.837] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.837] Sleep (dwMilliseconds=0xa) [0089.853] timeGetTime () returned 0x23af1 [0089.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.853] Sleep (dwMilliseconds=0xa) [0089.868] timeGetTime () returned 0x23b01 [0089.868] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.868] Sleep (dwMilliseconds=0xa) [0089.884] timeGetTime () returned 0x23b11 [0089.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.884] Sleep (dwMilliseconds=0xa) [0089.900] timeGetTime () returned 0x23b20 [0089.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.900] Sleep (dwMilliseconds=0xa) [0089.915] timeGetTime () returned 0x23b30 [0089.915] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.916] Sleep (dwMilliseconds=0xa) [0089.931] timeGetTime () returned 0x23b40 [0089.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.931] Sleep (dwMilliseconds=0xa) [0089.947] timeGetTime () returned 0x23b4f [0089.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.947] Sleep (dwMilliseconds=0xa) [0089.964] timeGetTime () returned 0x23b61 [0089.964] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.964] Sleep (dwMilliseconds=0xa) [0089.978] timeGetTime () returned 0x23b6e [0089.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.978] Sleep (dwMilliseconds=0xa) [0089.993] timeGetTime () returned 0x23b7e [0089.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0089.993] Sleep (dwMilliseconds=0xa) [0090.009] timeGetTime () returned 0x23b8e [0090.009] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.009] Sleep (dwMilliseconds=0xa) [0090.025] timeGetTime () returned 0x23b9d [0090.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.025] Sleep (dwMilliseconds=0xa) [0090.040] timeGetTime () returned 0x23bad [0090.040] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.040] Sleep (dwMilliseconds=0xa) [0090.056] timeGetTime () returned 0x23bbd [0090.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.056] Sleep (dwMilliseconds=0xa) [0090.071] timeGetTime () returned 0x23bcc [0090.071] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.071] Sleep (dwMilliseconds=0xa) [0090.087] timeGetTime () returned 0x23bdc [0090.087] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.087] Sleep (dwMilliseconds=0xa) [0090.103] timeGetTime () returned 0x23beb [0090.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0090.103] TranslateMessage (lpMsg=0x140fa14) returned 0 [0090.103] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0090.103] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0090.103] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0090.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.103] Sleep (dwMilliseconds=0xa) [0090.118] timeGetTime () returned 0x23bfb [0090.118] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.118] Sleep (dwMilliseconds=0xa) [0090.134] timeGetTime () returned 0x23c0b [0090.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.134] Sleep (dwMilliseconds=0xa) [0090.149] timeGetTime () returned 0x23c1a [0090.150] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.150] Sleep (dwMilliseconds=0xa) [0090.165] timeGetTime () returned 0x23c2a [0090.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.166] Sleep (dwMilliseconds=0xa) [0090.181] timeGetTime () returned 0x23c3a [0090.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.181] Sleep (dwMilliseconds=0xa) [0090.197] timeGetTime () returned 0x23c49 [0090.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.197] Sleep (dwMilliseconds=0xa) [0090.212] timeGetTime () returned 0x23c59 [0090.212] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.212] Sleep (dwMilliseconds=0xa) [0090.555] timeGetTime () returned 0x23daf [0090.555] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.555] Sleep (dwMilliseconds=0xa) [0090.565] timeGetTime () returned 0x23dba [0090.565] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.565] Sleep (dwMilliseconds=0xa) [0090.576] timeGetTime () returned 0x23dc5 [0090.576] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.576] Sleep (dwMilliseconds=0xa) [0090.596] timeGetTime () returned 0x23dd9 [0090.596] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.596] Sleep (dwMilliseconds=0xa) [0090.612] timeGetTime () returned 0x23de9 [0090.612] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.612] Sleep (dwMilliseconds=0xa) [0090.628] timeGetTime () returned 0x23df9 [0090.628] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.628] Sleep (dwMilliseconds=0xa) [0090.643] timeGetTime () returned 0x23e08 [0090.643] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.643] Sleep (dwMilliseconds=0xa) [0090.659] timeGetTime () returned 0x23e18 [0090.659] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.659] Sleep (dwMilliseconds=0xa) [0090.705] timeGetTime () returned 0x23e37 [0090.705] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.705] Sleep (dwMilliseconds=0xa) [0090.721] timeGetTime () returned 0x23e56 [0090.721] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.721] Sleep (dwMilliseconds=0xa) [0090.737] timeGetTime () returned 0x23e66 [0090.737] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.737] Sleep (dwMilliseconds=0xa) [0090.753] timeGetTime () returned 0x23e76 [0090.753] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.753] Sleep (dwMilliseconds=0xa) [0090.768] timeGetTime () returned 0x23e85 [0090.768] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.768] Sleep (dwMilliseconds=0xa) [0090.785] timeGetTime () returned 0x23e95 [0090.785] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.785] Sleep (dwMilliseconds=0xa) [0090.809] timeGetTime () returned 0x23ea4 [0090.809] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.809] Sleep (dwMilliseconds=0xa) [0090.831] timeGetTime () returned 0x23ec4 [0090.831] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.831] Sleep (dwMilliseconds=0xa) [0090.847] timeGetTime () returned 0x23ed3 [0090.847] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0090.848] TranslateMessage (lpMsg=0x140fa14) returned 0 [0090.848] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0090.848] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0090.848] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0090.848] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.848] Sleep (dwMilliseconds=0xa) [0090.862] timeGetTime () returned 0x23ee3 [0090.862] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.862] Sleep (dwMilliseconds=0xa) [0090.878] timeGetTime () returned 0x23ef3 [0090.878] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.878] Sleep (dwMilliseconds=0xa) [0090.900] timeGetTime () returned 0x23f02 [0090.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.900] Sleep (dwMilliseconds=0xa) [0090.925] timeGetTime () returned 0x23f21 [0090.925] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.925] Sleep (dwMilliseconds=0xa) [0090.941] timeGetTime () returned 0x23f31 [0090.941] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.941] Sleep (dwMilliseconds=0xa) [0090.959] timeGetTime () returned 0x23f41 [0090.959] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.959] Sleep (dwMilliseconds=0xa) [0090.971] timeGetTime () returned 0x23f50 [0090.971] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.971] Sleep (dwMilliseconds=0xa) [0090.987] timeGetTime () returned 0x23f60 [0090.987] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0090.987] Sleep (dwMilliseconds=0xa) [0091.003] timeGetTime () returned 0x23f70 [0091.003] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.003] Sleep (dwMilliseconds=0xa) [0091.018] timeGetTime () returned 0x23f7f [0091.019] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.019] Sleep (dwMilliseconds=0xa) [0091.034] timeGetTime () returned 0x23f8f [0091.034] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.034] Sleep (dwMilliseconds=0xa) [0091.050] timeGetTime () returned 0x23f9e [0091.050] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.050] Sleep (dwMilliseconds=0xa) [0091.066] timeGetTime () returned 0x23fae [0091.066] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.066] Sleep (dwMilliseconds=0xa) [0091.081] timeGetTime () returned 0x23fbe [0091.081] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.081] Sleep (dwMilliseconds=0xa) [0091.092] timeGetTime () returned 0x23fc9 [0091.092] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.092] Sleep (dwMilliseconds=0xa) [0091.102] timeGetTime () returned 0x23fd3 [0091.102] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.103] Sleep (dwMilliseconds=0xa) [0091.114] timeGetTime () returned 0x23fde [0091.114] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.114] Sleep (dwMilliseconds=0xa) [0091.125] timeGetTime () returned 0x23fea [0091.125] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.125] Sleep (dwMilliseconds=0xa) [0091.143] timeGetTime () returned 0x23ffc [0091.143] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.143] Sleep (dwMilliseconds=0xa) [0091.159] timeGetTime () returned 0x2400c [0091.159] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.159] Sleep (dwMilliseconds=0xa) [0091.175] timeGetTime () returned 0x2401b [0091.175] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.175] Sleep (dwMilliseconds=0xa) [0091.202] timeGetTime () returned 0x2402b [0091.202] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.202] Sleep (dwMilliseconds=0xa) [0091.315] timeGetTime () returned 0x24098 [0091.315] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.315] Sleep (dwMilliseconds=0xa) [0091.326] timeGetTime () returned 0x240b3 [0091.327] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.327] Sleep (dwMilliseconds=0xa) [0091.337] timeGetTime () returned 0x240be [0091.337] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.337] Sleep (dwMilliseconds=0xa) [0091.353] timeGetTime () returned 0x240ce [0091.353] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.353] Sleep (dwMilliseconds=0xa) [0091.369] timeGetTime () returned 0x240dd [0091.369] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.369] Sleep (dwMilliseconds=0xa) [0091.384] timeGetTime () returned 0x240ed [0091.384] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.384] Sleep (dwMilliseconds=0xa) [0091.400] timeGetTime () returned 0x240fd [0091.400] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.400] Sleep (dwMilliseconds=0xa) [0091.416] timeGetTime () returned 0x2410c [0091.416] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.416] Sleep (dwMilliseconds=0xa) [0091.432] timeGetTime () returned 0x2411c [0091.432] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.432] Sleep (dwMilliseconds=0xa) [0091.448] timeGetTime () returned 0x2412b [0091.448] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.448] Sleep (dwMilliseconds=0xa) [0091.462] timeGetTime () returned 0x2413b [0091.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.462] Sleep (dwMilliseconds=0xa) [0091.478] timeGetTime () returned 0x2414b [0091.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.478] Sleep (dwMilliseconds=0xa) [0091.493] timeGetTime () returned 0x2415a [0091.493] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.494] Sleep (dwMilliseconds=0xa) [0091.510] timeGetTime () returned 0x2416a [0091.510] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.510] Sleep (dwMilliseconds=0xa) [0091.525] timeGetTime () returned 0x2417a [0091.525] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.525] Sleep (dwMilliseconds=0xa) [0091.541] timeGetTime () returned 0x24189 [0091.541] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.541] Sleep (dwMilliseconds=0xa) [0091.556] timeGetTime () returned 0x24199 [0091.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.556] Sleep (dwMilliseconds=0xa) [0091.572] timeGetTime () returned 0x241a8 [0091.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.572] Sleep (dwMilliseconds=0xa) [0091.587] timeGetTime () returned 0x241b8 [0091.587] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.587] Sleep (dwMilliseconds=0xa) [0091.603] timeGetTime () returned 0x241c8 [0091.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0091.603] TranslateMessage (lpMsg=0x140fa14) returned 0 [0091.603] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0091.603] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0091.603] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0091.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.603] Sleep (dwMilliseconds=0xa) [0091.618] timeGetTime () returned 0x241d7 [0091.618] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.619] Sleep (dwMilliseconds=0xa) [0091.635] timeGetTime () returned 0x241e7 [0091.635] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.635] Sleep (dwMilliseconds=0xa) [0091.650] timeGetTime () returned 0x241f7 [0091.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.650] Sleep (dwMilliseconds=0xa) [0091.666] timeGetTime () returned 0x24206 [0091.666] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.666] Sleep (dwMilliseconds=0xa) [0091.681] timeGetTime () returned 0x24216 [0091.681] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.681] Sleep (dwMilliseconds=0xa) [0091.706] timeGetTime () returned 0x24225 [0091.706] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.706] Sleep (dwMilliseconds=0xa) [0091.728] timeGetTime () returned 0x24245 [0091.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.728] Sleep (dwMilliseconds=0xa) [0091.797] timeGetTime () returned 0x24283 [0091.797] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.797] Sleep (dwMilliseconds=0xa) [0091.829] timeGetTime () returned 0x242a2 [0091.829] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.829] Sleep (dwMilliseconds=0xa) [0091.853] timeGetTime () returned 0x242c2 [0091.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.853] Sleep (dwMilliseconds=0xa) [0091.869] timeGetTime () returned 0x242d1 [0091.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.869] Sleep (dwMilliseconds=0xa) [0091.884] timeGetTime () returned 0x242e1 [0091.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.884] Sleep (dwMilliseconds=0xa) [0091.900] timeGetTime () returned 0x242f1 [0091.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.900] Sleep (dwMilliseconds=0xa) [0091.916] timeGetTime () returned 0x24300 [0091.916] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.916] Sleep (dwMilliseconds=0xa) [0091.931] timeGetTime () returned 0x24310 [0091.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.931] Sleep (dwMilliseconds=0xa) [0091.947] timeGetTime () returned 0x2431f [0091.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.947] Sleep (dwMilliseconds=0xa) [0091.962] timeGetTime () returned 0x2432f [0091.962] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.962] Sleep (dwMilliseconds=0xa) [0091.978] timeGetTime () returned 0x2433f [0091.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.978] Sleep (dwMilliseconds=0xa) [0091.994] timeGetTime () returned 0x2434e [0091.994] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0091.994] Sleep (dwMilliseconds=0xa) [0092.012] timeGetTime () returned 0x2435f [0092.012] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.012] Sleep (dwMilliseconds=0xa) [0092.026] timeGetTime () returned 0x2436e [0092.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.026] Sleep (dwMilliseconds=0xa) [0092.041] timeGetTime () returned 0x2437d [0092.041] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.041] Sleep (dwMilliseconds=0xa) [0092.070] timeGetTime () returned 0x2438d [0092.071] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.071] Sleep (dwMilliseconds=0xa) [0092.087] timeGetTime () returned 0x243ac [0092.087] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.087] Sleep (dwMilliseconds=0xa) [0092.103] timeGetTime () returned 0x243bc [0092.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.103] Sleep (dwMilliseconds=0xa) [0092.118] timeGetTime () returned 0x243cb [0092.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.119] Sleep (dwMilliseconds=0xa) [0092.134] timeGetTime () returned 0x243db [0092.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.134] Sleep (dwMilliseconds=0xa) [0092.151] timeGetTime () returned 0x243eb [0092.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.151] Sleep (dwMilliseconds=0xa) [0092.166] timeGetTime () returned 0x243fa [0092.166] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.166] Sleep (dwMilliseconds=0xa) [0092.181] timeGetTime () returned 0x2440a [0092.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.181] Sleep (dwMilliseconds=0xa) [0092.197] timeGetTime () returned 0x24419 [0092.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.197] Sleep (dwMilliseconds=0xa) [0092.217] timeGetTime () returned 0x24429 [0092.217] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.217] Sleep (dwMilliseconds=0xa) [0092.365] timeGetTime () returned 0x244b6 [0092.365] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0092.365] TranslateMessage (lpMsg=0x140fa14) returned 0 [0092.365] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0092.365] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0092.365] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0092.365] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.365] Sleep (dwMilliseconds=0xa) [0092.384] timeGetTime () returned 0x244d5 [0092.384] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.384] Sleep (dwMilliseconds=0xa) [0092.400] timeGetTime () returned 0x244e5 [0092.400] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.400] Sleep (dwMilliseconds=0xa) [0092.416] timeGetTime () returned 0x244f4 [0092.416] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.416] Sleep (dwMilliseconds=0xa) [0092.431] timeGetTime () returned 0x24504 [0092.431] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.431] Sleep (dwMilliseconds=0xa) [0092.447] timeGetTime () returned 0x24513 [0092.447] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.447] Sleep (dwMilliseconds=0xa) [0092.462] timeGetTime () returned 0x24523 [0092.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.462] Sleep (dwMilliseconds=0xa) [0092.478] timeGetTime () returned 0x24533 [0092.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.478] Sleep (dwMilliseconds=0xa) [0092.494] timeGetTime () returned 0x24542 [0092.494] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.494] Sleep (dwMilliseconds=0xa) [0092.509] timeGetTime () returned 0x24552 [0092.509] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.509] Sleep (dwMilliseconds=0xa) [0092.525] timeGetTime () returned 0x24562 [0092.525] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.525] Sleep (dwMilliseconds=0xa) [0092.541] timeGetTime () returned 0x24571 [0092.541] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.541] Sleep (dwMilliseconds=0xa) [0092.556] timeGetTime () returned 0x24581 [0092.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.556] Sleep (dwMilliseconds=0xa) [0092.572] timeGetTime () returned 0x24590 [0092.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.572] Sleep (dwMilliseconds=0xa) [0092.588] timeGetTime () returned 0x245a0 [0092.588] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.588] Sleep (dwMilliseconds=0xa) [0092.603] timeGetTime () returned 0x245b0 [0092.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.603] Sleep (dwMilliseconds=0xa) [0092.619] timeGetTime () returned 0x245bf [0092.619] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.619] Sleep (dwMilliseconds=0xa) [0092.634] timeGetTime () returned 0x245cf [0092.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.634] Sleep (dwMilliseconds=0xa) [0092.650] timeGetTime () returned 0x245df [0092.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.650] Sleep (dwMilliseconds=0xa) [0092.666] timeGetTime () returned 0x245ee [0092.666] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.666] Sleep (dwMilliseconds=0xa) [0092.681] timeGetTime () returned 0x245fe [0092.681] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.681] Sleep (dwMilliseconds=0xa) [0092.705] timeGetTime () returned 0x2460d [0092.705] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.705] Sleep (dwMilliseconds=0xa) [0092.728] timeGetTime () returned 0x2462d [0092.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.728] Sleep (dwMilliseconds=0xa) [0092.744] timeGetTime () returned 0x2463c [0092.744] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.744] Sleep (dwMilliseconds=0xa) [0092.779] timeGetTime () returned 0x2465c [0092.779] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.779] Sleep (dwMilliseconds=0xa) [0092.791] timeGetTime () returned 0x2466b [0092.791] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.791] Sleep (dwMilliseconds=0xa) [0092.806] timeGetTime () returned 0x2467b [0092.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.806] Sleep (dwMilliseconds=0xa) [0092.822] timeGetTime () returned 0x2468a [0092.822] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.822] Sleep (dwMilliseconds=0xa) [0092.837] timeGetTime () returned 0x2469a [0092.837] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.837] Sleep (dwMilliseconds=0xa) [0092.853] timeGetTime () returned 0x246aa [0092.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.853] Sleep (dwMilliseconds=0xa) [0092.869] timeGetTime () returned 0x246b9 [0092.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.869] Sleep (dwMilliseconds=0xa) [0092.884] timeGetTime () returned 0x246c9 [0092.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.884] Sleep (dwMilliseconds=0xa) [0092.900] timeGetTime () returned 0x246d9 [0092.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.900] Sleep (dwMilliseconds=0xa) [0092.916] timeGetTime () returned 0x246e8 [0092.916] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.916] Sleep (dwMilliseconds=0xa) [0092.931] timeGetTime () returned 0x246f8 [0092.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.931] Sleep (dwMilliseconds=0xa) [0092.947] timeGetTime () returned 0x24707 [0092.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.947] Sleep (dwMilliseconds=0xa) [0092.963] timeGetTime () returned 0x24717 [0092.963] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.963] Sleep (dwMilliseconds=0xa) [0092.979] timeGetTime () returned 0x24727 [0092.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.979] Sleep (dwMilliseconds=0xa) [0092.997] timeGetTime () returned 0x24736 [0092.997] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0092.997] Sleep (dwMilliseconds=0xa) [0093.010] timeGetTime () returned 0x24746 [0093.010] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.010] Sleep (dwMilliseconds=0xa) [0093.025] timeGetTime () returned 0x24756 [0093.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.025] Sleep (dwMilliseconds=0xa) [0093.041] timeGetTime () returned 0x24765 [0093.041] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.041] Sleep (dwMilliseconds=0xa) [0093.056] timeGetTime () returned 0x24775 [0093.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.056] Sleep (dwMilliseconds=0xa) [0093.117] timeGetTime () returned 0x247a4 [0093.117] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0093.117] TranslateMessage (lpMsg=0x140fa14) returned 0 [0093.117] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0093.117] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0093.117] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0093.117] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.117] Sleep (dwMilliseconds=0xa) [0093.134] timeGetTime () returned 0x247c3 [0093.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.134] Sleep (dwMilliseconds=0xa) [0093.150] timeGetTime () returned 0x247d3 [0093.150] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.150] Sleep (dwMilliseconds=0xa) [0093.165] timeGetTime () returned 0x247e2 [0093.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.165] Sleep (dwMilliseconds=0xa) [0093.182] timeGetTime () returned 0x247f2 [0093.182] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.182] Sleep (dwMilliseconds=0xa) [0093.197] timeGetTime () returned 0x24801 [0093.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.197] Sleep (dwMilliseconds=0xa) [0093.212] timeGetTime () returned 0x24811 [0093.212] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.212] Sleep (dwMilliseconds=0xa) [0093.405] timeGetTime () returned 0x248cd [0093.405] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.405] Sleep (dwMilliseconds=0xa) [0093.431] timeGetTime () returned 0x248ec [0093.431] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.431] Sleep (dwMilliseconds=0xa) [0093.447] timeGetTime () returned 0x248fb [0093.447] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.447] Sleep (dwMilliseconds=0xa) [0093.462] timeGetTime () returned 0x2490b [0093.462] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.463] Sleep (dwMilliseconds=0xa) [0093.478] timeGetTime () returned 0x2491b [0093.478] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.478] Sleep (dwMilliseconds=0xa) [0093.494] timeGetTime () returned 0x2492b [0093.494] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.494] Sleep (dwMilliseconds=0xa) [0093.509] timeGetTime () returned 0x2493a [0093.509] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.509] Sleep (dwMilliseconds=0xa) [0093.525] timeGetTime () returned 0x2494a [0093.525] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.525] Sleep (dwMilliseconds=0xa) [0093.540] timeGetTime () returned 0x24959 [0093.540] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.541] Sleep (dwMilliseconds=0xa) [0093.556] timeGetTime () returned 0x24969 [0093.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.556] Sleep (dwMilliseconds=0xa) [0093.572] timeGetTime () returned 0x24978 [0093.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.572] Sleep (dwMilliseconds=0xa) [0093.588] timeGetTime () returned 0x24988 [0093.588] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.588] Sleep (dwMilliseconds=0xa) [0093.603] timeGetTime () returned 0x24998 [0093.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.603] Sleep (dwMilliseconds=0xa) [0093.619] timeGetTime () returned 0x249a7 [0093.619] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.619] Sleep (dwMilliseconds=0xa) [0093.634] timeGetTime () returned 0x249b7 [0093.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.634] Sleep (dwMilliseconds=0xa) [0093.650] timeGetTime () returned 0x249c7 [0093.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.650] Sleep (dwMilliseconds=0xa) [0093.665] timeGetTime () returned 0x249d6 [0093.666] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.666] Sleep (dwMilliseconds=0xa) [0093.681] timeGetTime () returned 0x249e6 [0093.681] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.681] Sleep (dwMilliseconds=0xa) [0093.705] timeGetTime () returned 0x249f5 [0093.705] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.705] Sleep (dwMilliseconds=0xa) [0093.728] timeGetTime () returned 0x24a15 [0093.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.728] Sleep (dwMilliseconds=0xa) [0093.744] timeGetTime () returned 0x24a24 [0093.744] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.744] Sleep (dwMilliseconds=0xa) [0093.759] timeGetTime () returned 0x24a34 [0093.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.759] Sleep (dwMilliseconds=0xa) [0093.775] timeGetTime () returned 0x24a44 [0093.775] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.775] Sleep (dwMilliseconds=0xa) [0093.796] timeGetTime () returned 0x24a53 [0093.796] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.796] Sleep (dwMilliseconds=0xa) [0093.822] timeGetTime () returned 0x24a72 [0093.822] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.822] Sleep (dwMilliseconds=0xa) [0093.904] timeGetTime () returned 0x24ac1 [0093.904] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0093.904] TranslateMessage (lpMsg=0x140fa14) returned 0 [0093.904] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0093.904] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0093.904] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0093.904] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.904] Sleep (dwMilliseconds=0xa) [0093.915] timeGetTime () returned 0x24ad0 [0093.915] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.916] Sleep (dwMilliseconds=0xa) [0093.931] timeGetTime () returned 0x24ae0 [0093.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.931] Sleep (dwMilliseconds=0xa) [0093.947] timeGetTime () returned 0x24aef [0093.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.947] Sleep (dwMilliseconds=0xa) [0093.962] timeGetTime () returned 0x24aff [0093.963] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.963] Sleep (dwMilliseconds=0xa) [0093.978] timeGetTime () returned 0x24b0f [0093.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.978] Sleep (dwMilliseconds=0xa) [0093.994] timeGetTime () returned 0x24b1e [0093.994] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0093.994] Sleep (dwMilliseconds=0xa) [0094.010] timeGetTime () returned 0x24b2e [0094.010] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.010] Sleep (dwMilliseconds=0xa) [0094.025] timeGetTime () returned 0x24b3e [0094.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.025] Sleep (dwMilliseconds=0xa) [0094.040] timeGetTime () returned 0x24b4d [0094.041] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.041] Sleep (dwMilliseconds=0xa) [0094.056] timeGetTime () returned 0x24b5d [0094.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.056] Sleep (dwMilliseconds=0xa) [0094.072] timeGetTime () returned 0x24b6c [0094.072] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.072] Sleep (dwMilliseconds=0xa) [0094.087] timeGetTime () returned 0x24b7c [0094.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.088] Sleep (dwMilliseconds=0xa) [0094.103] timeGetTime () returned 0x24b8c [0094.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.103] Sleep (dwMilliseconds=0xa) [0094.119] timeGetTime () returned 0x24b9b [0094.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.119] Sleep (dwMilliseconds=0xa) [0094.134] timeGetTime () returned 0x24bab [0094.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.134] Sleep (dwMilliseconds=0xa) [0094.151] timeGetTime () returned 0x24bbb [0094.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.151] Sleep (dwMilliseconds=0xa) [0094.165] timeGetTime () returned 0x24bca [0094.165] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.165] Sleep (dwMilliseconds=0xa) [0094.181] timeGetTime () returned 0x24bda [0094.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.181] Sleep (dwMilliseconds=0xa) [0094.198] timeGetTime () returned 0x24bea [0094.198] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.198] Sleep (dwMilliseconds=0xa) [0094.213] timeGetTime () returned 0x24bf9 [0094.213] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.213] Sleep (dwMilliseconds=0xa) [0094.528] timeGetTime () returned 0x24d32 [0094.528] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.528] Sleep (dwMilliseconds=0xa) [0094.540] timeGetTime () returned 0x24d41 [0094.540] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.541] Sleep (dwMilliseconds=0xa) [0094.556] timeGetTime () returned 0x24d51 [0094.556] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.556] Sleep (dwMilliseconds=0xa) [0094.572] timeGetTime () returned 0x24d60 [0094.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.572] Sleep (dwMilliseconds=0xa) [0094.588] timeGetTime () returned 0x24d70 [0094.588] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.588] Sleep (dwMilliseconds=0xa) [0094.603] timeGetTime () returned 0x24d80 [0094.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.603] Sleep (dwMilliseconds=0xa) [0094.618] timeGetTime () returned 0x24d8f [0094.618] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.618] Sleep (dwMilliseconds=0xa) [0094.634] timeGetTime () returned 0x24d9f [0094.634] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.634] Sleep (dwMilliseconds=0xa) [0094.651] timeGetTime () returned 0x24daf [0094.651] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0094.651] TranslateMessage (lpMsg=0x140fa14) returned 0 [0094.651] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0094.651] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0094.651] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0094.651] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.651] Sleep (dwMilliseconds=0xa) [0094.665] timeGetTime () returned 0x24dbe [0094.666] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.666] Sleep (dwMilliseconds=0xa) [0094.681] timeGetTime () returned 0x24dce [0094.681] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.681] Sleep (dwMilliseconds=0xa) [0094.705] timeGetTime () returned 0x24ddd [0094.705] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.705] Sleep (dwMilliseconds=0xa) [0094.728] timeGetTime () returned 0x24dfd [0094.728] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.728] Sleep (dwMilliseconds=0xa) [0094.744] timeGetTime () returned 0x24e0c [0094.744] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.744] Sleep (dwMilliseconds=0xa) [0094.759] timeGetTime () returned 0x24e1c [0094.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.759] Sleep (dwMilliseconds=0xa) [0094.775] timeGetTime () returned 0x24e2c [0094.775] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.775] Sleep (dwMilliseconds=0xa) [0094.791] timeGetTime () returned 0x24e3b [0094.791] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.791] Sleep (dwMilliseconds=0xa) [0094.806] timeGetTime () returned 0x24e4b [0094.806] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.806] Sleep (dwMilliseconds=0xa) [0094.822] timeGetTime () returned 0x24e5a [0094.822] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.822] Sleep (dwMilliseconds=0xa) [0094.838] timeGetTime () returned 0x24e6a [0094.838] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.838] Sleep (dwMilliseconds=0xa) [0094.853] timeGetTime () returned 0x24e7a [0094.853] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.853] Sleep (dwMilliseconds=0xa) [0094.869] timeGetTime () returned 0x24e89 [0094.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.869] Sleep (dwMilliseconds=0xa) [0094.884] timeGetTime () returned 0x24e99 [0094.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.884] Sleep (dwMilliseconds=0xa) [0094.900] timeGetTime () returned 0x24ea9 [0094.900] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.900] Sleep (dwMilliseconds=0xa) [0094.915] timeGetTime () returned 0x24eb8 [0094.915] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.915] Sleep (dwMilliseconds=0xa) [0094.931] timeGetTime () returned 0x24ec8 [0094.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.931] Sleep (dwMilliseconds=0xa) [0094.947] timeGetTime () returned 0x24ed7 [0094.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.947] Sleep (dwMilliseconds=0xa) [0094.963] timeGetTime () returned 0x24ee7 [0094.963] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.963] Sleep (dwMilliseconds=0xa) [0094.978] timeGetTime () returned 0x24ef7 [0094.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.978] Sleep (dwMilliseconds=0xa) [0094.994] timeGetTime () returned 0x24f06 [0094.994] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0094.994] Sleep (dwMilliseconds=0xa) [0095.009] timeGetTime () returned 0x24f16 [0095.009] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.009] Sleep (dwMilliseconds=0xa) [0095.025] timeGetTime () returned 0x24f26 [0095.025] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.025] Sleep (dwMilliseconds=0xa) [0095.040] timeGetTime () returned 0x24f35 [0095.040] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.041] Sleep (dwMilliseconds=0xa) [0095.056] timeGetTime () returned 0x24f45 [0095.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.056] Sleep (dwMilliseconds=0xa) [0095.072] timeGetTime () returned 0x24f54 [0095.072] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.072] Sleep (dwMilliseconds=0xa) [0095.088] timeGetTime () returned 0x24f64 [0095.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.088] Sleep (dwMilliseconds=0xa) [0095.103] timeGetTime () returned 0x24f74 [0095.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.103] Sleep (dwMilliseconds=0xa) [0095.119] timeGetTime () returned 0x24f83 [0095.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.119] Sleep (dwMilliseconds=0xa) [0095.134] timeGetTime () returned 0x24f93 [0095.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.134] Sleep (dwMilliseconds=0xa) [0095.150] timeGetTime () returned 0x24fa3 [0095.150] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.150] Sleep (dwMilliseconds=0xa) [0095.165] timeGetTime () returned 0x24fb2 [0095.166] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.166] Sleep (dwMilliseconds=0xa) [0095.181] timeGetTime () returned 0x24fc2 [0095.181] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.181] Sleep (dwMilliseconds=0xa) [0095.197] timeGetTime () returned 0x24fd1 [0095.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.197] Sleep (dwMilliseconds=0xa) [0095.212] timeGetTime () returned 0x24fe1 [0095.212] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.212] Sleep (dwMilliseconds=0xa) [0095.571] timeGetTime () returned 0x25139 [0095.571] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0095.571] TranslateMessage (lpMsg=0x140fa14) returned 0 [0095.571] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0095.571] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0095.571] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0095.572] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.572] Sleep (dwMilliseconds=0xa) [0095.589] timeGetTime () returned 0x25158 [0095.589] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.589] Sleep (dwMilliseconds=0xa) [0095.603] timeGetTime () returned 0x25168 [0095.603] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.603] Sleep (dwMilliseconds=0xa) [0095.619] timeGetTime () returned 0x25177 [0095.619] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.619] Sleep (dwMilliseconds=0xa) [0095.634] timeGetTime () returned 0x25187 [0095.635] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.635] Sleep (dwMilliseconds=0xa) [0095.645] timeGetTime () returned 0x25192 [0095.645] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.645] Sleep (dwMilliseconds=0xa) [0095.741] timeGetTime () returned 0x251e6 [0095.741] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.741] Sleep (dwMilliseconds=0xa) [0095.762] timeGetTime () returned 0x25205 [0095.762] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.762] Sleep (dwMilliseconds=0xa) [0095.776] timeGetTime () returned 0x25215 [0095.776] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.776] Sleep (dwMilliseconds=0xa) [0095.796] timeGetTime () returned 0x25225 [0095.796] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.796] Sleep (dwMilliseconds=0xa) [0095.807] timeGetTime () returned 0x25234 [0095.807] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.807] Sleep (dwMilliseconds=0xa) [0095.824] timeGetTime () returned 0x25244 [0095.824] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.824] Sleep (dwMilliseconds=0xa) [0095.839] timeGetTime () returned 0x25253 [0095.839] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.839] Sleep (dwMilliseconds=0xa) [0095.854] timeGetTime () returned 0x25263 [0095.855] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.855] Sleep (dwMilliseconds=0xa) [0095.870] timeGetTime () returned 0x25273 [0095.870] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.870] Sleep (dwMilliseconds=0xa) [0095.885] timeGetTime () returned 0x25282 [0095.885] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.886] Sleep (dwMilliseconds=0xa) [0095.901] timeGetTime () returned 0x25292 [0095.901] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.901] Sleep (dwMilliseconds=0xa) [0095.917] timeGetTime () returned 0x252a2 [0095.917] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.917] Sleep (dwMilliseconds=0xa) [0095.932] timeGetTime () returned 0x252b1 [0095.932] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.932] Sleep (dwMilliseconds=0xa) [0095.948] timeGetTime () returned 0x252c1 [0095.948] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.948] Sleep (dwMilliseconds=0xa) [0095.964] timeGetTime () returned 0x252d0 [0095.964] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.964] Sleep (dwMilliseconds=0xa) [0095.979] timeGetTime () returned 0x252e0 [0095.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.979] Sleep (dwMilliseconds=0xa) [0095.995] timeGetTime () returned 0x252f0 [0095.995] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0095.995] Sleep (dwMilliseconds=0xa) [0096.011] timeGetTime () returned 0x252ff [0096.011] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.011] Sleep (dwMilliseconds=0xa) [0096.026] timeGetTime () returned 0x2530f [0096.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.026] Sleep (dwMilliseconds=0xa) [0096.042] timeGetTime () returned 0x2531f [0096.042] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.042] Sleep (dwMilliseconds=0xa) [0096.057] timeGetTime () returned 0x2532e [0096.057] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.057] Sleep (dwMilliseconds=0xa) [0096.074] timeGetTime () returned 0x2533f [0096.074] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.074] Sleep (dwMilliseconds=0xa) [0096.091] timeGetTime () returned 0x2534f [0096.091] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.091] Sleep (dwMilliseconds=0xa) [0096.104] timeGetTime () returned 0x2535d [0096.104] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.105] Sleep (dwMilliseconds=0xa) [0096.120] timeGetTime () returned 0x2536d [0096.120] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.120] Sleep (dwMilliseconds=0xa) [0096.136] timeGetTime () returned 0x2537c [0096.136] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.136] Sleep (dwMilliseconds=0xa) [0096.151] timeGetTime () returned 0x2538c [0096.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.151] Sleep (dwMilliseconds=0xa) [0096.168] timeGetTime () returned 0x2539c [0096.168] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.168] Sleep (dwMilliseconds=0xa) [0096.182] timeGetTime () returned 0x253ab [0096.183] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.183] Sleep (dwMilliseconds=0xa) [0096.198] timeGetTime () returned 0x253bb [0096.198] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.198] Sleep (dwMilliseconds=0xa) [0096.214] timeGetTime () returned 0x253ca [0096.214] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0096.214] Sleep (dwMilliseconds=0xa) [0097.490] timeGetTime () returned 0x258bc [0097.490] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0097.490] TranslateMessage (lpMsg=0x140fa14) returned 0 [0097.490] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0097.490] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0097.490] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0097.490] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.490] Sleep (dwMilliseconds=0xa) [0097.510] timeGetTime () returned 0x258db [0097.511] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.511] Sleep (dwMilliseconds=0xa) [0097.526] timeGetTime () returned 0x258eb [0097.526] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.526] Sleep (dwMilliseconds=0xa) [0097.542] timeGetTime () returned 0x258fb [0097.542] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.543] Sleep (dwMilliseconds=0xa) [0097.557] timeGetTime () returned 0x2590a [0097.557] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.557] Sleep (dwMilliseconds=0xa) [0097.573] timeGetTime () returned 0x2591a [0097.573] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.573] Sleep (dwMilliseconds=0xa) [0097.589] timeGetTime () returned 0x25929 [0097.589] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.589] Sleep (dwMilliseconds=0xa) [0097.604] timeGetTime () returned 0x25939 [0097.604] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.604] Sleep (dwMilliseconds=0xa) [0097.620] timeGetTime () returned 0x25949 [0097.620] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.620] Sleep (dwMilliseconds=0xa) [0097.635] timeGetTime () returned 0x25958 [0097.635] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.635] Sleep (dwMilliseconds=0xa) [0097.651] timeGetTime () returned 0x25968 [0097.651] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.651] Sleep (dwMilliseconds=0xa) [0097.667] timeGetTime () returned 0x25978 [0097.667] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.667] Sleep (dwMilliseconds=0xa) [0097.682] timeGetTime () returned 0x25987 [0097.682] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.682] Sleep (dwMilliseconds=0xa) [0097.705] timeGetTime () returned 0x25997 [0097.705] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.705] Sleep (dwMilliseconds=0xa) [0097.730] timeGetTime () returned 0x259b6 [0097.730] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.730] Sleep (dwMilliseconds=0xa) [0097.745] timeGetTime () returned 0x259c6 [0097.745] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.745] Sleep (dwMilliseconds=0xa) [0097.760] timeGetTime () returned 0x259d5 [0097.760] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.760] Sleep (dwMilliseconds=0xa) [0097.776] timeGetTime () returned 0x259e5 [0097.776] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.776] Sleep (dwMilliseconds=0xa) [0097.792] timeGetTime () returned 0x259f5 [0097.792] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.792] Sleep (dwMilliseconds=0xa) [0097.808] timeGetTime () returned 0x25a04 [0097.808] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.808] Sleep (dwMilliseconds=0xa) [0097.874] timeGetTime () returned 0x25a43 [0097.874] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.874] Sleep (dwMilliseconds=0xa) [0097.912] timeGetTime () returned 0x25a62 [0097.912] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.912] Sleep (dwMilliseconds=0xa) [0097.933] timeGetTime () returned 0x25a81 [0097.933] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.933] Sleep (dwMilliseconds=0xa) [0097.948] timeGetTime () returned 0x25a91 [0097.948] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.948] Sleep (dwMilliseconds=0xa) [0097.966] timeGetTime () returned 0x25aa2 [0097.966] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.966] Sleep (dwMilliseconds=0xa) [0097.979] timeGetTime () returned 0x25ab0 [0097.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.979] Sleep (dwMilliseconds=0xa) [0097.996] timeGetTime () returned 0x25ac0 [0097.996] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0097.996] Sleep (dwMilliseconds=0xa) [0098.011] timeGetTime () returned 0x25acf [0098.011] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.011] Sleep (dwMilliseconds=0xa) [0098.026] timeGetTime () returned 0x25adf [0098.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.026] Sleep (dwMilliseconds=0xa) [0098.042] timeGetTime () returned 0x25aef [0098.042] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.042] Sleep (dwMilliseconds=0xa) [0098.058] timeGetTime () returned 0x25afe [0098.058] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.058] Sleep (dwMilliseconds=0xa) [0098.073] timeGetTime () returned 0x25b0e [0098.073] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.073] Sleep (dwMilliseconds=0xa) [0098.089] timeGetTime () returned 0x25b1e [0098.089] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.089] Sleep (dwMilliseconds=0xa) [0098.105] timeGetTime () returned 0x25b2d [0098.105] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.105] Sleep (dwMilliseconds=0xa) [0098.120] timeGetTime () returned 0x25b3d [0098.120] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.120] Sleep (dwMilliseconds=0xa) [0098.136] timeGetTime () returned 0x25b4c [0098.136] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.136] Sleep (dwMilliseconds=0xa) [0098.151] timeGetTime () returned 0x25b5c [0098.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.151] Sleep (dwMilliseconds=0xa) [0098.167] timeGetTime () returned 0x25b6c [0098.167] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.167] Sleep (dwMilliseconds=0xa) [0098.188] timeGetTime () returned 0x25b80 [0098.188] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.188] Sleep (dwMilliseconds=0xa) [0098.214] timeGetTime () returned 0x25b9b [0098.214] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.214] Sleep (dwMilliseconds=0xa) [0098.369] timeGetTime () returned 0x25c29 [0098.369] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0098.369] TranslateMessage (lpMsg=0x140fa14) returned 0 [0098.369] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0098.369] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0098.369] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0098.369] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.369] Sleep (dwMilliseconds=0xa) [0098.385] timeGetTime () returned 0x25c46 [0098.386] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.386] Sleep (dwMilliseconds=0xa) [0098.401] timeGetTime () returned 0x25c56 [0098.401] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.401] Sleep (dwMilliseconds=0xa) [0098.417] timeGetTime () returned 0x25c66 [0098.417] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.417] Sleep (dwMilliseconds=0xa) [0098.432] timeGetTime () returned 0x25c75 [0098.432] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.432] Sleep (dwMilliseconds=0xa) [0098.448] timeGetTime () returned 0x25c85 [0098.448] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.448] Sleep (dwMilliseconds=0xa) [0098.464] timeGetTime () returned 0x25c94 [0098.464] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.464] Sleep (dwMilliseconds=0xa) [0098.480] timeGetTime () returned 0x25ca4 [0098.480] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.480] Sleep (dwMilliseconds=0xa) [0098.495] timeGetTime () returned 0x25cb4 [0098.495] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.495] Sleep (dwMilliseconds=0xa) [0098.511] timeGetTime () returned 0x25cc3 [0098.511] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.511] Sleep (dwMilliseconds=0xa) [0098.526] timeGetTime () returned 0x25cd3 [0098.526] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.526] Sleep (dwMilliseconds=0xa) [0098.542] timeGetTime () returned 0x25ce3 [0098.542] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.542] Sleep (dwMilliseconds=0xa) [0098.624] timeGetTime () returned 0x25d31 [0098.625] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.625] Sleep (dwMilliseconds=0xa) [0098.635] timeGetTime () returned 0x25d40 [0098.635] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.635] Sleep (dwMilliseconds=0xa) [0098.651] timeGetTime () returned 0x25d50 [0098.651] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.651] Sleep (dwMilliseconds=0xa) [0098.667] timeGetTime () returned 0x25d60 [0098.667] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.667] Sleep (dwMilliseconds=0xa) [0098.682] timeGetTime () returned 0x25d6f [0098.682] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.683] Sleep (dwMilliseconds=0xa) [0098.704] timeGetTime () returned 0x25d7f [0098.704] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.704] Sleep (dwMilliseconds=0xa) [0098.729] timeGetTime () returned 0x25d9e [0098.729] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.729] Sleep (dwMilliseconds=0xa) [0098.747] timeGetTime () returned 0x25db0 [0098.747] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.747] Sleep (dwMilliseconds=0xa) [0098.760] timeGetTime () returned 0x25dbd [0098.760] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.760] Sleep (dwMilliseconds=0xa) [0098.776] timeGetTime () returned 0x25dcd [0098.776] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.776] Sleep (dwMilliseconds=0xa) [0098.793] timeGetTime () returned 0x25ddd [0098.794] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.794] Sleep (dwMilliseconds=0xa) [0098.808] timeGetTime () returned 0x25dec [0098.808] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.808] Sleep (dwMilliseconds=0xa) [0098.823] timeGetTime () returned 0x25dfc [0098.823] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.823] Sleep (dwMilliseconds=0xa) [0098.839] timeGetTime () returned 0x25e0b [0098.839] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.839] Sleep (dwMilliseconds=0xa) [0098.855] timeGetTime () returned 0x25e1b [0098.855] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.855] Sleep (dwMilliseconds=0xa) [0098.870] timeGetTime () returned 0x25e2b [0098.870] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.870] Sleep (dwMilliseconds=0xa) [0098.886] timeGetTime () returned 0x25e3a [0098.886] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.886] Sleep (dwMilliseconds=0xa) [0098.901] timeGetTime () returned 0x25e4a [0098.901] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.901] Sleep (dwMilliseconds=0xa) [0098.917] timeGetTime () returned 0x25e5a [0098.917] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.917] Sleep (dwMilliseconds=0xa) [0098.932] timeGetTime () returned 0x25e69 [0098.933] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.933] Sleep (dwMilliseconds=0xa) [0098.948] timeGetTime () returned 0x25e79 [0098.948] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.948] Sleep (dwMilliseconds=0xa) [0098.964] timeGetTime () returned 0x25e88 [0098.964] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.964] Sleep (dwMilliseconds=0xa) [0098.979] timeGetTime () returned 0x25e98 [0098.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.979] Sleep (dwMilliseconds=0xa) [0098.995] timeGetTime () returned 0x25ea8 [0098.995] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0098.995] Sleep (dwMilliseconds=0xa) [0099.011] timeGetTime () returned 0x25eb7 [0099.011] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.011] Sleep (dwMilliseconds=0xa) [0099.026] timeGetTime () returned 0x25ec7 [0099.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.026] Sleep (dwMilliseconds=0xa) [0099.042] timeGetTime () returned 0x25ed7 [0099.042] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.042] Sleep (dwMilliseconds=0xa) [0099.058] timeGetTime () returned 0x25ee6 [0099.058] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.058] Sleep (dwMilliseconds=0xa) [0099.073] timeGetTime () returned 0x25ef6 [0099.073] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.073] Sleep (dwMilliseconds=0xa) [0099.089] timeGetTime () returned 0x25f05 [0099.089] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.089] Sleep (dwMilliseconds=0xa) [0099.104] timeGetTime () returned 0x25f15 [0099.104] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0099.105] TranslateMessage (lpMsg=0x140fa14) returned 0 [0099.105] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0099.105] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0099.105] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0099.105] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.105] Sleep (dwMilliseconds=0xa) [0099.120] timeGetTime () returned 0x25f25 [0099.120] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.120] Sleep (dwMilliseconds=0xa) [0099.137] timeGetTime () returned 0x25f36 [0099.137] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.137] Sleep (dwMilliseconds=0xa) [0099.152] timeGetTime () returned 0x25f44 [0099.152] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.152] Sleep (dwMilliseconds=0xa) [0099.167] timeGetTime () returned 0x25f54 [0099.167] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.167] Sleep (dwMilliseconds=0xa) [0099.183] timeGetTime () returned 0x25f63 [0099.183] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.183] Sleep (dwMilliseconds=0xa) [0099.198] timeGetTime () returned 0x25f73 [0099.198] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.198] Sleep (dwMilliseconds=0xa) [0099.214] timeGetTime () returned 0x25f82 [0099.214] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0099.214] Sleep (dwMilliseconds=0xa) [0100.909] timeGetTime () returned 0x26621 [0100.909] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0100.909] TranslateMessage (lpMsg=0x140fa14) returned 0 [0100.909] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0100.909] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0100.909] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0100.909] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0100.909] Sleep (dwMilliseconds=0xa) [0100.919] timeGetTime () returned 0x2662c [0100.919] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0100.919] Sleep (dwMilliseconds=0xa) [0100.930] timeGetTime () returned 0x26637 [0100.930] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0100.930] Sleep (dwMilliseconds=0xa) [0100.957] timeGetTime () returned 0x26651 [0100.957] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0100.957] Sleep (dwMilliseconds=0xa) [0100.972] timeGetTime () returned 0x26660 [0100.972] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0100.972] Sleep (dwMilliseconds=0xa) [0100.987] timeGetTime () returned 0x26670 [0100.987] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0100.987] Sleep (dwMilliseconds=0xa) [0101.004] timeGetTime () returned 0x2667f [0101.004] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.004] Sleep (dwMilliseconds=0xa) [0101.019] timeGetTime () returned 0x2668f [0101.019] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.019] Sleep (dwMilliseconds=0xa) [0101.034] timeGetTime () returned 0x2669f [0101.034] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.034] Sleep (dwMilliseconds=0xa) [0101.049] timeGetTime () returned 0x266ae [0101.050] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.050] Sleep (dwMilliseconds=0xa) [0101.067] timeGetTime () returned 0x266c0 [0101.068] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.068] Sleep (dwMilliseconds=0xa) [0101.081] timeGetTime () returned 0x266ce [0101.081] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.081] Sleep (dwMilliseconds=0xa) [0101.096] timeGetTime () returned 0x266dd [0101.096] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.096] Sleep (dwMilliseconds=0xa) [0101.112] timeGetTime () returned 0x266ed [0101.112] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.112] Sleep (dwMilliseconds=0xa) [0101.128] timeGetTime () returned 0x266fc [0101.128] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.128] Sleep (dwMilliseconds=0xa) [0101.143] timeGetTime () returned 0x2670c [0101.143] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.143] Sleep (dwMilliseconds=0xa) [0101.159] timeGetTime () returned 0x2671c [0101.159] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.159] Sleep (dwMilliseconds=0xa) [0101.175] timeGetTime () returned 0x2672b [0101.175] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.175] Sleep (dwMilliseconds=0xa) [0101.190] timeGetTime () returned 0x2673b [0101.190] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.190] Sleep (dwMilliseconds=0xa) [0101.206] timeGetTime () returned 0x2674b [0101.206] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.206] Sleep (dwMilliseconds=0xa) [0101.266] timeGetTime () returned 0x26779 [0101.266] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.266] Sleep (dwMilliseconds=0xa) [0101.284] timeGetTime () returned 0x26799 [0101.284] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.284] Sleep (dwMilliseconds=0xa) [0101.300] timeGetTime () returned 0x267a8 [0101.300] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.300] Sleep (dwMilliseconds=0xa) [0101.316] timeGetTime () returned 0x267b8 [0101.316] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.316] Sleep (dwMilliseconds=0xa) [0101.331] timeGetTime () returned 0x267c8 [0101.331] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.331] Sleep (dwMilliseconds=0xa) [0101.346] timeGetTime () returned 0x267d7 [0101.346] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.346] Sleep (dwMilliseconds=0xa) [0101.362] timeGetTime () returned 0x267e7 [0101.362] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.362] Sleep (dwMilliseconds=0xa) [0101.379] timeGetTime () returned 0x267f8 [0101.379] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.379] Sleep (dwMilliseconds=0xa) [0101.393] timeGetTime () returned 0x26806 [0101.393] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.393] Sleep (dwMilliseconds=0xa) [0101.409] timeGetTime () returned 0x26816 [0101.409] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.409] Sleep (dwMilliseconds=0xa) [0101.425] timeGetTime () returned 0x26825 [0101.425] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.425] Sleep (dwMilliseconds=0xa) [0101.441] timeGetTime () returned 0x26835 [0101.441] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.441] Sleep (dwMilliseconds=0xa) [0101.456] timeGetTime () returned 0x26845 [0101.456] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.456] Sleep (dwMilliseconds=0xa) [0101.471] timeGetTime () returned 0x26854 [0101.471] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.471] Sleep (dwMilliseconds=0xa) [0101.487] timeGetTime () returned 0x26864 [0101.487] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.487] Sleep (dwMilliseconds=0xa) [0101.503] timeGetTime () returned 0x26873 [0101.503] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.503] Sleep (dwMilliseconds=0xa) [0101.518] timeGetTime () returned 0x26883 [0101.518] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.518] Sleep (dwMilliseconds=0xa) [0101.534] timeGetTime () returned 0x26893 [0101.534] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.534] Sleep (dwMilliseconds=0xa) [0101.550] timeGetTime () returned 0x268a2 [0101.550] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.550] Sleep (dwMilliseconds=0xa) [0101.565] timeGetTime () returned 0x268b2 [0101.565] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.565] Sleep (dwMilliseconds=0xa) [0101.581] timeGetTime () returned 0x268c2 [0101.581] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.581] Sleep (dwMilliseconds=0xa) [0101.597] timeGetTime () returned 0x268d1 [0101.597] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.597] Sleep (dwMilliseconds=0xa) [0101.615] timeGetTime () returned 0x268e4 [0101.615] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.615] Sleep (dwMilliseconds=0xa) [0101.628] timeGetTime () returned 0x268f0 [0101.628] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.628] Sleep (dwMilliseconds=0xa) [0101.643] timeGetTime () returned 0x26900 [0101.643] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.643] Sleep (dwMilliseconds=0xa) [0101.659] timeGetTime () returned 0x26910 [0101.659] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0101.659] TranslateMessage (lpMsg=0x140fa14) returned 0 [0101.659] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0101.659] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0101.659] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0101.659] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.659] Sleep (dwMilliseconds=0xa) [0101.674] timeGetTime () returned 0x2691f [0101.675] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.675] Sleep (dwMilliseconds=0xa) [0101.691] timeGetTime () returned 0x2692f [0101.691] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.691] Sleep (dwMilliseconds=0xa) [0101.716] timeGetTime () returned 0x2693f [0101.716] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.716] Sleep (dwMilliseconds=0xa) [0101.737] timeGetTime () returned 0x2695e [0101.737] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.737] Sleep (dwMilliseconds=0xa) [0101.754] timeGetTime () returned 0x2696e [0101.754] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.754] Sleep (dwMilliseconds=0xa) [0101.768] timeGetTime () returned 0x2697d [0101.768] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.768] Sleep (dwMilliseconds=0xa) [0101.784] timeGetTime () returned 0x2698d [0101.784] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.784] Sleep (dwMilliseconds=0xa) [0101.803] timeGetTime () returned 0x2699d [0101.803] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.803] Sleep (dwMilliseconds=0xa) [0101.815] timeGetTime () returned 0x269ac [0101.815] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.815] Sleep (dwMilliseconds=0xa) [0101.831] timeGetTime () returned 0x269bc [0101.831] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.831] Sleep (dwMilliseconds=0xa) [0101.847] timeGetTime () returned 0x269cb [0101.847] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.847] Sleep (dwMilliseconds=0xa) [0101.862] timeGetTime () returned 0x269db [0101.862] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.862] Sleep (dwMilliseconds=0xa) [0101.878] timeGetTime () returned 0x269eb [0101.878] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.878] Sleep (dwMilliseconds=0xa) [0101.893] timeGetTime () returned 0x269fa [0101.893] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.893] Sleep (dwMilliseconds=0xa) [0101.909] timeGetTime () returned 0x26a0a [0101.909] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.909] Sleep (dwMilliseconds=0xa) [0101.927] timeGetTime () returned 0x26a19 [0101.927] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.927] Sleep (dwMilliseconds=0xa) [0101.940] timeGetTime () returned 0x26a29 [0101.940] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.940] Sleep (dwMilliseconds=0xa) [0101.956] timeGetTime () returned 0x26a39 [0101.956] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.956] Sleep (dwMilliseconds=0xa) [0101.978] timeGetTime () returned 0x26a48 [0101.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0101.978] Sleep (dwMilliseconds=0xa) [0102.003] timeGetTime () returned 0x26a67 [0102.003] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.003] Sleep (dwMilliseconds=0xa) [0102.023] timeGetTime () returned 0x26a77 [0102.023] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.023] Sleep (dwMilliseconds=0xa) [0102.034] timeGetTime () returned 0x26a87 [0102.034] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.034] Sleep (dwMilliseconds=0xa) [0102.050] timeGetTime () returned 0x26a96 [0102.050] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.050] Sleep (dwMilliseconds=0xa) [0102.065] timeGetTime () returned 0x26aa6 [0102.066] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.066] Sleep (dwMilliseconds=0xa) [0102.081] timeGetTime () returned 0x26ab6 [0102.081] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.081] Sleep (dwMilliseconds=0xa) [0102.101] timeGetTime () returned 0x26ac5 [0102.101] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.101] Sleep (dwMilliseconds=0xa) [0102.113] timeGetTime () returned 0x26ad5 [0102.113] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.113] Sleep (dwMilliseconds=0xa) [0102.129] timeGetTime () returned 0x26ae4 [0102.129] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.129] Sleep (dwMilliseconds=0xa) [0102.143] timeGetTime () returned 0x26af4 [0102.143] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.143] Sleep (dwMilliseconds=0xa) [0102.159] timeGetTime () returned 0x26b04 [0102.159] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.159] Sleep (dwMilliseconds=0xa) [0102.175] timeGetTime () returned 0x26b13 [0102.175] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.175] Sleep (dwMilliseconds=0xa) [0102.190] timeGetTime () returned 0x26b23 [0102.191] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.191] Sleep (dwMilliseconds=0xa) [0102.206] timeGetTime () returned 0x26b33 [0102.206] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0102.206] Sleep (dwMilliseconds=0xa) [0103.074] timeGetTime () returned 0x26ebd [0103.115] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0103.115] TranslateMessage (lpMsg=0x140fa14) returned 0 [0103.115] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0103.115] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0103.115] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0103.115] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.115] Sleep (dwMilliseconds=0xa) [0103.126] timeGetTime () returned 0x26ecb [0103.126] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.126] Sleep (dwMilliseconds=0xa) [0103.144] timeGetTime () returned 0x26edd [0103.144] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.144] Sleep (dwMilliseconds=0xa) [0103.160] timeGetTime () returned 0x26eec [0103.160] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.160] Sleep (dwMilliseconds=0xa) [0103.176] timeGetTime () returned 0x26efc [0103.176] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.176] Sleep (dwMilliseconds=0xa) [0103.191] timeGetTime () returned 0x26f0c [0103.191] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.191] Sleep (dwMilliseconds=0xa) [0103.206] timeGetTime () returned 0x26f1b [0103.206] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.206] Sleep (dwMilliseconds=0xa) [0103.587] timeGetTime () returned 0x27097 [0103.587] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.587] Sleep (dwMilliseconds=0xa) [0103.598] timeGetTime () returned 0x270a3 [0103.598] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.598] Sleep (dwMilliseconds=0xa) [0103.623] timeGetTime () returned 0x270bc [0103.623] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.623] Sleep (dwMilliseconds=0xa) [0103.638] timeGetTime () returned 0x270cb [0103.638] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.638] Sleep (dwMilliseconds=0xa) [0103.654] timeGetTime () returned 0x270db [0103.654] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.654] Sleep (dwMilliseconds=0xa) [0103.670] timeGetTime () returned 0x270eb [0103.670] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.670] Sleep (dwMilliseconds=0xa) [0103.685] timeGetTime () returned 0x270fa [0103.686] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.686] Sleep (dwMilliseconds=0xa) [0103.701] timeGetTime () returned 0x2710a [0103.701] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.701] Sleep (dwMilliseconds=0xa) [0103.725] timeGetTime () returned 0x27119 [0103.725] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.725] Sleep (dwMilliseconds=0xa) [0103.748] timeGetTime () returned 0x27139 [0103.748] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.748] Sleep (dwMilliseconds=0xa) [0103.764] timeGetTime () returned 0x27148 [0103.764] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.764] Sleep (dwMilliseconds=0xa) [0103.779] timeGetTime () returned 0x27158 [0103.779] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.779] Sleep (dwMilliseconds=0xa) [0103.797] timeGetTime () returned 0x27168 [0103.797] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.797] Sleep (dwMilliseconds=0xa) [0103.810] timeGetTime () returned 0x27177 [0103.810] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.810] Sleep (dwMilliseconds=0xa) [0103.827] timeGetTime () returned 0x27187 [0103.827] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.827] Sleep (dwMilliseconds=0xa) [0103.842] timeGetTime () returned 0x27196 [0103.842] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.842] Sleep (dwMilliseconds=0xa) [0103.857] timeGetTime () returned 0x271a6 [0103.857] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.857] Sleep (dwMilliseconds=0xa) [0103.873] timeGetTime () returned 0x271b6 [0103.873] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0103.874] TranslateMessage (lpMsg=0x140fa14) returned 0 [0103.874] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0103.874] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0103.874] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0103.874] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.874] Sleep (dwMilliseconds=0xa) [0103.889] timeGetTime () returned 0x271c5 [0103.889] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.889] Sleep (dwMilliseconds=0xa) [0103.907] timeGetTime () returned 0x271d8 [0103.907] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.907] Sleep (dwMilliseconds=0xa) [0103.921] timeGetTime () returned 0x271e6 [0103.921] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.921] Sleep (dwMilliseconds=0xa) [0103.935] timeGetTime () returned 0x271f4 [0103.935] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.935] Sleep (dwMilliseconds=0xa) [0103.952] timeGetTime () returned 0x27204 [0103.952] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.952] Sleep (dwMilliseconds=0xa) [0103.967] timeGetTime () returned 0x27213 [0103.967] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.967] Sleep (dwMilliseconds=0xa) [0103.983] timeGetTime () returned 0x27223 [0103.983] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.983] Sleep (dwMilliseconds=0xa) [0103.999] timeGetTime () returned 0x27233 [0103.999] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0103.999] Sleep (dwMilliseconds=0xa) [0104.014] timeGetTime () returned 0x27242 [0104.014] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.014] Sleep (dwMilliseconds=0xa) [0104.029] timeGetTime () returned 0x27252 [0104.029] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.029] Sleep (dwMilliseconds=0xa) [0104.045] timeGetTime () returned 0x27262 [0104.045] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.045] Sleep (dwMilliseconds=0xa) [0104.060] timeGetTime () returned 0x27271 [0104.060] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.060] Sleep (dwMilliseconds=0xa) [0104.076] timeGetTime () returned 0x27281 [0104.077] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.077] Sleep (dwMilliseconds=0xa) [0104.092] timeGetTime () returned 0x27290 [0104.092] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.092] Sleep (dwMilliseconds=0xa) [0104.107] timeGetTime () returned 0x272a0 [0104.108] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.108] Sleep (dwMilliseconds=0xa) [0104.123] timeGetTime () returned 0x272b0 [0104.123] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.123] Sleep (dwMilliseconds=0xa) [0104.139] timeGetTime () returned 0x272bf [0104.139] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.139] Sleep (dwMilliseconds=0xa) [0104.154] timeGetTime () returned 0x272cf [0104.154] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.154] Sleep (dwMilliseconds=0xa) [0104.170] timeGetTime () returned 0x272df [0104.170] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.170] Sleep (dwMilliseconds=0xa) [0104.185] timeGetTime () returned 0x272ee [0104.185] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.185] Sleep (dwMilliseconds=0xa) [0104.201] timeGetTime () returned 0x272fe [0104.201] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.202] Sleep (dwMilliseconds=0xa) [0104.217] timeGetTime () returned 0x2730d [0104.217] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.217] Sleep (dwMilliseconds=0xa) [0104.780] timeGetTime () returned 0x27540 [0104.780] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0104.781] TranslateMessage (lpMsg=0x140fa14) returned 0 [0104.781] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0104.781] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0104.781] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0104.781] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.781] Sleep (dwMilliseconds=0xa) [0104.795] timeGetTime () returned 0x27550 [0104.795] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.795] Sleep (dwMilliseconds=0xa) [0104.810] timeGetTime () returned 0x2755f [0104.810] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.810] Sleep (dwMilliseconds=0xa) [0104.826] timeGetTime () returned 0x2756f [0104.826] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.826] Sleep (dwMilliseconds=0xa) [0104.842] timeGetTime () returned 0x2757e [0104.842] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.842] Sleep (dwMilliseconds=0xa) [0104.857] timeGetTime () returned 0x2758e [0104.857] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.857] Sleep (dwMilliseconds=0xa) [0104.873] timeGetTime () returned 0x2759e [0104.873] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.873] Sleep (dwMilliseconds=0xa) [0104.889] timeGetTime () returned 0x275ad [0104.889] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.889] Sleep (dwMilliseconds=0xa) [0104.905] timeGetTime () returned 0x275bd [0104.905] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.905] Sleep (dwMilliseconds=0xa) [0104.920] timeGetTime () returned 0x275cd [0104.920] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.920] Sleep (dwMilliseconds=0xa) [0104.935] timeGetTime () returned 0x275dc [0104.935] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.935] Sleep (dwMilliseconds=0xa) [0104.951] timeGetTime () returned 0x275ec [0104.951] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.951] Sleep (dwMilliseconds=0xa) [0104.967] timeGetTime () returned 0x275fb [0104.967] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.967] Sleep (dwMilliseconds=0xa) [0104.982] timeGetTime () returned 0x2760b [0104.982] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.982] Sleep (dwMilliseconds=0xa) [0104.998] timeGetTime () returned 0x2761b [0104.998] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0104.998] Sleep (dwMilliseconds=0xa) [0105.014] timeGetTime () returned 0x2762a [0105.014] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.014] Sleep (dwMilliseconds=0xa) [0105.029] timeGetTime () returned 0x2763a [0105.029] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.029] Sleep (dwMilliseconds=0xa) [0105.045] timeGetTime () returned 0x2764a [0105.045] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.045] Sleep (dwMilliseconds=0xa) [0105.060] timeGetTime () returned 0x27659 [0105.060] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.060] Sleep (dwMilliseconds=0xa) [0105.076] timeGetTime () returned 0x27669 [0105.076] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.076] Sleep (dwMilliseconds=0xa) [0105.092] timeGetTime () returned 0x27678 [0105.092] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.092] Sleep (dwMilliseconds=0xa) [0105.107] timeGetTime () returned 0x27688 [0105.107] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.107] Sleep (dwMilliseconds=0xa) [0105.123] timeGetTime () returned 0x27698 [0105.123] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.123] Sleep (dwMilliseconds=0xa) [0105.139] timeGetTime () returned 0x276a7 [0105.139] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.139] Sleep (dwMilliseconds=0xa) [0105.154] timeGetTime () returned 0x276b7 [0105.154] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.154] Sleep (dwMilliseconds=0xa) [0105.170] timeGetTime () returned 0x276c7 [0105.170] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.170] Sleep (dwMilliseconds=0xa) [0105.185] timeGetTime () returned 0x276d6 [0105.185] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.185] Sleep (dwMilliseconds=0xa) [0105.201] timeGetTime () returned 0x276e6 [0105.201] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.201] Sleep (dwMilliseconds=0xa) [0105.217] timeGetTime () returned 0x276f5 [0105.217] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0105.217] Sleep (dwMilliseconds=0xa) [0106.771] timeGetTime () returned 0x27d04 [0106.771] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0106.772] TranslateMessage (lpMsg=0x140fa14) returned 0 [0106.772] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0106.772] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0106.772] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0106.772] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.772] Sleep (dwMilliseconds=0xa) [0106.796] timeGetTime () returned 0x27d20 [0106.796] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.796] Sleep (dwMilliseconds=0xa) [0106.816] timeGetTime () returned 0x27d2f [0106.817] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.817] Sleep (dwMilliseconds=0xa) [0106.829] timeGetTime () returned 0x27d42 [0106.829] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.829] Sleep (dwMilliseconds=0xa) [0106.839] timeGetTime () returned 0x27d4c [0106.839] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.840] Sleep (dwMilliseconds=0xa) [0106.878] timeGetTime () returned 0x27d6f [0106.878] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.878] Sleep (dwMilliseconds=0xa) [0106.891] timeGetTime () returned 0x27d7f [0106.891] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.891] Sleep (dwMilliseconds=0xa) [0106.908] timeGetTime () returned 0x27d8f [0106.908] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.908] Sleep (dwMilliseconds=0xa) [0106.930] timeGetTime () returned 0x27d9e [0106.930] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.930] Sleep (dwMilliseconds=0xa) [0106.953] timeGetTime () returned 0x27dbd [0106.953] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0106.953] Sleep (dwMilliseconds=0xa) [0107.000] timeGetTime () returned 0x27dec [0107.000] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.000] Sleep (dwMilliseconds=0xa) [0107.015] timeGetTime () returned 0x27dfc [0107.015] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.015] Sleep (dwMilliseconds=0xa) [0107.031] timeGetTime () returned 0x27e0c [0107.031] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.031] Sleep (dwMilliseconds=0xa) [0107.046] timeGetTime () returned 0x27e1b [0107.046] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.046] Sleep (dwMilliseconds=0xa) [0107.062] timeGetTime () returned 0x27e2b [0107.062] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.062] Sleep (dwMilliseconds=0xa) [0107.079] timeGetTime () returned 0x27e3c [0107.079] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.079] Sleep (dwMilliseconds=0xa) [0107.094] timeGetTime () returned 0x27e4a [0107.094] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.094] Sleep (dwMilliseconds=0xa) [0107.141] timeGetTime () returned 0x27e79 [0107.141] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.141] Sleep (dwMilliseconds=0xa) [0107.156] timeGetTime () returned 0x27e89 [0107.156] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.156] Sleep (dwMilliseconds=0xa) [0107.175] timeGetTime () returned 0x27e9b [0107.175] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.175] Sleep (dwMilliseconds=0xa) [0107.187] timeGetTime () returned 0x27ea8 [0107.187] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.187] Sleep (dwMilliseconds=0xa) [0107.205] timeGetTime () returned 0x27eb7 [0107.205] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.205] Sleep (dwMilliseconds=0xa) [0107.218] timeGetTime () returned 0x27ec7 [0107.218] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.218] Sleep (dwMilliseconds=0xa) [0107.234] timeGetTime () returned 0x27ed7 [0107.234] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.234] Sleep (dwMilliseconds=0xa) [0107.250] timeGetTime () returned 0x27ee6 [0107.250] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.250] Sleep (dwMilliseconds=0xa) [0107.347] timeGetTime () returned 0x27f44 [0107.347] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.347] Sleep (dwMilliseconds=0xa) [0107.359] timeGetTime () returned 0x27f54 [0107.359] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.359] Sleep (dwMilliseconds=0xa) [0107.375] timeGetTime () returned 0x27f64 [0107.375] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.375] Sleep (dwMilliseconds=0xa) [0107.390] timeGetTime () returned 0x27f73 [0107.390] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.390] Sleep (dwMilliseconds=0xa) [0107.406] timeGetTime () returned 0x27f83 [0107.406] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.406] Sleep (dwMilliseconds=0xa) [0107.421] timeGetTime () returned 0x27f92 [0107.421] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.421] Sleep (dwMilliseconds=0xa) [0107.437] timeGetTime () returned 0x27fa2 [0107.437] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.437] Sleep (dwMilliseconds=0xa) [0107.455] timeGetTime () returned 0x27fb4 [0107.455] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.455] Sleep (dwMilliseconds=0xa) [0107.476] timeGetTime () returned 0x27fc8 [0107.476] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.476] Sleep (dwMilliseconds=0xa) [0107.504] timeGetTime () returned 0x27fe0 [0107.504] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.504] Sleep (dwMilliseconds=0xa) [0107.515] timeGetTime () returned 0x27ff0 [0107.515] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0107.515] TranslateMessage (lpMsg=0x140fa14) returned 0 [0107.515] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0107.515] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0107.515] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0107.516] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.516] Sleep (dwMilliseconds=0xa) [0107.532] timeGetTime () returned 0x28000 [0107.532] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.532] Sleep (dwMilliseconds=0xa) [0107.547] timeGetTime () returned 0x2800f [0107.547] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.547] Sleep (dwMilliseconds=0xa) [0107.562] timeGetTime () returned 0x2801f [0107.562] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.562] Sleep (dwMilliseconds=0xa) [0107.578] timeGetTime () returned 0x2802e [0107.578] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.578] Sleep (dwMilliseconds=0xa) [0107.594] timeGetTime () returned 0x2803e [0107.594] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.594] Sleep (dwMilliseconds=0xa) [0107.609] timeGetTime () returned 0x2804e [0107.609] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.609] Sleep (dwMilliseconds=0xa) [0107.625] timeGetTime () returned 0x2805e [0107.625] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.625] Sleep (dwMilliseconds=0xa) [0107.641] timeGetTime () returned 0x2806d [0107.641] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.641] Sleep (dwMilliseconds=0xa) [0107.656] timeGetTime () returned 0x2807d [0107.657] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.657] Sleep (dwMilliseconds=0xa) [0107.672] timeGetTime () returned 0x2808c [0107.672] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.672] Sleep (dwMilliseconds=0xa) [0107.687] timeGetTime () returned 0x2809c [0107.687] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.687] Sleep (dwMilliseconds=0xa) [0107.703] timeGetTime () returned 0x280ab [0107.703] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.703] Sleep (dwMilliseconds=0xa) [0107.726] timeGetTime () returned 0x280c2 [0107.726] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.726] Sleep (dwMilliseconds=0xa) [0107.749] timeGetTime () returned 0x280da [0107.750] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.750] Sleep (dwMilliseconds=0xa) [0107.765] timeGetTime () returned 0x280ea [0107.765] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.765] Sleep (dwMilliseconds=0xa) [0107.782] timeGetTime () returned 0x280fa [0107.782] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.782] Sleep (dwMilliseconds=0xa) [0107.796] timeGetTime () returned 0x28109 [0107.796] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.796] Sleep (dwMilliseconds=0xa) [0107.812] timeGetTime () returned 0x28119 [0107.812] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.812] Sleep (dwMilliseconds=0xa) [0107.830] timeGetTime () returned 0x2812a [0107.830] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.830] Sleep (dwMilliseconds=0xa) [0107.843] timeGetTime () returned 0x28138 [0107.844] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.844] Sleep (dwMilliseconds=0xa) [0107.859] timeGetTime () returned 0x28148 [0107.859] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.859] Sleep (dwMilliseconds=0xa) [0107.876] timeGetTime () returned 0x28159 [0107.876] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.877] Sleep (dwMilliseconds=0xa) [0107.890] timeGetTime () returned 0x28167 [0107.890] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.890] Sleep (dwMilliseconds=0xa) [0107.906] timeGetTime () returned 0x28177 [0107.906] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.906] Sleep (dwMilliseconds=0xa) [0107.921] timeGetTime () returned 0x28186 [0107.921] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.921] Sleep (dwMilliseconds=0xa) [0107.938] timeGetTime () returned 0x28196 [0107.938] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.938] Sleep (dwMilliseconds=0xa) [0107.953] timeGetTime () returned 0x281a5 [0107.953] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.953] Sleep (dwMilliseconds=0xa) [0107.968] timeGetTime () returned 0x281b5 [0107.968] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.969] Sleep (dwMilliseconds=0xa) [0107.984] timeGetTime () returned 0x281c5 [0107.984] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0107.984] Sleep (dwMilliseconds=0xa) [0108.000] timeGetTime () returned 0x281d4 [0108.000] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.000] Sleep (dwMilliseconds=0xa) [0108.015] timeGetTime () returned 0x281e4 [0108.015] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.015] Sleep (dwMilliseconds=0xa) [0108.031] timeGetTime () returned 0x281f4 [0108.031] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.031] Sleep (dwMilliseconds=0xa) [0108.046] timeGetTime () returned 0x28203 [0108.046] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.046] Sleep (dwMilliseconds=0xa) [0108.062] timeGetTime () returned 0x28213 [0108.062] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.062] Sleep (dwMilliseconds=0xa) [0108.078] timeGetTime () returned 0x28222 [0108.078] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.078] Sleep (dwMilliseconds=0xa) [0108.094] timeGetTime () returned 0x28232 [0108.094] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.094] Sleep (dwMilliseconds=0xa) [0108.111] timeGetTime () returned 0x28242 [0108.111] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.111] Sleep (dwMilliseconds=0xa) [0108.125] timeGetTime () returned 0x28251 [0108.125] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.125] Sleep (dwMilliseconds=0xa) [0108.148] timeGetTime () returned 0x28268 [0108.148] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.148] Sleep (dwMilliseconds=0xa) [0108.171] timeGetTime () returned 0x28280 [0108.171] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.171] Sleep (dwMilliseconds=0xa) [0108.187] timeGetTime () returned 0x28290 [0108.187] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.187] Sleep (dwMilliseconds=0xa) [0108.203] timeGetTime () returned 0x2829f [0108.203] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.203] Sleep (dwMilliseconds=0xa) [0108.219] timeGetTime () returned 0x282af [0108.219] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.219] Sleep (dwMilliseconds=0xa) [0108.234] timeGetTime () returned 0x282bf [0108.234] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.234] Sleep (dwMilliseconds=0xa) [0108.250] timeGetTime () returned 0x282ce [0108.250] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.250] Sleep (dwMilliseconds=0xa) [0108.265] timeGetTime () returned 0x282de [0108.265] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0108.265] TranslateMessage (lpMsg=0x140fa14) returned 0 [0108.265] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0108.266] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0108.266] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0108.266] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.266] Sleep (dwMilliseconds=0xa) [0108.281] timeGetTime () returned 0x282ee [0108.281] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.281] Sleep (dwMilliseconds=0xa) [0108.296] timeGetTime () returned 0x282fd [0108.296] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0108.296] Sleep (dwMilliseconds=0xa) [0109.286] timeGetTime () returned 0x286d6 [0109.286] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0109.286] TranslateMessage (lpMsg=0x140fa14) returned 0 [0109.286] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0109.286] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0109.286] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0109.287] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.287] Sleep (dwMilliseconds=0xa) [0109.371] timeGetTime () returned 0x28724 [0109.371] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.371] Sleep (dwMilliseconds=0xa) [0109.390] timeGetTime () returned 0x28743 [0109.390] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.390] Sleep (dwMilliseconds=0xa) [0109.406] timeGetTime () returned 0x28753 [0109.406] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.406] Sleep (dwMilliseconds=0xa) [0109.421] timeGetTime () returned 0x28762 [0109.421] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.421] Sleep (dwMilliseconds=0xa) [0109.438] timeGetTime () returned 0x28772 [0109.438] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.438] Sleep (dwMilliseconds=0xa) [0109.468] timeGetTime () returned 0x28791 [0109.468] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.468] Sleep (dwMilliseconds=0xa) [0109.484] timeGetTime () returned 0x287a1 [0109.484] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.484] Sleep (dwMilliseconds=0xa) [0109.500] timeGetTime () returned 0x287b0 [0109.500] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.500] Sleep (dwMilliseconds=0xa) [0109.515] timeGetTime () returned 0x287c0 [0109.515] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.515] Sleep (dwMilliseconds=0xa) [0109.531] timeGetTime () returned 0x287d0 [0109.531] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.531] Sleep (dwMilliseconds=0xa) [0109.546] timeGetTime () returned 0x287df [0109.546] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.547] Sleep (dwMilliseconds=0xa) [0109.562] timeGetTime () returned 0x287ef [0109.562] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.562] Sleep (dwMilliseconds=0xa) [0109.578] timeGetTime () returned 0x287fe [0109.578] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.578] Sleep (dwMilliseconds=0xa) [0109.593] timeGetTime () returned 0x2880e [0109.593] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.593] Sleep (dwMilliseconds=0xa) [0109.610] timeGetTime () returned 0x2881e [0109.610] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.610] Sleep (dwMilliseconds=0xa) [0109.627] timeGetTime () returned 0x28830 [0109.627] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.627] Sleep (dwMilliseconds=0xa) [0109.640] timeGetTime () returned 0x2883d [0109.640] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.640] Sleep (dwMilliseconds=0xa) [0109.656] timeGetTime () returned 0x2884d [0109.656] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.656] Sleep (dwMilliseconds=0xa) [0109.673] timeGetTime () returned 0x2885d [0109.673] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.673] Sleep (dwMilliseconds=0xa) [0109.689] timeGetTime () returned 0x2886e [0109.689] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.689] Sleep (dwMilliseconds=0xa) [0109.703] timeGetTime () returned 0x2887b [0109.703] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.703] Sleep (dwMilliseconds=0xa) [0109.725] timeGetTime () returned 0x2888b [0109.725] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.725] Sleep (dwMilliseconds=0xa) [0109.750] timeGetTime () returned 0x288ab [0109.751] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.751] Sleep (dwMilliseconds=0xa) [0109.765] timeGetTime () returned 0x288ba [0109.765] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.765] Sleep (dwMilliseconds=0xa) [0109.781] timeGetTime () returned 0x288ca [0109.781] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.781] Sleep (dwMilliseconds=0xa) [0109.797] timeGetTime () returned 0x288d9 [0109.797] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.797] Sleep (dwMilliseconds=0xa) [0109.812] timeGetTime () returned 0x288e9 [0109.812] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.812] Sleep (dwMilliseconds=0xa) [0109.828] timeGetTime () returned 0x288f8 [0109.828] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.828] Sleep (dwMilliseconds=0xa) [0109.843] timeGetTime () returned 0x28908 [0109.843] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.843] Sleep (dwMilliseconds=0xa) [0109.860] timeGetTime () returned 0x28918 [0109.860] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.860] Sleep (dwMilliseconds=0xa) [0109.874] timeGetTime () returned 0x28927 [0109.874] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.874] Sleep (dwMilliseconds=0xa) [0109.891] timeGetTime () returned 0x28937 [0109.891] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.891] Sleep (dwMilliseconds=0xa) [0109.906] timeGetTime () returned 0x28947 [0109.906] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.906] Sleep (dwMilliseconds=0xa) [0109.922] timeGetTime () returned 0x28956 [0109.922] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.922] Sleep (dwMilliseconds=0xa) [0109.937] timeGetTime () returned 0x28966 [0109.937] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.937] Sleep (dwMilliseconds=0xa) [0109.953] timeGetTime () returned 0x28975 [0109.953] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.953] Sleep (dwMilliseconds=0xa) [0109.968] timeGetTime () returned 0x28985 [0109.968] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.968] Sleep (dwMilliseconds=0xa) [0109.984] timeGetTime () returned 0x28995 [0109.984] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.984] Sleep (dwMilliseconds=0xa) [0109.999] timeGetTime () returned 0x289a4 [0109.999] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0109.999] Sleep (dwMilliseconds=0xa) [0110.015] timeGetTime () returned 0x289b4 [0110.015] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.015] Sleep (dwMilliseconds=0xa) [0110.031] timeGetTime () returned 0x289c4 [0110.031] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0110.031] TranslateMessage (lpMsg=0x140fa14) returned 0 [0110.031] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0110.031] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0110.031] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0110.031] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.031] Sleep (dwMilliseconds=0xa) [0110.047] timeGetTime () returned 0x289d3 [0110.047] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.047] Sleep (dwMilliseconds=0xa) [0110.062] timeGetTime () returned 0x289e3 [0110.062] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.062] Sleep (dwMilliseconds=0xa) [0110.079] timeGetTime () returned 0x289f2 [0110.079] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.079] Sleep (dwMilliseconds=0xa) [0110.096] timeGetTime () returned 0x28a05 [0110.096] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.096] Sleep (dwMilliseconds=0xa) [0110.109] timeGetTime () returned 0x28a12 [0110.109] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.109] Sleep (dwMilliseconds=0xa) [0110.124] timeGetTime () returned 0x28a21 [0110.125] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.125] Sleep (dwMilliseconds=0xa) [0110.140] timeGetTime () returned 0x28a31 [0110.140] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.140] Sleep (dwMilliseconds=0xa) [0110.156] timeGetTime () returned 0x28a41 [0110.156] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.156] Sleep (dwMilliseconds=0xa) [0110.172] timeGetTime () returned 0x28a50 [0110.172] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.172] Sleep (dwMilliseconds=0xa) [0110.187] timeGetTime () returned 0x28a60 [0110.187] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.187] Sleep (dwMilliseconds=0xa) [0110.203] timeGetTime () returned 0x28a6f [0110.203] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.203] Sleep (dwMilliseconds=0xa) [0110.218] timeGetTime () returned 0x28a7f [0110.218] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.218] Sleep (dwMilliseconds=0xa) [0110.234] timeGetTime () returned 0x28a8f [0110.234] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.234] Sleep (dwMilliseconds=0xa) [0110.250] timeGetTime () returned 0x28a9e [0110.250] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.250] Sleep (dwMilliseconds=0xa) [0110.265] timeGetTime () returned 0x28aae [0110.265] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.265] Sleep (dwMilliseconds=0xa) [0110.281] timeGetTime () returned 0x28abe [0110.281] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.281] Sleep (dwMilliseconds=0xa) [0110.297] timeGetTime () returned 0x28acd [0110.297] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.297] Sleep (dwMilliseconds=0xa) [0110.312] timeGetTime () returned 0x28add [0110.312] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0110.312] Sleep (dwMilliseconds=0xa) [0111.834] timeGetTime () returned 0x290c8 [0111.834] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0111.834] TranslateMessage (lpMsg=0x140fa14) returned 0 [0111.834] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0111.834] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0111.834] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0111.834] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.834] Sleep (dwMilliseconds=0xa) [0111.845] timeGetTime () returned 0x290da [0111.845] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.845] Sleep (dwMilliseconds=0xa) [0111.855] timeGetTime () returned 0x290e4 [0111.855] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.855] Sleep (dwMilliseconds=0xa) [0111.867] timeGetTime () returned 0x290f0 [0111.867] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.867] Sleep (dwMilliseconds=0xa) [0111.878] timeGetTime () returned 0x290fa [0111.878] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.878] Sleep (dwMilliseconds=0xa) [0111.893] timeGetTime () returned 0x2910a [0111.893] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.893] Sleep (dwMilliseconds=0xa) [0111.909] timeGetTime () returned 0x2911a [0111.909] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.909] Sleep (dwMilliseconds=0xa) [0111.924] timeGetTime () returned 0x29129 [0111.924] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.925] Sleep (dwMilliseconds=0xa) [0111.941] timeGetTime () returned 0x29139 [0111.941] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.941] Sleep (dwMilliseconds=0xa) [0111.956] timeGetTime () returned 0x29149 [0111.956] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.956] Sleep (dwMilliseconds=0xa) [0111.971] timeGetTime () returned 0x29158 [0111.971] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.971] Sleep (dwMilliseconds=0xa) [0111.987] timeGetTime () returned 0x29168 [0111.987] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0111.987] Sleep (dwMilliseconds=0xa) [0112.002] timeGetTime () returned 0x29177 [0112.003] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.003] Sleep (dwMilliseconds=0xa) [0112.028] timeGetTime () returned 0x29187 [0112.028] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.028] Sleep (dwMilliseconds=0xa) [0112.050] timeGetTime () returned 0x291a6 [0112.050] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.050] Sleep (dwMilliseconds=0xa) [0112.065] timeGetTime () returned 0x291b6 [0112.065] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.065] Sleep (dwMilliseconds=0xa) [0112.081] timeGetTime () returned 0x291c6 [0112.081] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.081] Sleep (dwMilliseconds=0xa) [0112.096] timeGetTime () returned 0x291d5 [0112.096] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.096] Sleep (dwMilliseconds=0xa) [0112.112] timeGetTime () returned 0x291e5 [0112.112] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.112] Sleep (dwMilliseconds=0xa) [0112.132] timeGetTime () returned 0x291f4 [0112.132] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.132] Sleep (dwMilliseconds=0xa) [0112.143] timeGetTime () returned 0x29204 [0112.143] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.144] Sleep (dwMilliseconds=0xa) [0112.159] timeGetTime () returned 0x29214 [0112.159] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.159] Sleep (dwMilliseconds=0xa) [0112.174] timeGetTime () returned 0x29223 [0112.174] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.174] Sleep (dwMilliseconds=0xa) [0112.190] timeGetTime () returned 0x29233 [0112.190] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.190] Sleep (dwMilliseconds=0xa) [0112.206] timeGetTime () returned 0x29243 [0112.206] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.206] Sleep (dwMilliseconds=0xa) [0112.221] timeGetTime () returned 0x29252 [0112.221] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.221] Sleep (dwMilliseconds=0xa) [0112.237] timeGetTime () returned 0x29262 [0112.237] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.237] Sleep (dwMilliseconds=0xa) [0112.254] timeGetTime () returned 0x29272 [0112.254] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.254] Sleep (dwMilliseconds=0xa) [0112.269] timeGetTime () returned 0x29281 [0112.269] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.269] Sleep (dwMilliseconds=0xa) [0112.284] timeGetTime () returned 0x29291 [0112.284] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.284] Sleep (dwMilliseconds=0xa) [0112.300] timeGetTime () returned 0x292a0 [0112.300] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.300] Sleep (dwMilliseconds=0xa) [0112.834] timeGetTime () returned 0x294b7 [0112.834] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0112.834] TranslateMessage (lpMsg=0x140fa14) returned 0 [0112.834] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0112.834] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0112.834] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0112.834] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.834] Sleep (dwMilliseconds=0xa) [0112.845] timeGetTime () returned 0x294c2 [0112.845] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.845] Sleep (dwMilliseconds=0xa) [0112.856] timeGetTime () returned 0x294cc [0112.856] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.856] Sleep (dwMilliseconds=0xa) [0112.866] timeGetTime () returned 0x294d7 [0112.866] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.866] Sleep (dwMilliseconds=0xa) [0112.877] timeGetTime () returned 0x294e2 [0112.877] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.877] Sleep (dwMilliseconds=0xa) [0112.893] timeGetTime () returned 0x294f1 [0112.893] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.893] Sleep (dwMilliseconds=0xa) [0112.908] timeGetTime () returned 0x29501 [0112.908] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.908] Sleep (dwMilliseconds=0xa) [0112.924] timeGetTime () returned 0x29510 [0112.924] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.924] Sleep (dwMilliseconds=0xa) [0112.939] timeGetTime () returned 0x29520 [0112.939] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.939] Sleep (dwMilliseconds=0xa) [0112.956] timeGetTime () returned 0x29530 [0112.956] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.956] Sleep (dwMilliseconds=0xa) [0112.970] timeGetTime () returned 0x2953f [0112.970] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.970] Sleep (dwMilliseconds=0xa) [0112.986] timeGetTime () returned 0x2954f [0112.986] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0112.986] Sleep (dwMilliseconds=0xa) [0113.003] timeGetTime () returned 0x2955f [0113.003] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.003] Sleep (dwMilliseconds=0xa) [0113.013] timeGetTime () returned 0x2956a [0113.013] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.013] Sleep (dwMilliseconds=0xa) [0113.039] timeGetTime () returned 0x29584 [0113.039] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.039] Sleep (dwMilliseconds=0xa) [0113.055] timeGetTime () returned 0x29594 [0113.055] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.055] Sleep (dwMilliseconds=0xa) [0113.071] timeGetTime () returned 0x295a3 [0113.071] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.071] Sleep (dwMilliseconds=0xa) [0113.086] timeGetTime () returned 0x295b3 [0113.086] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.086] Sleep (dwMilliseconds=0xa) [0113.102] timeGetTime () returned 0x295c2 [0113.102] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.102] Sleep (dwMilliseconds=0xa) [0113.117] timeGetTime () returned 0x295d2 [0113.117] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.117] Sleep (dwMilliseconds=0xa) [0113.134] timeGetTime () returned 0x295e2 [0113.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.134] Sleep (dwMilliseconds=0xa) [0113.149] timeGetTime () returned 0x295f1 [0113.149] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.149] Sleep (dwMilliseconds=0xa) [0113.164] timeGetTime () returned 0x29601 [0113.164] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.164] Sleep (dwMilliseconds=0xa) [0113.180] timeGetTime () returned 0x29611 [0113.180] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.180] Sleep (dwMilliseconds=0xa) [0113.196] timeGetTime () returned 0x29620 [0113.196] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.196] Sleep (dwMilliseconds=0xa) [0113.211] timeGetTime () returned 0x29630 [0113.211] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.211] Sleep (dwMilliseconds=0xa) [0113.227] timeGetTime () returned 0x2963f [0113.227] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.227] Sleep (dwMilliseconds=0xa) [0113.243] timeGetTime () returned 0x2964f [0113.243] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.243] Sleep (dwMilliseconds=0xa) [0113.259] timeGetTime () returned 0x2965f [0113.259] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.259] Sleep (dwMilliseconds=0xa) [0113.274] timeGetTime () returned 0x2966e [0113.274] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.274] Sleep (dwMilliseconds=0xa) [0113.289] timeGetTime () returned 0x2967e [0113.289] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.289] Sleep (dwMilliseconds=0xa) [0113.305] timeGetTime () returned 0x2968e [0113.305] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.305] Sleep (dwMilliseconds=0xa) [0113.993] timeGetTime () returned 0x2993d [0113.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0113.993] TranslateMessage (lpMsg=0x140fa14) returned 0 [0113.993] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0113.993] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0113.994] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0113.994] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0113.994] Sleep (dwMilliseconds=0xa) [0114.008] timeGetTime () returned 0x2994d [0114.008] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.008] Sleep (dwMilliseconds=0xa) [0114.023] timeGetTime () returned 0x2995c [0114.023] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.023] Sleep (dwMilliseconds=0xa) [0114.039] timeGetTime () returned 0x2996c [0114.039] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.039] Sleep (dwMilliseconds=0xa) [0114.055] timeGetTime () returned 0x2997c [0114.055] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.055] Sleep (dwMilliseconds=0xa) [0114.070] timeGetTime () returned 0x2998b [0114.070] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.070] Sleep (dwMilliseconds=0xa) [0114.086] timeGetTime () returned 0x2999b [0114.086] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.086] Sleep (dwMilliseconds=0xa) [0114.102] timeGetTime () returned 0x299aa [0114.102] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.102] Sleep (dwMilliseconds=0xa) [0114.117] timeGetTime () returned 0x299ba [0114.117] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.117] Sleep (dwMilliseconds=0xa) [0114.133] timeGetTime () returned 0x299ca [0114.133] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.133] Sleep (dwMilliseconds=0xa) [0114.149] timeGetTime () returned 0x299d9 [0114.149] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.149] Sleep (dwMilliseconds=0xa) [0114.164] timeGetTime () returned 0x299e9 [0114.164] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.164] Sleep (dwMilliseconds=0xa) [0114.180] timeGetTime () returned 0x299f9 [0114.180] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.180] Sleep (dwMilliseconds=0xa) [0114.196] timeGetTime () returned 0x29a08 [0114.196] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.196] Sleep (dwMilliseconds=0xa) [0114.211] timeGetTime () returned 0x29a18 [0114.211] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.211] Sleep (dwMilliseconds=0xa) [0114.227] timeGetTime () returned 0x29a28 [0114.227] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.227] Sleep (dwMilliseconds=0xa) [0114.243] timeGetTime () returned 0x29a37 [0114.243] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.243] Sleep (dwMilliseconds=0xa) [0114.258] timeGetTime () returned 0x29a47 [0114.258] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.258] Sleep (dwMilliseconds=0xa) [0114.273] timeGetTime () returned 0x29a56 [0114.273] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.273] Sleep (dwMilliseconds=0xa) [0114.289] timeGetTime () returned 0x29a66 [0114.289] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.289] Sleep (dwMilliseconds=0xa) [0114.305] timeGetTime () returned 0x29a76 [0114.305] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.305] Sleep (dwMilliseconds=0xa) [0114.686] timeGetTime () returned 0x29bed [0114.686] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.686] Sleep (dwMilliseconds=0xa) [0114.711] timeGetTime () returned 0x29c0c [0114.711] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.711] Sleep (dwMilliseconds=0xa) [0114.733] timeGetTime () returned 0x29c1b [0114.733] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.733] Sleep (dwMilliseconds=0xa) [0114.758] timeGetTime () returned 0x29c3b [0114.758] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0114.758] TranslateMessage (lpMsg=0x140fa14) returned 0 [0114.758] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0114.758] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0114.758] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0114.758] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.758] Sleep (dwMilliseconds=0xa) [0114.774] timeGetTime () returned 0x29c4a [0114.774] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.774] Sleep (dwMilliseconds=0xa) [0114.790] timeGetTime () returned 0x29c5a [0114.790] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.790] Sleep (dwMilliseconds=0xa) [0114.805] timeGetTime () returned 0x29c6a [0114.805] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.805] Sleep (dwMilliseconds=0xa) [0114.820] timeGetTime () returned 0x29c79 [0114.820] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.820] Sleep (dwMilliseconds=0xa) [0114.836] timeGetTime () returned 0x29c89 [0114.836] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.836] Sleep (dwMilliseconds=0xa) [0114.852] timeGetTime () returned 0x29c98 [0114.852] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.852] Sleep (dwMilliseconds=0xa) [0114.867] timeGetTime () returned 0x29ca8 [0114.867] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.867] Sleep (dwMilliseconds=0xa) [0114.883] timeGetTime () returned 0x29cb8 [0114.883] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.883] Sleep (dwMilliseconds=0xa) [0114.898] timeGetTime () returned 0x29cc7 [0114.898] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.899] Sleep (dwMilliseconds=0xa) [0114.914] timeGetTime () returned 0x29cd7 [0114.914] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.914] Sleep (dwMilliseconds=0xa) [0114.930] timeGetTime () returned 0x29ce7 [0114.930] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.930] Sleep (dwMilliseconds=0xa) [0114.945] timeGetTime () returned 0x29cf6 [0114.945] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.945] Sleep (dwMilliseconds=0xa) [0114.961] timeGetTime () returned 0x29d06 [0114.961] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.961] Sleep (dwMilliseconds=0xa) [0114.977] timeGetTime () returned 0x29d15 [0114.977] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.977] Sleep (dwMilliseconds=0xa) [0114.993] timeGetTime () returned 0x29d25 [0114.993] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0114.993] Sleep (dwMilliseconds=0xa) [0115.008] timeGetTime () returned 0x29d35 [0115.008] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.008] Sleep (dwMilliseconds=0xa) [0115.023] timeGetTime () returned 0x29d44 [0115.024] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.024] Sleep (dwMilliseconds=0xa) [0115.039] timeGetTime () returned 0x29d54 [0115.039] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.039] Sleep (dwMilliseconds=0xa) [0115.055] timeGetTime () returned 0x29d64 [0115.055] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.055] Sleep (dwMilliseconds=0xa) [0115.070] timeGetTime () returned 0x29d73 [0115.070] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.070] Sleep (dwMilliseconds=0xa) [0115.086] timeGetTime () returned 0x29d83 [0115.086] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.086] Sleep (dwMilliseconds=0xa) [0115.102] timeGetTime () returned 0x29d92 [0115.102] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.102] Sleep (dwMilliseconds=0xa) [0115.117] timeGetTime () returned 0x29da2 [0115.117] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.117] Sleep (dwMilliseconds=0xa) [0115.133] timeGetTime () returned 0x29db2 [0115.133] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.133] Sleep (dwMilliseconds=0xa) [0115.149] timeGetTime () returned 0x29dc1 [0115.149] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.149] Sleep (dwMilliseconds=0xa) [0115.164] timeGetTime () returned 0x29dd1 [0115.164] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.164] Sleep (dwMilliseconds=0xa) [0115.180] timeGetTime () returned 0x29de1 [0115.180] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.180] Sleep (dwMilliseconds=0xa) [0115.195] timeGetTime () returned 0x29df0 [0115.195] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.195] Sleep (dwMilliseconds=0xa) [0115.211] timeGetTime () returned 0x29e00 [0115.211] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.211] Sleep (dwMilliseconds=0xa) [0115.227] timeGetTime () returned 0x29e0f [0115.227] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.227] Sleep (dwMilliseconds=0xa) [0115.242] timeGetTime () returned 0x29e1f [0115.242] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.243] Sleep (dwMilliseconds=0xa) [0115.258] timeGetTime () returned 0x29e2f [0115.258] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.258] Sleep (dwMilliseconds=0xa) [0115.273] timeGetTime () returned 0x29e3e [0115.273] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.273] Sleep (dwMilliseconds=0xa) [0115.289] timeGetTime () returned 0x29e4e [0115.289] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.289] Sleep (dwMilliseconds=0xa) [0115.305] timeGetTime () returned 0x29e5e [0115.305] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0115.305] Sleep (dwMilliseconds=0xa) [0116.602] timeGetTime () returned 0x2a35f [0116.602] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0116.602] TranslateMessage (lpMsg=0x140fa14) returned 0 [0116.602] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0116.602] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0116.602] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0116.602] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.602] Sleep (dwMilliseconds=0xa) [0116.619] timeGetTime () returned 0x2a37e [0116.619] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.619] Sleep (dwMilliseconds=0xa) [0116.633] timeGetTime () returned 0x2a38e [0116.633] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.633] Sleep (dwMilliseconds=0xa) [0116.649] timeGetTime () returned 0x2a39d [0116.650] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.650] Sleep (dwMilliseconds=0xa) [0116.665] timeGetTime () returned 0x2a3ad [0116.665] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.665] Sleep (dwMilliseconds=0xa) [0116.680] timeGetTime () returned 0x2a3bd [0116.680] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.680] Sleep (dwMilliseconds=0xa) [0116.696] timeGetTime () returned 0x2a3cc [0116.696] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.696] Sleep (dwMilliseconds=0xa) [0116.711] timeGetTime () returned 0x2a3dc [0116.711] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.711] Sleep (dwMilliseconds=0xa) [0116.739] timeGetTime () returned 0x2a3eb [0116.739] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.739] Sleep (dwMilliseconds=0xa) [0116.759] timeGetTime () returned 0x2a40b [0116.759] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.759] Sleep (dwMilliseconds=0xa) [0116.774] timeGetTime () returned 0x2a41a [0116.774] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.774] Sleep (dwMilliseconds=0xa) [0116.789] timeGetTime () returned 0x2a42a [0116.789] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.789] Sleep (dwMilliseconds=0xa) [0116.805] timeGetTime () returned 0x2a43a [0116.805] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.805] Sleep (dwMilliseconds=0xa) [0116.821] timeGetTime () returned 0x2a449 [0116.821] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.821] Sleep (dwMilliseconds=0xa) [0116.837] timeGetTime () returned 0x2a459 [0116.837] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.837] Sleep (dwMilliseconds=0xa) [0116.852] timeGetTime () returned 0x2a468 [0116.852] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.852] Sleep (dwMilliseconds=0xa) [0116.867] timeGetTime () returned 0x2a478 [0116.867] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.867] Sleep (dwMilliseconds=0xa) [0116.883] timeGetTime () returned 0x2a488 [0116.883] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.883] Sleep (dwMilliseconds=0xa) [0116.893] timeGetTime () returned 0x2a492 [0116.893] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.893] Sleep (dwMilliseconds=0xa) [0116.957] timeGetTime () returned 0x2a4c8 [0116.957] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.957] Sleep (dwMilliseconds=0xa) [0116.978] timeGetTime () returned 0x2a4e7 [0116.979] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.979] Sleep (dwMilliseconds=0xa) [0116.996] timeGetTime () returned 0x2a4f7 [0116.996] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0116.996] Sleep (dwMilliseconds=0xa) [0117.010] timeGetTime () returned 0x2a506 [0117.010] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.010] Sleep (dwMilliseconds=0xa) [0117.026] timeGetTime () returned 0x2a516 [0117.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.026] Sleep (dwMilliseconds=0xa) [0117.041] timeGetTime () returned 0x2a526 [0117.041] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.041] Sleep (dwMilliseconds=0xa) [0117.056] timeGetTime () returned 0x2a535 [0117.057] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.057] Sleep (dwMilliseconds=0xa) [0117.072] timeGetTime () returned 0x2a545 [0117.072] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.072] Sleep (dwMilliseconds=0xa) [0117.088] timeGetTime () returned 0x2a554 [0117.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.088] Sleep (dwMilliseconds=0xa) [0117.103] timeGetTime () returned 0x2a564 [0117.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.103] Sleep (dwMilliseconds=0xa) [0117.119] timeGetTime () returned 0x2a574 [0117.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.119] Sleep (dwMilliseconds=0xa) [0117.135] timeGetTime () returned 0x2a583 [0117.135] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.135] Sleep (dwMilliseconds=0xa) [0117.150] timeGetTime () returned 0x2a593 [0117.150] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.150] Sleep (dwMilliseconds=0xa) [0117.166] timeGetTime () returned 0x2a5a3 [0117.166] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.166] Sleep (dwMilliseconds=0xa) [0117.182] timeGetTime () returned 0x2a5b2 [0117.182] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.182] Sleep (dwMilliseconds=0xa) [0117.197] timeGetTime () returned 0x2a5c2 [0117.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.197] Sleep (dwMilliseconds=0xa) [0117.213] timeGetTime () returned 0x2a5d1 [0117.213] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.213] Sleep (dwMilliseconds=0xa) [0117.229] timeGetTime () returned 0x2a5e1 [0117.229] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.229] Sleep (dwMilliseconds=0xa) [0117.244] timeGetTime () returned 0x2a5f1 [0117.244] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.244] Sleep (dwMilliseconds=0xa) [0117.260] timeGetTime () returned 0x2a600 [0117.260] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.260] Sleep (dwMilliseconds=0xa) [0117.277] timeGetTime () returned 0x2a612 [0117.277] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.277] Sleep (dwMilliseconds=0xa) [0117.291] timeGetTime () returned 0x2a620 [0117.291] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.291] Sleep (dwMilliseconds=0xa) [0117.306] timeGetTime () returned 0x2a62f [0117.306] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0117.306] Sleep (dwMilliseconds=0xa) [0118.851] timeGetTime () returned 0x2ac2c [0118.851] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0118.851] TranslateMessage (lpMsg=0x140fa14) returned 0 [0118.851] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0118.851] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0118.851] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0118.851] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.851] Sleep (dwMilliseconds=0xa) [0118.869] timeGetTime () returned 0x2ac4a [0118.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.869] Sleep (dwMilliseconds=0xa) [0118.884] timeGetTime () returned 0x2ac59 [0118.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.884] Sleep (dwMilliseconds=0xa) [0118.901] timeGetTime () returned 0x2ac6a [0118.901] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.901] Sleep (dwMilliseconds=0xa) [0118.916] timeGetTime () returned 0x2ac79 [0118.916] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.916] Sleep (dwMilliseconds=0xa) [0118.931] timeGetTime () returned 0x2ac88 [0118.931] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.931] Sleep (dwMilliseconds=0xa) [0118.947] timeGetTime () returned 0x2ac98 [0118.947] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.947] Sleep (dwMilliseconds=0xa) [0118.964] timeGetTime () returned 0x2aca8 [0118.964] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.964] Sleep (dwMilliseconds=0xa) [0118.978] timeGetTime () returned 0x2acb7 [0118.978] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.978] Sleep (dwMilliseconds=0xa) [0118.994] timeGetTime () returned 0x2acc7 [0118.994] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0118.994] Sleep (dwMilliseconds=0xa) [0119.009] timeGetTime () returned 0x2acd6 [0119.009] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.009] Sleep (dwMilliseconds=0xa) [0119.025] timeGetTime () returned 0x2ace6 [0119.026] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.026] Sleep (dwMilliseconds=0xa) [0119.041] timeGetTime () returned 0x2acf6 [0119.041] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.041] Sleep (dwMilliseconds=0xa) [0119.056] timeGetTime () returned 0x2ad05 [0119.056] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.056] Sleep (dwMilliseconds=0xa) [0119.072] timeGetTime () returned 0x2ad15 [0119.072] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.072] Sleep (dwMilliseconds=0xa) [0119.088] timeGetTime () returned 0x2ad24 [0119.088] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.088] Sleep (dwMilliseconds=0xa) [0119.103] timeGetTime () returned 0x2ad34 [0119.103] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.103] Sleep (dwMilliseconds=0xa) [0119.119] timeGetTime () returned 0x2ad44 [0119.119] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.119] Sleep (dwMilliseconds=0xa) [0119.134] timeGetTime () returned 0x2ad53 [0119.134] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.134] Sleep (dwMilliseconds=0xa) [0119.151] timeGetTime () returned 0x2ad64 [0119.151] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.151] Sleep (dwMilliseconds=0xa) [0119.166] timeGetTime () returned 0x2ad73 [0119.166] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.166] Sleep (dwMilliseconds=0xa) [0119.182] timeGetTime () returned 0x2ad83 [0119.182] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.182] Sleep (dwMilliseconds=0xa) [0119.197] timeGetTime () returned 0x2ad92 [0119.197] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.197] Sleep (dwMilliseconds=0xa) [0119.213] timeGetTime () returned 0x2ada1 [0119.213] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.213] Sleep (dwMilliseconds=0xa) [0119.228] timeGetTime () returned 0x2adb1 [0119.228] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.228] Sleep (dwMilliseconds=0xa) [0119.244] timeGetTime () returned 0x2adc1 [0119.244] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.244] Sleep (dwMilliseconds=0xa) [0119.259] timeGetTime () returned 0x2add0 [0119.259] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.259] Sleep (dwMilliseconds=0xa) [0119.275] timeGetTime () returned 0x2ade0 [0119.275] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.275] Sleep (dwMilliseconds=0xa) [0119.291] timeGetTime () returned 0x2adf0 [0119.291] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.292] Sleep (dwMilliseconds=0xa) [0119.307] timeGetTime () returned 0x2adff [0119.307] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0119.307] Sleep (dwMilliseconds=0xa) [0120.815] timeGetTime () returned 0x2b3db [0120.815] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 1 [0120.815] TranslateMessage (lpMsg=0x140fa14) returned 0 [0120.815] DispatchMessageW (lpMsg=0x140fa14) returned 0x0 [0120.815] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0120.815] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0120.815] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0120.815] Sleep (dwMilliseconds=0xa) [0120.838] timeGetTime () returned 0x2b3fa [0120.838] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0120.838] Sleep (dwMilliseconds=0xa) [0120.854] timeGetTime () returned 0x2b40b [0120.854] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0120.854] Sleep (dwMilliseconds=0xa) [0120.869] timeGetTime () returned 0x2b41a [0120.869] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0120.869] Sleep (dwMilliseconds=0xa) [0120.884] timeGetTime () returned 0x2b429 [0120.884] PeekMessageW (in: lpMsg=0x140fa14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fa14) returned 0 [0120.884] Sleep (dwMilliseconds=0xa) [0120.900] timeGetTime () returned 0x2b439 [0120.900] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0120.900] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0120.900] CharUpperBuffW (in: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW", cchLength=0x19 | out: lpsz="AFZHTNZQLSJMRXEEVBKJQGHFW") returned 0x19 [0120.901] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0120.902] CharUpperBuffW (in: lpsz="KBDAWXANAYMENLXTBHYH", cchLength=0x14 | out: lpsz="KBDAWXANAYMENLXTBHYH") returned 0x14 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.902] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.903] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.904] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.905] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.906] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f48c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f48c) returned 0 [0120.916] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0120.916] CharUpperBuffW (in: lpsz="ZXZROTSXAHLYQONZOSFQ", cchLength=0x14 | out: lpsz="ZXZROTSXAHLYQONZOSFQ") returned 0x14 [0120.916] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.917] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.918] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.919] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.920] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.921] PeekMessageW (in: lpMsg=0x140f474, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f474) returned 0 [0120.921] CharUpperBuffW (in: lpsz="DRCRGHL_UNGXW_DJNIWD", cchLength=0x14 | out: lpsz="DRCRGHL_UNGXW_DJNIWD") returned 0x14 [0120.922] CharUpperBuffW (in: lpsz="IQAEUFHRNGYTGLLFYOEP", cchLength=0x14 | out: lpsz="IQAEUFHRNGYTGLLFYOEP") returned 0x14 [0120.922] CharUpperBuffW (in: lpsz="EYFXVEJITGJOKOEHRQUX", cchLength=0x14 | out: lpsz="EYFXVEJITGJOKOEHRQUX") returned 0x14 [0120.932] CharUpperBuffW (in: lpsz="ADLEGKOTZKQAMWSCHNBE", cchLength=0x14 | out: lpsz="ADLEGKOTZKQAMWSCHNBE") returned 0x14 [0120.933] CharUpperBuffW (in: lpsz="VDWNBGSLTDFAOFXVATXQ", cchLength=0x14 | out: lpsz="VDWNBGSLTDFAOFXVATXQ") returned 0x14 [0120.947] CharUpperBuffW (in: lpsz="VFAZUOFXOKNOJOIXGXMX", cchLength=0x14 | out: lpsz="VFAZUOFXOKNOJOIXGXMX") returned 0x14 [0120.963] CharUpperBuffW (in: lpsz="DZAABHGKMJRRKSWIZKMO", cchLength=0x14 | out: lpsz="DZAABHGKMJRRKSWIZKMO") returned 0x14 [0120.963] CharUpperBuffW (in: lpsz="LKHBBGWOWJGXSQGTHJTE", cchLength=0x14 | out: lpsz="LKHBBGWOWJGXSQGTHJTE") returned 0x14 [0120.964] CharUpperBuffW (in: lpsz="SRRJZSECBBCSSWOGGRQW", cchLength=0x14 | out: lpsz="SRRJZSECBBCSSWOGGRQW") returned 0x14 [0120.994] CharUpperBuffW (in: lpsz="__BVDGVYIOLSNUXVDNDW", cchLength=0x14 | out: lpsz="__BVDGVYIOLSNUXVDNDW") returned 0x14 [0120.995] CharUpperBuffW (in: lpsz="MWKQBSABXTRGDQMR_ZFX", cchLength=0x14 | out: lpsz="MWKQBSABXTRGDQMR_ZFX") returned 0x14 [0120.996] CharUpperBuffW (in: lpsz="GSSHULABEGSZWLCXUHSU", cchLength=0x14 | out: lpsz="GSSHULABEGSZWLCXUHSU") returned 0x14 [0121.010] CharUpperBuffW (in: lpsz="NELKGUBTCZVHBQOGTIAS", cchLength=0x14 | out: lpsz="NELKGUBTCZVHBQOGTIAS") returned 0x14 [0121.010] CharUpperBuffW (in: lpsz="UGAS_CRKTYSEJDLNQCLI", cchLength=0x14 | out: lpsz="UGAS_CRKTYSEJDLNQCLI") returned 0x14 [0121.011] CharUpperBuffW (in: lpsz="DEFLJIDQKTBQQNUYWIPH", cchLength=0x14 | out: lpsz="DEFLJIDQKTBQQNUYWIPH") returned 0x14 [0121.025] CharUpperBuffW (in: lpsz="QIMOEZQLAMKUJPVLLFNB", cchLength=0x14 | out: lpsz="QIMOEZQLAMKUJPVLLFNB") returned 0x14 [0121.057] CharUpperBuffW (in: lpsz="ZIPWTCTFEVGMTGFRBQKE", cchLength=0x14 | out: lpsz="ZIPWTCTFEVGMTGFRBQKE") returned 0x14 [0121.058] CharUpperBuffW (in: lpsz="SJBNKKFEJUJHYSDDUALQ", cchLength=0x14 | out: lpsz="SJBNKKFEJUJHYSDDUALQ") returned 0x14 [0121.058] CharUpperBuffW (in: lpsz="ZKCAABKVU_KZFBRVUJMC", cchLength=0x14 | out: lpsz="ZKCAABKVU_KZFBRVUJMC") returned 0x14 [0121.059] CharUpperBuffW (in: lpsz="BZWRNIVJXUZXKPAWIBBP", cchLength=0x14 | out: lpsz="BZWRNIVJXUZXKPAWIBBP") returned 0x14 [0121.060] CharUpperBuffW (in: lpsz="CELLZRAKURVALWKTKKGT", cchLength=0x14 | out: lpsz="CELLZRAKURVALWKTKKGT") returned 0x14 [0121.072] CharUpperBuffW (in: lpsz="AWLBODDKVEIPWBCPNYQS", cchLength=0x14 | out: lpsz="AWLBODDKVEIPWBCPNYQS") returned 0x14 [0121.088] CharUpperBuffW (in: lpsz="ONUHBJX_FQMJHPCMXQUP", cchLength=0x14 | out: lpsz="ONUHBJX_FQMJHPCMXQUP") returned 0x14 [0121.104] CharUpperBuffW (in: lpsz="FXTVGINBESGGVHUBHAIA", cchLength=0x14 | out: lpsz="FXTVGINBESGGVHUBHAIA") returned 0x14 [0121.105] CharUpperBuffW (in: lpsz="YMTKQXZNOTHKQXYPTVHF", cchLength=0x14 | out: lpsz="YMTKQXZNOTHKQXYPTVHF") returned 0x14 [0121.105] CharUpperBuffW (in: lpsz="OLGAUG_AAMAVBDSNSMTX", cchLength=0x14 | out: lpsz="OLGAUG_AAMAVBDSNSMTX") returned 0x14 [0121.119] CharUpperBuffW (in: lpsz="BSKXQZHUTMKJTTCBMAUQ", cchLength=0x14 | out: lpsz="BSKXQZHUTMKJTTCBMAUQ") returned 0x14 [0121.121] CharUpperBuffW (in: lpsz="FQXYDFKULNH_XGCHAXSH", cchLength=0x14 | out: lpsz="FQXYDFKULNH_XGCHAXSH") returned 0x14 [0121.135] CharUpperBuffW (in: lpsz="LLAV_SNBRGFRRVVRMBXO", cchLength=0x14 | out: lpsz="LLAV_SNBRGFRRVVRMBXO") returned 0x14 [0121.150] CharUpperBuffW (in: lpsz="QOYYVMVQESVPTQQRTHWE", cchLength=0x14 | out: lpsz="QOYYVMVQESVPTQQRTHWE") returned 0x14 [0121.151] CharUpperBuffW (in: lpsz="LAVGVQXFGQGCWZYBFUVO", cchLength=0x14 | out: lpsz="LAVGVQXFGQGCWZYBFUVO") returned 0x14 [0121.151] CharUpperBuffW (in: lpsz="FLQZMTLVVQYEYWVWSNDR", cchLength=0x14 | out: lpsz="FLQZMTLVVQYEYWVWSNDR") returned 0x14 [0121.166] CharUpperBuffW (in: lpsz="FAXWCEOS_KJKYDQ_RGJO", cchLength=0x14 | out: lpsz="FAXWCEOS_KJKYDQ_RGJO") returned 0x14 [0121.182] CharUpperBuffW (in: lpsz="TWEOZQLZIZIOUN_KWFSU", cchLength=0x14 | out: lpsz="TWEOZQLZIZIOUN_KWFSU") returned 0x14 [0121.183] CharUpperBuffW (in: lpsz="SKIFEUAESYRCZQKUQWVL", cchLength=0x14 | out: lpsz="SKIFEUAESYRCZQKUQWVL") returned 0x14 [0121.197] CharUpperBuffW (in: lpsz="C_RPOUWDLANXEBJBDYMH", cchLength=0x14 | out: lpsz="C_RPOUWDLANXEBJBDYMH") returned 0x14 [0121.198] CharUpperBuffW (in: lpsz="ITWFPFGDSPSLSMKQIXAY", cchLength=0x14 | out: lpsz="ITWFPFGDSPSLSMKQIXAY") returned 0x14 [0121.199] CharUpperBuffW (in: lpsz="UMUDBENUDDBKLRIHNGXH", cchLength=0x14 | out: lpsz="UMUDBENUDDBKLRIHNGXH") returned 0x14 [0121.213] CharUpperBuffW (in: lpsz="OQFLLLDDFRIZTFPJPDGL", cchLength=0x14 | out: lpsz="OQFLLLDDFRIZTFPJPDGL") returned 0x14 [0121.228] CharUpperBuffW (in: lpsz="DITYZYOACZIDXZOUNCIL", cchLength=0x14 | out: lpsz="DITYZYOACZIDXZOUNCIL") returned 0x14 [0121.247] CharUpperBuffW (in: lpsz="QSGBTDANNS_QANWTOZTF", cchLength=0x14 | out: lpsz="QSGBTDANNS_QANWTOZTF") returned 0x14 [0121.248] CharUpperBuffW (in: lpsz="DDMWZTPEEZLF_OFUHAKM", cchLength=0x14 | out: lpsz="DDMWZTPEEZLF_OFUHAKM") returned 0x14 [0121.249] CharUpperBuffW (in: lpsz="PUSNXDLNPPJCJMZS_CXX", cchLength=0x14 | out: lpsz="PUSNXDLNPPJCJMZS_CXX") returned 0x14 [0121.250] CharUpperBuffW (in: lpsz="XVKQUND_LOLNCSWTYCZD", cchLength=0x14 | out: lpsz="XVKQUND_LOLNCSWTYCZD") returned 0x14 [0121.260] CharUpperBuffW (in: lpsz="HPWHYTUYYFQPRGGVRHMJ", cchLength=0x14 | out: lpsz="HPWHYTUYYFQPRGGVRHMJ") returned 0x14 [0121.275] CharUpperBuffW (in: lpsz="NKRJWTXNTBMQVEDNSBWX", cchLength=0x14 | out: lpsz="NKRJWTXNTBMQVEDNSBWX") returned 0x14 [0121.292] CharUpperBuffW (in: lpsz="QJPCUKOGRHHPVHFGLWPT", cchLength=0x14 | out: lpsz="QJPCUKOGRHHPVHFGLWPT") returned 0x14 [0121.292] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0121.292] CharUpperBuffW (in: lpsz="JOVNXETDYMKCTLJKCKLB", cchLength=0x14 | out: lpsz="JOVNXETDYMKCTLJKCKLB") returned 0x14 [0121.292] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.292] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.292] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.293] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.293] CharLowerBuffW (in: lpsz="ptr", cchLength=0x3 | out: lpsz="ptr") returned 0x3 [0121.293] LoadLibraryW (lpLibFileName="kernel32") returned 0x75260000 [0121.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAlloc", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0121.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAlloc", cchWideChar=13, lpMultiByteStr=0x3f372c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAlloc", lpUsedDefaultChar=0x0) returned 13 [0121.293] GetProcAddress (hModule=0x75260000, lpProcName="VirtualAlloc") returned 0x75278b70 [0121.293] VirtualAlloc (lpAddress=0x0, dwSize=0x5c2, flAllocationType=0x3000, flProtect=0x40) returned 0x3770000 [0121.294] FreeLibrary (hLibModule=0x75260000) returned 1 [0121.294] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.294] CharUpperBuffW (in: lpsz="WCFWIZIQMRBTJYSTFNEJ", cchLength=0x14 | out: lpsz="WCFWIZIQMRBTJYSTFNEJ") returned 0x14 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.294] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.295] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] CharLowerBuffW (in: lpsz="byte shellcode[1474]", cchLength=0x14 | out: lpsz="byte shellcode[1474]") returned 0x14 [0121.296] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.296] CharUpperBuffW (in: lpsz="BDMVMUCQGDKRUZFZFQGQ", cchLength=0x14 | out: lpsz="BDMVMUCQGDKRUZFZFQGQ") returned 0x14 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.296] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.297] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] CharUpperBuffW (in: lpsz="EZUOZRSOKLMXMJJLTFYE", cchLength=0x14 | out: lpsz="EZUOZRSOKLMXMJJLTFYE") returned 0x14 [0121.318] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.318] CharLowerBuffW (in: lpsz="byte lpfile[404482]", cchLength=0x13 | out: lpsz="byte lpfile[404482]") returned 0x13 [0121.893] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 1 [0121.893] TranslateMessage (lpMsg=0x140f9a4) returned 0 [0121.893] DispatchMessageW (lpMsg=0x140f9a4) returned 0x0 [0121.893] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0121.893] SetTimer (hWnd=0x40170, nIDEvent=0x1, uElapse=0x2ee, lpTimerFunc=0x0) returned 0x1 [0121.894] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.894] CharUpperBuffW (in: lpsz="UIWMCCQFJDRMBBOOXJFW", cchLength=0x14 | out: lpsz="UIWMCCQFJDRMBBOOXJFW") returned 0x14 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.894] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.895] CharUpperBuffW (in: lpsz="XITTQWZDHJOOZBSJCARU", cchLength=0x14 | out: lpsz="XITTQWZDHJOOZBSJCARU") returned 0x14 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.895] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.896] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.896] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.896] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.897] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] CharUpperBuffW (in: lpsz="UAEPMYTZMOR__TLNBSDD", cchLength=0x14 | out: lpsz="UAEPMYTZMOR__TLNBSDD") returned 0x14 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] CharUpperBuffW (in: lpsz="ONNCSHFOB_HLMJHAYKGU", cchLength=0x14 | out: lpsz="ONNCSHFOB_HLMJHAYKGU") returned 0x14 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.898] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.906] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.906] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.906] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.906] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.906] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.906] PeekMessageW (in: lpMsg=0x140f13c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f13c) returned 0 [0121.907] CharLowerBuffW (in: lpsz="dword", cchLength=0x5 | out: lpsz="dword") returned 0x5 [0121.911] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x140ef40*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x140f03c | out: lpCommandLine="", lpProcessInformation=0x140f03c*(hProcess=0x220, hThread=0x214, dwProcessId=0x73c, dwThreadId=0x744)) returned 1 [0121.932] GetThreadContext (in: hThread=0x214, lpContext=0x140ec74 | out: lpContext=0x140ec74*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xffa53000, Edx=0x0, Ecx=0x0, Eax=0xef7f4a, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x142faf8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0121.935] ReadProcessMemory (in: hProcess=0x220, lpBaseAddress=0xffa53008, lpBuffer=0x140f020, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x140f020*, lpNumberOfBytesRead=0x0) returned 1 [0121.935] VirtualAlloc (lpAddress=0x0, dwSize=0x35000, flAllocationType=0x3000, flProtect=0x40) returned 0x4b50000 [0121.935] VirtualAllocEx (hProcess=0x220, lpAddress=0x400000, dwSize=0x35000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0121.937] WriteProcessMemory (in: hProcess=0x220, lpBaseAddress=0x400000, lpBuffer=0x4b50000*, nSize=0x35000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x4b50000*, lpNumberOfBytesWritten=0x0) returned 1 [0121.942] VirtualProtectEx (in: hProcess=0x220, lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x140f000 | out: lpflOldProtect=0x140f000*=0x40) returned 1 [0121.942] VirtualProtectEx (in: hProcess=0x220, lpAddress=0x401000, dwSize=0xf2d, flNewProtect=0x20, lpflOldProtect=0x140f000 | out: lpflOldProtect=0x140f000*=0x40) returned 1 [0121.942] VirtualProtectEx (in: hProcess=0x220, lpAddress=0x402000, dwSize=0x49e, flNewProtect=0x2, lpflOldProtect=0x140f000 | out: lpflOldProtect=0x140f000*=0x40) returned 1 [0121.942] VirtualProtectEx (in: hProcess=0x220, lpAddress=0x403000, dwSize=0x334, flNewProtect=0x4, lpflOldProtect=0x140f000 | out: lpflOldProtect=0x140f000*=0x40) returned 1 [0121.942] VirtualProtectEx (in: hProcess=0x220, lpAddress=0x404000, dwSize=0x2f6fc, flNewProtect=0x2, lpflOldProtect=0x140f000 | out: lpflOldProtect=0x140f000*=0x40) returned 1 [0121.942] VirtualProtectEx (in: hProcess=0x220, lpAddress=0x434000, dwSize=0xe8, flNewProtect=0x2, lpflOldProtect=0x140f000 | out: lpflOldProtect=0x140f000*=0x40) returned 1 [0121.943] VirtualFree (lpAddress=0x4b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.944] WriteProcessMemory (in: hProcess=0x220, lpBaseAddress=0xffa53008, lpBuffer=0x140f05c*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x140f05c*, lpNumberOfBytesWritten=0x0) returned 1 [0121.945] SetThreadContext (hThread=0x214, lpContext=0x140ec74*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xffa53000, Edx=0x0, Ecx=0x0, Eax=0x4015c6, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x142faf8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0121.947] ResumeThread (hThread=0x214) returned 0x1 [0121.947] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.948] CharUpperBuffW (in: lpsz="QJPCUKOGRHHPVHFGLWPT", cchLength=0x14 | out: lpsz="QJPCUKOGRHHPVHFGLWPT") returned 0x14 [0121.948] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.948] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.948] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.948] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.948] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.948] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.949] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] CharUpperBuffW (in: lpsz="VGKPCSWHJZHGUCIJZYKW", cchLength=0x14 | out: lpsz="VGKPCSWHJZHGUCIJZYKW") returned 0x14 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.950] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.951] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] CharUpperBuffW (in: lpsz="OIFUCBJWXVJEMQAICUGL", cchLength=0x14 | out: lpsz="OIFUCBJWXVJEMQAICUGL") returned 0x14 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.952] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] PeekMessageW (in: lpMsg=0x140f124, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f124) returned 0 [0121.953] CharLowerBuffW (in: lpsz="dword", cchLength=0x5 | out: lpsz="dword") returned 0x5 [0121.953] LoadLibraryW (lpLibFileName="kernel32") returned 0x75260000 [0121.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualFree", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0121.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualFree", cchWideChar=12, lpMultiByteStr=0x3f37920, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualFree", lpUsedDefaultChar=0x0) returned 12 [0121.953] GetProcAddress (hModule=0x75260000, lpProcName="VirtualFree") returned 0x75278c70 [0121.953] VirtualFree (lpAddress=0x3770000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.954] FreeLibrary (hLibModule=0x75260000) returned 1 [0121.954] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.954] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.954] PeekMessageW (in: lpMsg=0x140f9a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140f9a4) returned 0 [0121.958] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0121.959] PeekMessageW (in: lpMsg=0x140fbfc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x140fbfc) returned 0 [0121.959] LockWindowUpdate (hWndLock=0x0) returned 0 [0121.959] DestroyWindow (hWnd=0x40170) returned 1 [0121.959] NtdllDefWindowProc_W (hWnd=0x40170, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0121.960] KillTimer (hWnd=0x40170, uIDEvent=0x1) returned 1 [0122.101] PostQuitMessage (nExitCode=0) [0122.101] GetMessageW (in: lpMsg=0x140fcb4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x140fcb4) returned 0 [0122.217] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0122.217] SystemParametersInfoW (in: uiAction=0x2001, uiParam=0x0, pvParam=0x30d40, fWinIni=0x2 | out: pvParam=0x30d40) returned 1 [0122.225] mciSendStringW (in: lpstrCommand="close all", lpstrReturnString=0x0, uReturnLength=0x0, hwndCallback=0x0 | out: lpstrReturnString=0x0) returned 0x0 [0122.227] FreeLibrary (hLibModule=0x76a10000) returned 1 [0122.227] OleUninitialize () [0122.231] DestroyCursor (hCursor=0x190209) returned 0 [0122.232] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x142fcec | out: phModule=0x142fcec) returned 0 [0122.232] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x4f4 Thread: id = 3 os_tid = 0xa14 Process: id = "2" image_name = "urkotu.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe" page_root = "0x39942000" os_pid = "0x73c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x858" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 241 start_va = 0xe20000 end_va = 0xe3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 242 start_va = 0xe40000 end_va = 0xe41fff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 243 start_va = 0xe50000 end_va = 0xe63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 244 start_va = 0xe70000 end_va = 0xeaffff entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 245 start_va = 0xeb0000 end_va = 0xeb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 246 start_va = 0xec0000 end_va = 0xec1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 247 start_va = 0xed0000 end_va = 0x1024fff entry_point = 0xed0000 region_type = mapped_file name = "urkotu.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe") Region: id = 248 start_va = 0x1030000 end_va = 0x142ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 249 start_va = 0x1430000 end_va = 0x1431fff entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 250 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 251 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 252 start_va = 0xffa30000 end_va = 0xffa52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffa30000" filename = "" Region: id = 253 start_va = 0xffa53000 end_va = 0xffa53fff entry_point = 0x0 region_type = private name = "private_0x00000000ffa53000" filename = "" Region: id = 254 start_va = 0xffa57000 end_va = 0xffa57fff entry_point = 0x0 region_type = private name = "private_0x00000000ffa57000" filename = "" Region: id = 255 start_va = 0xffa5d000 end_va = 0xffa5ffff entry_point = 0x0 region_type = private name = "private_0x00000000ffa5d000" filename = "" Region: id = 256 start_va = 0xfffe0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 257 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 258 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 260 start_va = 0x400000 end_va = 0x434fff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 261 start_va = 0x1530000 end_va = 0x153ffff entry_point = 0x0 region_type = private name = "private_0x0000000001530000" filename = "" Region: id = 262 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 263 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 264 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 265 start_va = 0xe20000 end_va = 0xe2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e20000" filename = "" Region: id = 266 start_va = 0xe30000 end_va = 0xe33fff entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 267 start_va = 0x1440000 end_va = 0x14fdfff entry_point = 0x1440000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 268 start_va = 0x1540000 end_va = 0x157ffff entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 269 start_va = 0x15e0000 end_va = 0x15effff entry_point = 0x0 region_type = private name = "private_0x00000000015e0000" filename = "" Region: id = 270 start_va = 0x1620000 end_va = 0x171ffff entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 271 start_va = 0x1720000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 272 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 273 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 274 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 275 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 276 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 277 start_va = 0x76a10000 end_va = 0x76a8afff entry_point = 0x76a10000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 278 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 279 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 280 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 281 start_va = 0xff930000 end_va = 0xffa2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ff930000" filename = "" Region: id = 282 start_va = 0xffa5a000 end_va = 0xffa5cfff entry_point = 0x0 region_type = private name = "private_0x00000000ffa5a000" filename = "" Region: id = 283 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 284 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 285 start_va = 0x1500000 end_va = 0x1529fff entry_point = 0x1500000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 286 start_va = 0x1820000 end_va = 0x19a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001820000" filename = "" Region: id = 287 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 288 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 289 start_va = 0xe40000 end_va = 0xe40fff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 290 start_va = 0x1500000 end_va = 0x1500fff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 291 start_va = 0x19b0000 end_va = 0x1b30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000019b0000" filename = "" Region: id = 292 start_va = 0x1b40000 end_va = 0x2f3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b40000" filename = "" Region: id = 293 start_va = 0x74610000 end_va = 0x74619fff entry_point = 0x74610000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 294 start_va = 0x77ab0000 end_va = 0x77c24fff entry_point = 0x77ab0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 295 start_va = 0x76d30000 end_va = 0x76d3dfff entry_point = 0x76d30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 296 start_va = 0x74770000 end_va = 0x74993fff entry_point = 0x74770000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 297 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 298 start_va = 0x75430000 end_va = 0x767eefff entry_point = 0x75430000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 299 start_va = 0x773f0000 end_va = 0x778ccfff entry_point = 0x773f0000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 300 start_va = 0x77290000 end_va = 0x772d3fff entry_point = 0x77290000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 301 start_va = 0x77c30000 end_va = 0x77c3bfff entry_point = 0x77c30000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 302 start_va = 0x77340000 end_va = 0x773ccfff entry_point = 0x77340000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 303 start_va = 0x753b0000 end_va = 0x753f3fff entry_point = 0x753b0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 304 start_va = 0x76810000 end_va = 0x7681efff entry_point = 0x76810000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 305 start_va = 0x768b0000 end_va = 0x76999fff entry_point = 0x768b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 306 start_va = 0x2f40000 end_va = 0x2fd0fff entry_point = 0x2f40000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 307 start_va = 0x74bf0000 end_va = 0x74bf7fff entry_point = 0x74bf0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 308 start_va = 0x1510000 end_va = 0x1512fff entry_point = 0x1510000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\SysWOW64\\sfc.dll" (normalized: "c:\\windows\\syswow64\\sfc.dll") Region: id = 309 start_va = 0x74be0000 end_va = 0x74beefff entry_point = 0x74be0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll") Region: id = 310 start_va = 0x769b0000 end_va = 0x76a0bfff entry_point = 0x769b0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 311 start_va = 0x773e0000 end_va = 0x773e6fff entry_point = 0x773e0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 312 start_va = 0x74bc0000 end_va = 0x74bd2fff entry_point = 0x74bc0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 313 start_va = 0x1580000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 314 start_va = 0x2f40000 end_va = 0x303ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 315 start_va = 0x74b90000 end_va = 0x74b9ffff entry_point = 0x74b90000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 316 start_va = 0x74ba0000 end_va = 0x74bbbfff entry_point = 0x74ba0000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 317 start_va = 0xffa54000 end_va = 0xffa56fff entry_point = 0x0 region_type = private name = "private_0x00000000ffa54000" filename = "" Region: id = 318 start_va = 0x74b60000 end_va = 0x74b7afff entry_point = 0x74b60000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 319 start_va = 0x74b80000 end_va = 0x74b89fff entry_point = 0x74b80000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 320 start_va = 0x74a00000 end_va = 0x74b5ffff entry_point = 0x74a00000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 321 start_va = 0x74340000 end_va = 0x74600fff entry_point = 0x74340000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 322 start_va = 0x3040000 end_va = 0x30fcfff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 323 start_va = 0x1520000 end_va = 0x1520fff entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 324 start_va = 0x74690000 end_va = 0x74767fff entry_point = 0x74690000 region_type = mapped_file name = "tapi3.dll" filename = "\\Windows\\SysWOW64\\tapi3.dll" (normalized: "c:\\windows\\syswow64\\tapi3.dll") Region: id = 325 start_va = 0x3100000 end_va = 0x3165fff entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 326 start_va = 0x746e0000 end_va = 0x74763fff entry_point = 0x746e0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 327 start_va = 0x15c0000 end_va = 0x15c0fff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 328 start_va = 0x749e0000 end_va = 0x749f3fff entry_point = 0x749e0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 329 start_va = 0x3170000 end_va = 0x34a6fff entry_point = 0x3170000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 330 start_va = 0x15d0000 end_va = 0x15dcfff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 331 start_va = 0x15c0000 end_va = 0x15c5fff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 332 start_va = 0x34b0000 end_va = 0x34effff entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 333 start_va = 0x34f0000 end_va = 0x38effff entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 334 start_va = 0x749b0000 end_va = 0x749d7fff entry_point = 0x749b0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 335 start_va = 0xff92d000 end_va = 0xff92ffff entry_point = 0x0 region_type = private name = "private_0x00000000ff92d000" filename = "" Region: id = 336 start_va = 0x15f0000 end_va = 0x15f3fff entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 337 start_va = 0x1600000 end_va = 0x1600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001600000" filename = "" Region: id = 338 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 339 start_va = 0x38f0000 end_va = 0x3a7ffff entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 340 start_va = 0x1610000 end_va = 0x1610fff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 341 start_va = 0x38f0000 end_va = 0x38f0fff entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 342 start_va = 0x3a70000 end_va = 0x3a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a70000" filename = "" Region: id = 343 start_va = 0x746c0000 end_va = 0x746d2fff entry_point = 0x746c0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 344 start_va = 0x3900000 end_va = 0x3900fff entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 345 start_va = 0x3910000 end_va = 0x3910fff entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 346 start_va = 0x3920000 end_va = 0x3920fff entry_point = 0x0 region_type = private name = "private_0x0000000003920000" filename = "" Region: id = 347 start_va = 0x3930000 end_va = 0x393bfff entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 348 start_va = 0x3a80000 end_va = 0x3bdbfff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 349 start_va = 0x76a90000 end_va = 0x76c34fff entry_point = 0x76a90000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 350 start_va = 0x75220000 end_va = 0x75255fff entry_point = 0x75220000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 351 start_va = 0x749a0000 end_va = 0x749aefff entry_point = 0x749a0000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\SysWOW64\\devrtl.dll" (normalized: "c:\\windows\\syswow64\\devrtl.dll") Region: id = 352 start_va = 0x3a80000 end_va = 0x3bdafff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 370 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 371 start_va = 0xff590000 end_va = 0xff91ffff entry_point = 0xff590000 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 376 start_va = 0x3be0000 end_va = 0x3da3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003be0000" filename = "" Region: id = 377 start_va = 0x3be0000 end_va = 0x3fb8fff entry_point = 0x0 region_type = private name = "private_0x0000000003be0000" filename = "" Region: id = 379 start_va = 0x3fc0000 end_va = 0x4397fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fc0000" filename = "" Thread: id = 4 os_tid = 0x744 [0122.017] SetErrorMode (uMode=0x8007) returned 0x0 [0122.017] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40102f) returned 0x0 [0122.018] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x403128, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0122.018] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77150000 [0122.035] LoadLibraryA (lpLibFileName="secur32.dll") returned 0x74610000 [0122.283] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x77ab0000 [0122.983] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76a10000 [0122.983] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x74770000 [0122.992] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75430000 [0123.015] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x77290000 [0123.016] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x768b0000 [0123.175] LoadLibraryA (lpLibFileName="version.dll") returned 0x74bf0000 [0123.181] LoadLibraryA (lpLibFileName="sfc.dll") returned 0x1510000 [0123.242] LoadLibraryA (lpLibFileName="sfc_os.dll") returned 0x74be0000 [0123.362] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x769b0000 [0123.364] LoadLibraryA (lpLibFileName="Netapi32.dll") returned 0x74bc0000 [0123.773] LoadLibraryA (lpLibFileName="Urlmon.dll") returned 0x74a00000 [0125.103] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0125.104] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x4040c1, dwSize=0x2f3cb, flNewProtect=0x40, lpflOldProtect=0x142fa54 | out: lpflOldProtect=0x142fa54*=0x2) returned 1 [0125.105] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0xbcf2c, flAllocationType=0x3000, flProtect=0x40) returned 0x3040000 [0125.117] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x2ca, flAllocationType=0x3000, flProtect=0x4) returned 0x1520000 [0125.118] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\SysWOW64\\tapi3.dll", lpDst=0x142f810, nSize=0x103 | out: lpDst="C:\\Windows\\SysWOW64\\tapi3.dll") returned 0x1e [0125.118] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\tapi3.dll" (normalized: "c:\\windows\\syswow64\\tapi3.dll"), dwDesiredAccess=0xa0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8 [0125.118] CreateFileMappingW (hFile=0x1a8, lpFileMappingAttributes=0x0, flProtect=0x1000020, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x1ac [0125.193] MapViewOfFileEx (hFileMappingObject=0x1ac, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0, lpBaseAddress=0x0) returned 0x74690000 [0125.502] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x74690000, lpBuffer=0x142fa18, dwLength=0x1c | out: lpBuffer=0x142fa18*(BaseAddress=0x74690000, AllocationBase=0x74690000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0125.502] UnmapViewOfFile (lpBaseAddress=0x74690000) returned 1 [0125.502] CloseHandle (hObject=0x1ac) returned 1 [0125.502] CloseHandle (hObject=0x1a8) returned 1 [0125.502] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x65040, flAllocationType=0x3000, flProtect=0x40) returned 0x3100000 [0125.521] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77cff090) returned 0x0 [0125.521] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77cf9920) returned 0x0 [0125.521] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77ce5e80) returned 0x0 [0125.522] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="ExitThread", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77d02570) returned 0x0 [0125.522] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77cdda90) returned 0x0 [0125.522] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77cdbae0) returned 0x0 [0125.522] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="HeapSize", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77cf4f40) returned 0x0 [0125.523] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77ce5e00) returned 0x0 [0125.524] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="TryEnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x77cf9070) returned 0x0 [0125.524] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3153590, cbMultiByte=11, lpWideCharStr=0x1628a50, cchWideChar=11 | out: lpWideCharStr="secur32.dll") returned 11 [0125.524] LoadLibraryW (lpLibFileName="secur32.dll") returned 0x74610000 [0125.524] LdrGetProcedureAddress (in: BaseAddress=0x74610000, Name="GetUserNameExW", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x74dbc5f0) returned 0x0 [0125.524] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31535b8, cbMultiByte=11, lpWideCharStr=0x1628b30, cchWideChar=11 | out: lpWideCharStr="crypt32.dll") returned 11 [0125.525] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x77ab0000 [0125.525] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31535e0, cbMultiByte=10, lpWideCharStr=0x1628a30, cchWideChar=10 | out: lpWideCharStr="user32.dll") returned 10 [0125.525] LoadLibraryW (lpLibFileName="user32.dll") returned 0x77150000 [0125.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3153608, cbMultiByte=12, lpWideCharStr=0x162a758, cchWideChar=12 | out: lpWideCharStr="advapi32.dll") returned 12 [0125.526] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76a10000 [0125.527] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3153630, cbMultiByte=11, lpWideCharStr=0x16289b0, cchWideChar=11 | out: lpWideCharStr="wininet.dll") returned 11 [0125.527] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x74770000 [0125.528] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3153658, cbMultiByte=11, lpWideCharStr=0x1628a10, cchWideChar=11 | out: lpWideCharStr="shell32.dll") returned 11 [0125.528] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x75430000 [0125.529] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3153680, cbMultiByte=11, lpWideCharStr=0x1628bb0, cchWideChar=11 | out: lpWideCharStr="shlwapi.dll") returned 11 [0125.529] LoadLibraryW (lpLibFileName="shlwapi.dll") returned 0x77290000 [0125.530] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31536a8, cbMultiByte=9, lpWideCharStr=0x1628a50, cchWideChar=9 | out: lpWideCharStr="ole32.dll") returned 9 [0125.530] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x768b0000 [0125.530] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CLSIDFromProgID", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76f0c1c0) returned 0x0 [0125.530] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CLSIDFromString", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76ef1390) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoCreateGuid", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76e89f30) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76ee8200) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76eacd50) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoTaskMemAlloc", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76ecd200) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoTaskMemFree", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76eccf40) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoTaskMemRealloc", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76f0a970) returned 0x0 [0125.531] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76eadca0) returned 0x0 [0125.532] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="IIDFromString", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76ef25d0) returned 0x0 [0125.532] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="ProgIDFromCLSID", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76f0c060) returned 0x0 [0125.532] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="StringFromGUID2", Ordinal=0x0, ProcedureAddress=0x142f574 | out: ProcedureAddress=0x142f574*=0x76ef0600) returned 0x0 [0125.532] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31536d0, cbMultiByte=11, lpWideCharStr=0x1628b90, cchWideChar=11 | out: lpWideCharStr="version.dll") returned 11 [0125.532] LoadLibraryW (lpLibFileName="version.dll") returned 0x74bf0000 [0125.533] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31536f8, cbMultiByte=10, lpWideCharStr=0x1628c50, cchWideChar=10 | out: lpWideCharStr="dnsapi.dll") returned 10 [0125.533] LoadLibraryW (lpLibFileName="dnsapi.dll") returned 0x746e0000 [0126.973] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3153720, cbMultiByte=10, lpWideCharStr=0x1628cd0, cchWideChar=10 | out: lpWideCharStr="ws2_32.dll") returned 10 [0126.973] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x769b0000 [0126.975] VirtualAlloc (lpAddress=0x0, dwSize=0x2b, flAllocationType=0x3000, flProtect=0x40) returned 0x15c0000 [0126.975] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="NtOpenKeyEx" | out: DestinationString="NtOpenKeyEx") [0126.975] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.975] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="NtOpenKeyEx", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d09ca0) returned 0x0 [0126.975] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="NtCreateThreadEx" | out: DestinationString="NtCreateThreadEx") [0126.975] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.975] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="NtCreateThreadEx", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d09710) returned 0x0 [0126.975] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="NtRemoveProcessDebug" | out: DestinationString="NtRemoveProcessDebug") [0126.975] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.976] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="NtRemoveProcessDebug", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d0a150) returned 0x0 [0126.976] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="KiFastSystemCall" | out: DestinationString="KiFastSystemCall") [0126.976] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.976] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="KiFastSystemCall", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d0af00) returned 0x0 [0126.976] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="KiIntSystemCall" | out: DestinationString="KiIntSystemCall") [0126.976] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.976] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="KiIntSystemCall", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d0af20) returned 0x0 [0126.976] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="CsrGetProcessId" | out: DestinationString="CsrGetProcessId") [0126.976] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.976] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="CsrGetProcessId", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d4ec80) returned 0x0 [0126.976] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="RtlQueryEnvironmentVariable" | out: DestinationString="RtlQueryEnvironmentVariable") [0126.976] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.977] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlQueryEnvironmentVariable", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77ce8000) returned 0x0 [0126.977] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="RtlSetEnvironmentVar" | out: DestinationString="RtlSetEnvironmentVar") [0126.977] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.977] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlSetEnvironmentVar", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77cf4920) returned 0x0 [0126.977] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="RtlQueryEnvironmentVariable_U" | out: DestinationString="RtlQueryEnvironmentVariable_U") [0126.977] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.977] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlQueryEnvironmentVariable_U", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77cf4870) returned 0x0 [0126.977] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="RtlSetEnvironmentVariable" | out: DestinationString="RtlSetEnvironmentVariable") [0126.977] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.977] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlSetEnvironmentVariable", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77cf48e0) returned 0x0 [0126.977] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="DbgBreakPoint" | out: DestinationString="DbgBreakPoint") [0126.978] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.978] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgBreakPoint", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d0ad10) returned 0x0 [0126.978] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="DbgUiConnectToDbg" | out: DestinationString="DbgUiConnectToDbg") [0126.978] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.978] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgUiConnectToDbg", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d40f90) returned 0x0 [0126.978] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="DbgUiGetThreadDebugObject" | out: DestinationString="DbgUiGetThreadDebugObject") [0126.978] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.978] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgUiGetThreadDebugObject", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d41290) returned 0x0 [0126.978] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="DbgUiStopDebugging" | out: DestinationString="DbgUiStopDebugging") [0126.978] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.978] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgUiStopDebugging", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d41380) returned 0x0 [0126.979] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="memset" | out: DestinationString="memset") [0126.979] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.979] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="memset", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d0ee50) returned 0x0 [0126.979] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="memcpy" | out: DestinationString="memcpy") [0126.979] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.979] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d0e7b0) returned 0x0 [0126.979] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="wcsstr" | out: DestinationString="wcsstr") [0126.979] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.979] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="wcsstr", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77d109b0) returned 0x0 [0126.979] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="RtlRandomEx" | out: DestinationString="RtlRandomEx") [0126.979] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0126.980] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlRandomEx", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x77cd75a0) returned 0x0 [0126.980] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="GetProductInfo" | out: DestinationString="GetProductInfo") [0126.980] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0126.980] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="GetProductInfo", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x75284c80) returned 0x0 [0126.980] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="GetMappedFileNameW" | out: DestinationString="GetMappedFileNameW") [0126.980] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0126.980] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="GetMappedFileNameW", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x0) returned 0xc0000139 [0126.980] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="GetThreadId" | out: DestinationString="GetThreadId") [0126.980] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0126.980] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="GetThreadId", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x752a1430) returned 0x0 [0126.981] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="InitializeProcThreadAttributeList" | out: DestinationString="InitializeProcThreadAttributeList") [0126.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0126.981] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="InitializeProcThreadAttributeList", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x74f280b0) returned 0x0 [0126.981] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="UpdateProcThreadAttribute" | out: DestinationString="UpdateProcThreadAttribute") [0126.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0126.981] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="UpdateProcThreadAttribute", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x74f27f50) returned 0x0 [0126.981] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="CreateProcessInternalW" | out: DestinationString="CreateProcessInternalW") [0126.982] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0126.982] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="CreateProcessInternalW", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x752a09e0) returned 0x0 [0126.982] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="ChangeWindowMessageFilter" | out: DestinationString="ChangeWindowMessageFilter") [0126.982] GetModuleHandleA (lpModuleName="user32.dll") returned 0x77150000 [0126.982] LdrGetProcedureAddress (in: BaseAddress=0x77150000, Name="ChangeWindowMessageFilter", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x7716df00) returned 0x0 [0126.982] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="CreateProcessWithTokenW" | out: DestinationString="CreateProcessWithTokenW") [0126.982] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76a10000 [0126.982] LdrGetProcedureAddress (in: BaseAddress=0x76a10000, Name="CreateProcessWithTokenW", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x76a31340) returned 0x0 [0126.982] LoadLibraryA (lpLibFileName="Urlmon.dll") returned 0x74a00000 [0126.983] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="ObtainUserAgentString" | out: DestinationString="ObtainUserAgentString") [0126.983] GetModuleHandleA (lpModuleName="urlmon.dll") returned 0x74a00000 [0126.983] LdrGetProcedureAddress (in: BaseAddress=0x74a00000, Name="ObtainUserAgentString", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x74abfe70) returned 0x0 [0126.983] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="URLDownloadToFileW" | out: DestinationString="URLDownloadToFileW") [0126.983] GetModuleHandleA (lpModuleName="urlmon.dll") returned 0x74a00000 [0126.983] LdrGetProcedureAddress (in: BaseAddress=0x74a00000, Name="URLDownloadToFileW", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x74acbe80) returned 0x0 [0126.983] LoadLibraryA (lpLibFileName="Netapi32.dll") returned 0x74bc0000 [0126.984] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="NetUserGetInfo" | out: DestinationString="NetUserGetInfo") [0126.984] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x74bc0000 [0126.984] LdrGetProcedureAddress (in: BaseAddress=0x74bc0000, Name="NetUserGetInfo", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x749e2130) returned 0x0 [0127.316] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="SHCreateItemFromParsingName" | out: DestinationString="SHCreateItemFromParsingName") [0127.316] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x768b0000 [0127.316] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="SHCreateItemFromParsingName", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x0) returned 0xc0000139 [0127.317] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="GetAddrInfoW" | out: DestinationString="GetAddrInfoW") [0127.317] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x769b0000 [0127.317] LdrGetProcedureAddress (in: BaseAddress=0x769b0000, Name="GetAddrInfoW", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x769b9d90) returned 0x0 [0127.317] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="GetAddrInfoExW" | out: DestinationString="GetAddrInfoExW") [0127.317] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x769b0000 [0127.317] LdrGetProcedureAddress (in: BaseAddress=0x769b0000, Name="GetAddrInfoExW", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x769b6210) returned 0x0 [0127.317] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="EncryptMessage" | out: DestinationString="EncryptMessage") [0127.317] GetModuleHandleA (lpModuleName="secur32.dll") returned 0x74610000 [0127.317] LdrGetProcedureAddress (in: BaseAddress=0x74610000, Name="EncryptMessage", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x74dc4550) returned 0x0 [0127.317] LoadLibraryA (lpLibFileName="sfc_os.dll") returned 0x74be0000 [0127.318] RtlInitAnsiString (in: DestinationString=0x142f418, SourceString="SfcIsFileProtected" | out: DestinationString="SfcIsFileProtected") [0127.318] GetModuleHandleA (lpModuleName="sfc_os.dll") returned 0x74be0000 [0127.318] LdrGetProcedureAddress (in: BaseAddress=0x74be0000, Name="SfcIsFileProtected", Ordinal=0x0, ProcedureAddress=0x142f53c | out: ProcedureAddress=0x142f53c*=0x74be4880) returned 0x0 [0127.318] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x142f7ec, nSize=0x103 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0127.318] PathFindFileNameW (pszPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned="urkotu.exe" [0127.318] lstrcmpiW (lpString1="urkotu.exe", lpString2="firefox.exe") returned 1 [0127.321] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f57c*=0x0, ZeroBits=0x0, RegionSize=0x142f584*=0xcdf0, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x142f57c*=0x15d0000, RegionSize=0x142f584*=0xd000) returned 0x0 [0127.459] VirtualFreeEx (hProcess=0xffffffff, lpAddress=0x15c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.460] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0 [0127.460] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x142f9ec, lpdwDisposition=0x0 | out: phkResult=0x142f9ec*=0x1c0, lpdwDisposition=0x0) returned 0x0 [0127.460] RegCloseKey (hKey=0x1c0) returned 0x0 [0127.460] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\MyMailClient", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x3, lpSecurityAttributes=0x0, phkResult=0x142f9fc, lpdwDisposition=0x0 | out: phkResult=0x142f9fc*=0x1c0, lpdwDisposition=0x0) returned 0x0 [0127.460] RegCloseKey (hKey=0x1c0) returned 0x0 [0127.460] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x31212c4) returned 0x40102f [0127.461] GetModuleHandleW (lpModuleName="avcuf32.dll") returned 0x0 [0127.461] GetCurrentProcessId () returned 0x73c [0127.461] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x142f96c | out: TokenHandle=0x142f96c*=0x1c0) returned 1 [0127.461] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0xc, TokenInformation=0x142f9b8, TokenInformationLength=0x4, ReturnLength=0x142f970 | out: TokenInformation=0x142f9b8, ReturnLength=0x142f970) returned 1 [0127.461] CloseHandle (hObject=0x1c0) returned 1 [0127.461] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x142f934 | out: TokenHandle=0x142f934*=0x1c0) returned 1 [0127.462] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x142f938 | out: TokenInformation=0x0, ReturnLength=0x142f938) returned 0 [0127.462] GetLastError () returned 0x7a [0127.462] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x19, TokenInformation=0x1628bd0, TokenInformationLength=0x14, ReturnLength=0x142f938 | out: TokenInformation=0x1628bd0, ReturnLength=0x142f938) returned 1 [0127.462] GetSidSubAuthorityCount (pSid=0x1628bd8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x1628bd9 [0127.462] GetSidSubAuthority (pSid=0x1628bd8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x1628be0 [0127.462] CloseHandle (hObject=0x1c0) returned 1 [0127.462] VirtualAlloc (lpAddress=0x0, dwSize=0x5bc6, flAllocationType=0x3000, flProtect=0x40) returned 0x15c0000 [0127.462] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x142f774, nSize=0x103 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe")) returned 0x28 [0127.462] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpszLongPath=0x142f564, cchBuffer=0x103 | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 0x28 [0127.463] PathRemoveFileSpecW (in: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0127.463] PathRemoveBackslashW (in: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop" | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned="p" [0127.463] GetModuleHandleW (lpModuleName=0x0) returned 0x3100000 [0127.463] PathFindFileNameW (pszPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned="urkotu.exe" [0127.463] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x0, ProcessInformation=0x142f52c, ProcessInformationLength=0x18, ReturnLength=0x142f544 | out: ProcessInformation=0x142f52c, ReturnLength=0x142f544) returned 0x0 [0127.463] NtOpenProcess (in: ProcessHandle=0x142f300, DesiredAccess=0x400, ObjectAttributes=0x142f2e0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x142f2f8*(UniqueProcess=0x858, UniqueThread=0x0) | out: ProcessHandle=0x142f300*=0x0) returned 0xc000000b [0127.463] RtlNtStatusToDosError (Status=0xc000000b) returned 0x57 [0127.463] SetLastError (dwErrCode=0x57) [0127.463] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x142f9c8, ProcessInformationLength=0x4, ReturnLength=0x142f9c4 | out: ProcessInformation=0x142f9c8, ReturnLength=0x142f9c4) returned 0x0 [0127.464] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0127.464] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0127.464] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76a10000 [0127.464] GetModuleHandleA (lpModuleName="user32.dll") returned 0x77150000 [0127.464] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x769b0000 [0127.464] GetModuleHandleA (lpModuleName="wininet.dll") returned 0x74770000 [0127.464] GetSystemDirectoryW (in: lpBuffer=0x142f774, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0127.464] GetVolumeInformationW (in: lpRootPathName=0x0, lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x142f97c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x142f97c*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0127.465] GetTickCount () returned 0x2cdc6 [0127.465] GetCurrentThreadId () returned 0x744 [0127.465] RtlRandom (in: Seed=0x142f938 | out: Seed=0x142f938) returned 0xd545c688 [0127.465] GetTickCount () returned 0x2cdc6 [0127.465] GetCurrentThreadId () returned 0x744 [0127.465] RtlRandom (in: Seed=0x142f938 | out: Seed=0x142f938) returned 0x62627038 [0127.465] GetTickCount () returned 0x2cdc6 [0127.465] GetCurrentThreadId () returned 0x744 [0127.465] RtlRandom (in: Seed=0x142f938 | out: Seed=0x142f938) returned 0xa97b4d3d [0127.465] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c0 [0127.465] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77cf360d, lpParameter=0x163e930, dwCreationFlags=0x4, lpThreadId=0x142f95c | out: lpThreadId=0x142f95c*=0xb90) returned 0x1c4 [0127.466] NtGetContextThread (in: ThreadHandle=0x1c4, Context=0x142f66c | out: Context=0x142f66c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x163e930, Edx=0x0, Ecx=0x0, Eax=0x77cf360d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x38efc6c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0127.466] NtSetContextThread (ThreadHandle=0x1c4, Context=0x142f66c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x163e930, Edx=0x0, Ecx=0x0, Eax=0x310806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x38efc6c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0127.466] NtResumeThread (in: ThreadHandle=0x1c4, SuspendCount=0x142f950 | out: SuspendCount=0x142f950*=0x1) returned 0x0 [0127.466] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x7d0) returned 0x0 [0127.467] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0xb90) returned 0x1cc [0127.467] BuildExplicitAccessWithNameA () returned 0x0 [0127.467] SetEntriesInAclA () returned 0x0 [0127.733] SetSecurityInfo () returned 0x0 [0127.734] LocalFree (hMem=0x163f230) returned 0x0 [0127.734] CloseHandle (hObject=0x1c0) returned 1 [0127.734] CloseHandle (hObject=0x1c4) returned 1 [0127.735] GetSystemTime (in: lpSystemTime=0x15c2d83 | out: lpSystemTime=0x15c2d83*(wYear=0x7e3, wMonth=0x1, wDayOfWeek=0x2, wDay=0x8, wHour=0x9, wMinute=0x1a, wSecond=0x24, wMilliseconds=0x21e)) [0127.735] GetNativeSystemInfo (in: lpSystemInfo=0x142f8bc | out: lpSystemInfo=0x142f8bc*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0127.735] GetVersionExA (in: lpVersionInformation=0x142f8e0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x142f8e0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0127.735] GetProductInfo (in: dwOSMajorVersion=0xa, dwOSMinorVersion=0x0, dwSpMajorVersion=0x0, dwSpMinorVersion=0x0, pdwReturnedProductType=0x142f97c | out: pdwReturnedProductType=0x142f97c) returned 1 [0127.735] GetLocaleInfoA (in: Locale=0x800, LCType=0x5a, lpLCData=0x142f978, cchData=7 | out: lpLCData="US") returned 3 [0127.736] CharUpperBuffA (in: lpsz="US", cchLength=0x2 | out: lpsz="US") returned 0x2 [0127.736] SHGetFolderPathW (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x15c04d7 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x0 [0127.740] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming")) returned 0x10 [0127.740] SHGetFolderPathW (in: hwnd=0x0, csidl=32808, hToken=0x0, dwFlags=0x0, pszPath=0x15c02cf | out: pszPath="C:\\Users\\CIiHmnxMn6Ps") returned 0x0 [0127.740] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps" (normalized: "c:\\users\\ciihmnxmn6ps")) returned 0x10 [0127.740] SHGetFolderPathW (in: hwnd=0x0, csidl=32803, hToken=0x0, dwFlags=0x0, pszPath=0x15c06df | out: pszPath="C:\\ProgramData") returned 0x0 [0127.741] GetFileAttributesW (lpFileName="C:\\ProgramData" (normalized: "c:\\programdata")) returned 0x12 [0127.741] SHGetFolderPathW (in: hwnd=0x0, csidl=32775, hToken=0x0, dwFlags=0x0, pszPath=0x15c1107 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0127.743] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup")) returned 0x11 [0127.743] SHGetFolderPathW (in: hwnd=0x0, csidl=32792, hToken=0x0, dwFlags=0x0, pszPath=0x15c130f | out: pszPath="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0127.745] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup")) returned 0x11 [0127.745] SHGetFolderPathW (in: hwnd=0x0, csidl=32773, hToken=0x0, dwFlags=0x0, pszPath=0x15c08e7 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Documents") returned 0x0 [0127.746] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Documents" (normalized: "c:\\users\\ciihmnxmn6ps\\documents")) returned 0x11 [0127.746] SHGetFolderPathW (in: hwnd=0x0, csidl=32781, hToken=0x0, dwFlags=0x0, pszPath=0x15c0cf7 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Music") returned 0x0 [0127.747] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Music" (normalized: "c:\\users\\ciihmnxmn6ps\\music")) returned 0x11 [0127.747] SHGetFolderPathW (in: hwnd=0x0, csidl=32782, hToken=0x0, dwFlags=0x0, pszPath=0x15c0eff | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Videos") returned 0x0 [0127.748] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Videos" (normalized: "c:\\users\\ciihmnxmn6ps\\videos")) returned 0x11 [0127.748] SHGetFolderPathW (in: hwnd=0x0, csidl=32807, hToken=0x0, dwFlags=0x0, pszPath=0x15c0aef | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Pictures") returned 0x0 [0127.749] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures")) returned 0x11 [0127.749] SHGetFolderPathW (in: hwnd=0x0, csidl=32806, hToken=0x0, dwFlags=0x0, pszPath=0x15c1517 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.749] GetFileAttributesW (lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)")) returned 0x11 [0127.749] SHGetFolderPathW (in: hwnd=0x0, csidl=32810, hToken=0x0, dwFlags=0x0, pszPath=0x15c171f | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.750] GetFileAttributesW (lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)")) returned 0x11 [0127.750] GetModuleHandleA (lpModuleName="firefox.exe") returned 0x0 [0127.750] GetModuleHandleA (lpModuleName="tbb-firefox.exe") returned 0x0 [0127.750] GetModuleHandleA (lpModuleName="iexplore.exe") returned 0x0 [0127.750] GetModuleHandleW (lpModuleName="chrome.exe") returned 0x0 [0127.750] GetModuleHandleW (lpModuleName="chrome.dll") returned 0x0 [0127.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x142f7f4 | out: TokenHandle=0x142f7f4*=0x20c) returned 1 [0127.751] GetTokenInformation (in: TokenHandle=0x20c, TokenInformationClass=0x14, TokenInformation=0x142f7ec, TokenInformationLength=0x4, ReturnLength=0x142f7e8 | out: TokenInformation=0x142f7ec, ReturnLength=0x142f7e8) returned 1 [0127.751] CloseHandle (hObject=0x20c) returned 1 [0127.751] GetSystemPowerStatus (in: lpSystemPowerStatus=0x142f970 | out: lpSystemPowerStatus=0x142f970) returned 1 [0127.751] GetSystemMetrics (nIndex=67) returned 0 [0127.757] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlQueryElevationFlags") returned 0x77d04fe0 [0127.757] RtlQueryElevationFlags () returned 0x0 [0127.757] wvnsprintfA (in: pszDest=0x142f4ac, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4ae, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4b0, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4b2, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4b4, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4b6, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4b8, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4ba, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.757] wvnsprintfA (in: pszDest=0x142f4bc, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.757] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4be, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4c0, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4c2, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4c4, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4c6, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4c8, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4ca, cchDest=2147483647, pszFmt="%02X", arglist=0x142f4a0 | out: pszDest="1C") returned 2 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f3b8, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f2a0 | out: pszDest="CG1CG1_00000000") returned 15 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f2b8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f29c | out: pszDest="fd01153281ab23b107506498831ff16f") returned 32 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f65c, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f538 | out: pszDest="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2") returned 90 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f4c8, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f3b0 | out: pszDest="BISBIS_00000000") returned 15 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] wvnsprintfA (in: pszDest=0x142f3c8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f3ac | out: pszDest="e6bce9c5ca72bc6063185b28fb11b4da") returned 32 [0127.758] SetLastError (dwErrCode=0x0) [0127.758] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f65c, cbMultiByte=90, lpWideCharStr=0x1642af8, cchWideChar=90 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2") returned 90 [0127.758] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2", ulOptions=0x0, samDesired=0x101, phkResult=0x142f63c | out: phkResult=0x142f63c*=0x0) returned 0x2 [0127.758] SetLastError (dwErrCode=0x2) [0127.758] SetLastError (dwErrCode=0x2) [0127.759] SetLastError (dwErrCode=0x2) [0127.759] GetLastError () returned 0x2 [0127.759] SetLastError (dwErrCode=0x2) [0127.759] wvnsprintfA (in: pszDest=0x142f3b8, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f2a0 | out: pszDest="CG1CG1_00000000") returned 15 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f2b8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f29c | out: pszDest="fd01153281ab23b107506498831ff16f") returned 32 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f65c, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f538 | out: pszDest="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2") returned 90 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f4c8, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f3b0 | out: pszDest="UTWUTW_00000000") returned 15 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f3c8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f3ac | out: pszDest="7e45b1d5c73307da6855fe15f7b276fc") returned 32 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f65c, cbMultiByte=90, lpWideCharStr=0x1642af8, cchWideChar=90 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2") returned 90 [0127.759] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2", ulOptions=0x0, samDesired=0x101, phkResult=0x142f63c | out: phkResult=0x142f63c*=0x0) returned 0x2 [0127.759] SetLastError (dwErrCode=0x2) [0127.759] SetLastError (dwErrCode=0x2) [0127.759] SetLastError (dwErrCode=0x2) [0127.759] GetLastError () returned 0x2 [0127.759] SetLastError (dwErrCode=0x2) [0127.759] wvnsprintfA (in: pszDest=0x142f3b8, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f2a0 | out: pszDest="CG1CG1_00000000") returned 15 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f2b8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f29c | out: pszDest="fd01153281ab23b107506498831ff16f") returned 32 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f65c, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f538 | out: pszDest="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2") returned 90 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f4c8, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f3b0 | out: pszDest="UTWSUTWS_00000000") returned 17 [0127.759] SetLastError (dwErrCode=0x0) [0127.759] wvnsprintfA (in: pszDest=0x142f3c8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f3ac | out: pszDest="2fae4d19673cc97eef6f2b79479229d7") returned 32 [0127.759] SetLastError (dwErrCode=0x0) [0127.760] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f65c, cbMultiByte=90, lpWideCharStr=0x1642af8, cchWideChar=90 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2") returned 90 [0127.760] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\\00101CF2\\fd01153281ab2", ulOptions=0x0, samDesired=0x101, phkResult=0x142f63c | out: phkResult=0x142f63c*=0x0) returned 0x2 [0127.760] SetLastError (dwErrCode=0x2) [0127.760] SetLastError (dwErrCode=0x2) [0127.760] SetLastError (dwErrCode=0x2) [0127.760] GetLastError () returned 0x2 [0127.760] SetLastError (dwErrCode=0x2) [0127.760] GetSystemMetrics (nIndex=1) returned 900 [0127.760] GetSystemMetrics (nIndex=0) returned 1440 [0127.760] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0 [0127.760] RtlAdjustPrivilege (in: Privilege=0x14, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.760] RtlAdjustPrivilege (in: Privilege=0x12, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.760] RtlAdjustPrivilege (in: Privilege=0x11, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.760] RtlAdjustPrivilege (in: Privilege=0xa, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0xf, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0x13, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0x9, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0x17, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0x2, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0xc0000061 [0127.761] RtlAdjustPrivilege (in: Privilege=0x6, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0xc0000061 [0127.761] RtlAdjustPrivilege (in: Privilege=0x8, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0x3, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0xc0000061 [0127.761] RtlAdjustPrivilege (in: Privilege=0x1e, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] RtlAdjustPrivilege (in: Privilege=0x21, NewValue=1, ForThread=0, OldValue=0x142f97f | out: OldValue=0x142f97f) returned 0x0 [0127.761] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3159a10, nSize=0x142f97c | out: lpNameBuffer="LHNIWSJ\\CIiHmnxMn6Ps", nSize=0x142f97c) returned 0x1 [0127.763] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", ulOptions=0x0, samDesired=0x101, phkResult=0x142f8cc | out: phkResult=0x142f8cc*=0x230) returned 0x0 [0127.763] SetLastError (dwErrCode=0x0) [0127.763] RegQueryValueExW (in: hKey=0x230, lpValueName="ProcessorNameString", lpReserved=0x0, lpType=0x142f8c4, lpData=0x3159c18, lpcbData=0x142f8c8*=0xfe | out: lpType=0x142f8c4*=0x1, lpData="Intel (R) Core(TM) i5-7500 CPU @ 3.40GHz", lpcbData=0x142f8c8*=0x52) returned 0x0 [0127.763] RegCloseKey (hKey=0x230) returned 0x0 [0127.763] SetLastError (dwErrCode=0x0) [0127.763] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x0, lpDisplayDevice=0x142f5a0, dwFlags=0x0 | out: lpDisplayDevice=0x142f5a0) returned 1 [0127.764] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0127.764] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3148f78, cbMultiByte=44, lpWideCharStr=0x1642d08, cchWideChar=44 | out: lpWideCharStr="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion") returned 44 [0127.764] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x101, phkResult=0x142f8d8 | out: phkResult=0x142f8d8*=0x230) returned 0x0 [0127.764] SetLastError (dwErrCode=0x0) [0127.764] SetLastError (dwErrCode=0x0) [0127.764] RegQueryValueExA (in: hKey=0x230, lpValueName="ProductId", lpReserved=0x0, lpType=0x142f8d0, lpData=0x142f8f8, lpcbData=0x142f8d4*=0x7f | out: lpType=0x142f8d0*=0x1, lpData="00330-80107-01105-AA992", lpcbData=0x142f8d4*=0x18) returned 0x0 [0127.764] RegCloseKey (hKey=0x230) returned 0x0 [0127.764] SetLastError (dwErrCode=0x0) [0127.764] GetProcAddress (hModule=0x75260000, lpProcName="K32GetMappedFileNameW") returned 0x752a18b0 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="jp2launcher.exe") returned 1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="origin.exe") returned 1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="origin.exe") returned -1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="steam.exe") returned -1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="steam.exe") returned -1 [0127.765] lstrcmpiW (lpString1="origin.exe", lpString2="steam.exe") returned -1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="winlogon.exe") returned -1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="winlogon.exe") returned -1 [0127.765] lstrcmpiW (lpString1="origin.exe", lpString2="winlogon.exe") returned -1 [0127.765] lstrcmpiW (lpString1="steam.exe", lpString2="winlogon.exe") returned -1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="csrss.exe") returned 1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="csrss.exe") returned 1 [0127.765] lstrcmpiW (lpString1="origin.exe", lpString2="csrss.exe") returned 1 [0127.765] lstrcmpiW (lpString1="steam.exe", lpString2="csrss.exe") returned 1 [0127.765] lstrcmpiW (lpString1="winlogon.exe", lpString2="csrss.exe") returned 1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="services.exe") returned 1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="services.exe") returned -1 [0127.765] lstrcmpiW (lpString1="origin.exe", lpString2="services.exe") returned -1 [0127.765] lstrcmpiW (lpString1="steam.exe", lpString2="services.exe") returned 1 [0127.765] lstrcmpiW (lpString1="winlogon.exe", lpString2="services.exe") returned 1 [0127.765] lstrcmpiW (lpString1="csrss.exe", lpString2="services.exe") returned -1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="lsass.exe") returned 1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="lsass.exe") returned -1 [0127.765] lstrcmpiW (lpString1="origin.exe", lpString2="lsass.exe") returned 1 [0127.765] lstrcmpiW (lpString1="steam.exe", lpString2="lsass.exe") returned 1 [0127.765] lstrcmpiW (lpString1="winlogon.exe", lpString2="lsass.exe") returned 1 [0127.765] lstrcmpiW (lpString1="csrss.exe", lpString2="lsass.exe") returned -1 [0127.765] lstrcmpiW (lpString1="services.exe", lpString2="lsass.exe") returned 1 [0127.765] lstrcmpiW (lpString1="skype.exe", lpString2="spoolsv.exe") returned -1 [0127.765] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="spoolsv.exe") returned -1 [0127.765] lstrcmpiW (lpString1="origin.exe", lpString2="spoolsv.exe") returned -1 [0127.765] lstrcmpiW (lpString1="steam.exe", lpString2="spoolsv.exe") returned 1 [0127.765] lstrcmpiW (lpString1="winlogon.exe", lpString2="spoolsv.exe") returned 1 [0127.765] lstrcmpiW (lpString1="csrss.exe", lpString2="spoolsv.exe") returned -1 [0127.765] lstrcmpiW (lpString1="services.exe", lpString2="spoolsv.exe") returned -1 [0127.766] lstrcmpiW (lpString1="lsass.exe", lpString2="spoolsv.exe") returned -1 [0127.766] lstrcmpiW (lpString1="skype.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="origin.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="steam.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="winlogon.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="csrss.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="services.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="lsass.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="spoolsv.exe", lpString2="conhost.exe") returned 1 [0127.766] lstrcmpiW (lpString1="skype.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="origin.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="steam.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="winlogon.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="csrss.exe", lpString2="DsmUserTask.exe") returned -1 [0127.766] lstrcmpiW (lpString1="services.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="lsass.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="spoolsv.exe", lpString2="DsmUserTask.exe") returned 1 [0127.766] lstrcmpiW (lpString1="conhost.exe", lpString2="DsmUserTask.exe") returned -1 [0127.766] lstrcmpiW (lpString1="skype.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="origin.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="steam.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="winlogon.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="csrss.exe", lpString2="dwm.exe") returned -1 [0127.766] lstrcmpiW (lpString1="services.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="lsass.exe", lpString2="dwm.exe") returned 1 [0127.766] lstrcmpiW (lpString1="spoolsv.exe", lpString2="dwm.exe") returned 1 [0127.768] lstrcmpiW (lpString1="conhost.exe", lpString2="dwm.exe") returned -1 [0127.768] lstrcmpiW (lpString1="DsmUserTask.exe", lpString2="dwm.exe") returned -1 [0127.768] lstrcmpiW (lpString1="skype.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="origin.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="steam.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="winlogon.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="csrss.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="services.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="lsass.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="spoolsv.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="conhost.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="DsmUserTask.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] lstrcmpiW (lpString1="dwm.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe") returned 1 [0127.768] GetTickCount () returned 0x2cefe [0127.768] GetCurrentThreadId () returned 0x744 [0127.768] RtlRandom (in: Seed=0x142f974 | out: Seed=0x142f974) returned 0x8116fcb4 [0127.768] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x77d0ad10, dwSize=0x10, flNewProtect=0x40, lpflOldProtect=0x142f97c | out: lpflOldProtect=0x142f97c*=0x20) returned 1 [0127.768] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3144170, cbMultiByte=34, lpWideCharStr=0x1642d08, cchWideChar=34 | out: lpWideCharStr="Software\\AppDataLow\\Google Updater") returned 34 [0127.768] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Google Updater", ulOptions=0x0, samDesired=0x101, phkResult=0x142f938 | out: phkResult=0x142f938*=0x0) returned 0x2 [0127.769] SetLastError (dwErrCode=0x2) [0127.769] SetLastError (dwErrCode=0x2) [0127.769] SetLastError (dwErrCode=0x2) [0127.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31441c8, cbMultiByte=16, lpWideCharStr=0x16410c0, cchWideChar=16 | out: lpWideCharStr="Software\\Win7zip") returned 16 [0127.769] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Win7zip", ulOptions=0x0, samDesired=0x101, phkResult=0x142f938 | out: phkResult=0x142f938*=0x0) returned 0x2 [0127.769] SetLastError (dwErrCode=0x2) [0127.769] SetLastError (dwErrCode=0x2) [0127.769] SetLastError (dwErrCode=0x2) [0127.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x31441c8, cbMultiByte=16, lpWideCharStr=0x16410c0, cchWideChar=16 | out: lpWideCharStr="Software\\Win7zip") returned 16 [0127.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Win7zip", ulOptions=0x0, samDesired=0x101, phkResult=0x142f938 | out: phkResult=0x142f938*=0x0) returned 0x2 [0127.769] SetLastError (dwErrCode=0x2) [0127.769] SetLastError (dwErrCode=0x2) [0127.769] SetLastError (dwErrCode=0x2) [0127.769] GetWindowsDirectoryW (in: lpBuffer=0x142f7cc, uSize=0x7f | out: lpBuffer="C:\\Windows") returned 0xa [0127.769] wvnsprintfA (in: pszDest=0x142f68c, cchDest=319, pszFmt="%S\\%S\\%S\\%p", arglist=0x142f678 | out: pszDest="C:\\Intel (R) Core(TM) i5-7500 CPU @ 3.40GHz\\00330-80107-01105-AA992\\D2CA4DEF") returned 76 [0127.769] SetLastError (dwErrCode=0x0) [0127.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3144170, cbMultiByte=34, lpWideCharStr=0x1642d08, cchWideChar=34 | out: lpWideCharStr="Software\\AppDataLow\\Google Updater") returned 34 [0127.769] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Google Updater", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x142f934, lpdwDisposition=0x0 | out: phkResult=0x142f934*=0x230, lpdwDisposition=0x0) returned 0x0 [0127.769] SetLastError (dwErrCode=0x0) [0127.769] SetLastError (dwErrCode=0x0) [0127.770] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3144194, cbMultiByte=10, lpWideCharStr=0x1628bd0, cchWideChar=10 | out: lpWideCharStr="LastUpdate") returned 10 [0127.770] RtlInitUnicodeString (in: DestinationString=0x142f8d0, SourceString="LastUpdate" | out: DestinationString="LastUpdate") [0127.770] NtSetValueKey (in: KeyHandle=0x230, ValueName="LastUpdate", TitleIndex=0x0, Type=0x3, Data=0x142f960*, DataSize=0x10 | out: Data=0x142f960*) returned 0x0 [0127.770] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] RegCloseKey (hKey=0x230) returned 0x0 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2dab, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="33") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2dad, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="8D") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2daf, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="6C") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2db1, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="74") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2db3, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="C0") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2db5, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="11") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2db7, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="B1") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2db9, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="F5") returned 2 [0127.770] SetLastError (dwErrCode=0x0) [0127.770] wvnsprintfA (in: pszDest=0x15c2dbb, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="D9") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dbd, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="78") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dbf, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="6B") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dc1, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="D7") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dc3, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="CA") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dc5, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="63") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dc7, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="FB") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x15c2dc9, cchDest=2147483647, pszFmt="%02X", arglist=0x142f94c | out: pszDest="A4") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8ec, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="2F") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8ee, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="91") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8f0, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="70") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8f2, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="68") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8f4, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="DC") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8f6, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="0D") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8f8, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="AD") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8fa, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="E9") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8fc, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="C5") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f8fe, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="64") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f900, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="77") returned 2 [0127.771] SetLastError (dwErrCode=0x0) [0127.771] wvnsprintfA (in: pszDest=0x142f902, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="CB") returned 2 [0127.772] SetLastError (dwErrCode=0x0) [0127.772] wvnsprintfA (in: pszDest=0x142f904, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="D6") returned 2 [0127.772] SetLastError (dwErrCode=0x0) [0127.772] wvnsprintfA (in: pszDest=0x142f906, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="7F") returned 2 [0127.772] SetLastError (dwErrCode=0x0) [0127.772] wvnsprintfA (in: pszDest=0x142f908, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="E7") returned 2 [0127.772] SetLastError (dwErrCode=0x0) [0127.772] wvnsprintfA (in: pszDest=0x142f90a, cchDest=2147483647, pszFmt="%02X", arglist=0x142f8e0 | out: pszDest="B8") returned 2 [0127.772] SetLastError (dwErrCode=0x0) [0127.772] wvnsprintfW (in: pszDest=0x142f7b4, cchDest=260, pszFmt="/%s", arglist=0x142f7a8 | out: pszDest="/ro") returned 3 [0127.772] SetLastError (dwErrCode=0x0) [0127.772] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"" [0127.772] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"", pNumArgs=0x142f9bc | out: pNumArgs=0x142f9bc) returned 0x1642d08*="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" [0127.772] LocalFree (hMem=0x1642d08) returned 0x0 [0127.772] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"" [0127.772] CharLowerBuffW (in: lpsz="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"", cchLength=0x2a | out: lpsz="\"c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe\"") returned 0x2a [0127.772] CommandLineToArgvW (in: lpCmdLine="\"c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe\"", pNumArgs=0x142f9cc | out: pNumArgs=0x142f9cc) returned 0x1642d68*="c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe" [0127.772] LocalFree (hMem=0x1642d68) returned 0x0 [0127.772] ReadProcessMemory (in: hProcess=0xffffffff, lpBaseAddress=0x3145098, lpBuffer=0x1647578, nSize=0x400, lpNumberOfBytesRead=0x142f9b4 | out: lpBuffer=0x1647578*, lpNumberOfBytesRead=0x142f9b4*=0x400) returned 1 [0127.772] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x900, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000 [0127.773] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x900, flAllocationType=0x3000, flProtect=0x4) returned 0x38f0000 [0127.773] BuildExplicitAccessWithNameA () returned 0x0 [0127.773] SetEntriesInAclA () returned 0x0 [0127.774] SetSecurityInfo () returned 0x0 [0127.774] LocalFree (hMem=0x163f460) returned 0x0 [0127.774] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x142f840 | out: lpWSAData=0x142f840) returned 0 [0127.778] GetDesktopWindow () returned 0x10010 [0127.778] GetTopWindow (hWnd=0x10010) returned 0x1011c [0127.778] GetProcAddress (hModule=0x77ca0000, lpProcName="wine_get_version") returned 0x0 [0127.778] GetProcAddress (hModule=0x75260000, lpProcName="wine_get_unix_file_name") returned 0x0 [0127.778] GetModuleHandleW (lpModuleName="avcuf32.dll") returned 0x0 [0127.778] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x142f7c0, nSize=0x142f9c8 | out: lpNameBuffer="LHNIWSJ\\CIiHmnxMn6Ps", nSize=0x142f9c8) returned 0x1 [0127.779] NetUserGetInfo (in: servername=0x0, username="CIiHmnxMn6Ps", level=0x2, bufptr=0x142f9cc | out: bufptr=0x164e350*(usri2_name="CIiHmnxMn6Ps", usri2_password=0x0, usri2_password_age=0x1db434e, usri2_priv=0x2, usri2_home_dir="", usri2_comment="", usri2_flags=0x10201, usri2_script_path="", usri2_auth_flags=0x0, usri2_full_name="", usri2_usr_comment="", usri2_parms="", usri2_workstations="", usri2_last_logon=0x5bc7e4c1, usri2_last_logoff=0x0, usri2_acct_expires=0xffffffff, usri2_max_storage=0xffffffff, usri2_units_per_week=0xa8, usri2_logon_hours=0x164e3db, usri2_bad_pw_count=0x0, usri2_num_logons=0x28, usri2_logon_server="\\\\*", usri2_country_code=0x1, usri2_code_page=0x4e4)) returned 0x0 [0127.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x142f7a8 | out: lpSystemTimeAsFileTime=0x142f7a8*(dwLowDateTime=0x40cd6b01, dwHighDateTime=0x1d4a734)) [0127.975] RtlTimeToSecondsSince1970 (in: Time=0x142f7a8, ElapsedSeconds=0x142f7b0 | out: ElapsedSeconds=0x142f7b0) returned 1 [0127.975] GetTickCount () returned 0x2cfc9 [0127.975] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f954*=0x0, ZeroBits=0x0, RegionSize=0x142f964*=0x19d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x142f954*=0x3900000, RegionSize=0x142f964*=0x1000) returned 0x0 [0127.975] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0127.975] SetLastError (dwErrCode=0x0) [0127.975] QueueUserAPC (pfnAPC=0x3900000, hThread=0xfffffffe, dwData=0x164e6b0) returned 0x1 [0127.976] SleepEx (dwMilliseconds=0xa, bAlertable=1) returned 0xc0 [0127.976] wvnsprintfA (in: pszDest=0x142f580, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f468 | out: pszDest="CG1CG1_11980343") returned 15 [0127.976] SetLastError (dwErrCode=0x0) [0127.976] wvnsprintfA (in: pszDest=0x142f480, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f464 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0127.976] SetLastError (dwErrCode=0x0) [0127.976] wvnsprintfA (in: pszDest=0x142f824, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f700 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0127.976] SetLastError (dwErrCode=0x0) [0127.976] wvnsprintfA (in: pszDest=0x142f690, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f578 | out: pszDest="LSFLSF_11980343") returned 15 [0127.976] SetLastError (dwErrCode=0x0) [0127.976] wvnsprintfA (in: pszDest=0x142f590, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f574 | out: pszDest="cb7bbbee06636e535c7c377204c5eb13") returned 32 [0127.976] SetLastError (dwErrCode=0x0) [0127.976] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f824, cbMultiByte=95, lpWideCharStr=0x164ce70, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0127.976] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0x142f804 | out: phkResult=0x142f804*=0x0) returned 0x2 [0127.976] SetLastError (dwErrCode=0x2) [0127.976] SetLastError (dwErrCode=0x2) [0127.976] SetLastError (dwErrCode=0x2) [0127.976] GetLastError () returned 0x2 [0127.976] SetLastError (dwErrCode=0x2) [0127.977] GetProcAddress (hModule=0x769b0000, lpProcName="GetAddrInfoW") returned 0x769b9d90 [0127.977] GetProcAddress (hModule=0x769b0000, lpProcName="GetAddrInfoExW") returned 0x769b6210 [0127.977] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x3910000 [0127.977] VirtualAlloc (lpAddress=0x0, dwSize=0xd5c, flAllocationType=0x3000, flProtect=0x40) returned 0x3920000 [0127.978] VirtualAlloc (lpAddress=0x0, dwSize=0xb822, flAllocationType=0x3000, flProtect=0x40) returned 0x3930000 [0127.979] VirtualQuery (in: lpAddress=0x64ae1e60, lpBuffer=0x142f86c, dwLength=0x1c | out: lpBuffer=0x142f86c*(BaseAddress=0x64ae1000, AllocationBase=0x64ae0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0127.979] wvnsprintfA (in: pszDest=0x142f440, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f328 | out: pszDest="CG1CG1_11980343") returned 15 [0127.979] SetLastError (dwErrCode=0x0) [0127.979] wvnsprintfA (in: pszDest=0x142f340, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f324 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0127.979] SetLastError (dwErrCode=0x0) [0127.979] wvnsprintfA (in: pszDest=0x142f6e4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f5c0 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0127.979] SetLastError (dwErrCode=0x0) [0127.979] wvnsprintfA (in: pszDest=0x142f550, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f438 | out: pszDest="NUKNUK_11980343") returned 15 [0127.979] SetLastError (dwErrCode=0x0) [0127.979] wvnsprintfA (in: pszDest=0x142f450, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f434 | out: pszDest="02693813c9e94deda8ce7fd43e65215b") returned 32 [0127.979] SetLastError (dwErrCode=0x0) [0127.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f6e4, cbMultiByte=95, lpWideCharStr=0x164ce70, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0127.979] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0x142f6c4 | out: phkResult=0x142f6c4*=0x0) returned 0x2 [0127.980] SetLastError (dwErrCode=0x2) [0127.980] SetLastError (dwErrCode=0x2) [0127.980] SetLastError (dwErrCode=0x2) [0127.980] GetLastError () returned 0x2 [0127.980] SetLastError (dwErrCode=0x2) [0127.980] GetModuleHandleA (lpModuleName="ssleay32.dll") returned 0x0 [0127.980] GetModuleHandleA (lpModuleName="secur32.dll") returned 0x74610000 [0127.980] GetModuleFileNameW (in: hModule=0x77ca0000, lpFilename=0x164c198, nSize=0x103 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0127.981] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x248 [0127.981] CreateFileMappingW (hFile=0x248, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x24c [0127.982] MapViewOfFile (hFileMappingObject=0x24c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3a80000 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.982] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0127.983] UnmapViewOfFile (lpBaseAddress=0x3a80000) returned 1 [0127.984] CloseHandle (hObject=0x24c) returned 1 [0127.984] CloseHandle (hObject=0x248) returned 1 [0127.984] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x142f23c | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0127.984] CharLowerBuffW (in: lpsz="Windows\\CurrentVersion\\Run", cchLength=0x1b | out: lpsz="windows\\currentversion\\run") returned 0x1b [0127.984] CharLowerBuffW (in: lpsz="Task Protect 2.3", cchLength=0x11 | out: lpsz="task protect 2.3") returned 0x11 [0127.984] wvnsprintfW (in: pszDest=0x142f668, cchDest=2147483647, pszFmt="Windows NT\\CurrentVersion\\Image File Execution Options\\%s", arglist=0x142f450 | out: pszDest="Windows NT\\CurrentVersion\\Image File Execution Options\\urkotu.exe") returned 65 [0127.984] SetLastError (dwErrCode=0x0) [0127.984] CharLowerBuffW (in: lpsz="Windows NT\\CurrentVersion\\Image File Execution Options\\urkotu.exe", cchLength=0x42 | out: lpsz="windows nt\\currentversion\\image file execution options\\urkotu.exe") returned 0x42 [0127.984] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f448*=0x313ab24, NumberOfBytesToProtect=0x142f438, NewAccessProtection=0x40, OldAccessProtection=0x142f87c | out: BaseAddress=0x142f448*=0x313a000, NumberOfBytesToProtect=0x142f438, OldAccessProtection=0x142f87c*=0x40) returned 0x0 [0127.984] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0127.984] SetLastError (dwErrCode=0x0) [0127.984] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f448*=0x313ab7d, NumberOfBytesToProtect=0x142f438, NewAccessProtection=0x40, OldAccessProtection=0x142f87c | out: BaseAddress=0x142f448*=0x313a000, NumberOfBytesToProtect=0x142f438, OldAccessProtection=0x142f87c*=0x40) returned 0x0 [0127.984] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0127.984] SetLastError (dwErrCode=0x0) [0127.984] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x779f0000 [0127.985] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x779f0000 [0127.985] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x779f0000 [0127.985] GetPriorityClass (hProcess=0xffffffff) returned 0x20 [0127.985] SetPriorityClass (hProcess=0xffffffff, dwPriorityClass=0x4000) returned 1 [0128.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f794*=0x77a2552a, NumberOfBytesToProtect=0x142f784, NewAccessProtection=0x40, OldAccessProtection=0x142f7d4 | out: BaseAddress=0x142f794*=0x77a25000, NumberOfBytesToProtect=0x142f784, OldAccessProtection=0x142f7d4*=0x20) returned 0x0 [0128.193] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0128.193] SetLastError (dwErrCode=0x0) [0128.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f794*=0x77a25630, NumberOfBytesToProtect=0x142f784, NewAccessProtection=0x40, OldAccessProtection=0x142f7d8 | out: BaseAddress=0x142f794*=0x77a25000, NumberOfBytesToProtect=0x142f784, OldAccessProtection=0x142f7d8*=0x80) returned 0x0 [0128.193] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0128.193] SetLastError (dwErrCode=0x0) [0128.195] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f794*=0x77a25630, NumberOfBytesToProtect=0x142f784, NewAccessProtection=0x80, OldAccessProtection=0x142f7d8 | out: BaseAddress=0x142f794*=0x77a25000, NumberOfBytesToProtect=0x142f784, OldAccessProtection=0x142f7d8*=0x40) returned 0x0 [0128.195] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0128.195] SetLastError (dwErrCode=0x0) [0128.195] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x142f794*=0x77a2552a, NumberOfBytesToProtect=0x142f784, NewAccessProtection=0x20, OldAccessProtection=0x142f7d8 | out: BaseAddress=0x142f794*=0x77a25000, NumberOfBytesToProtect=0x142f784, OldAccessProtection=0x142f7d8*=0x40) returned 0x0 [0128.195] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0128.195] SetLastError (dwErrCode=0x0) [0128.195] SetPriorityClass (hProcess=0xffffffff, dwPriorityClass=0x20) returned 1 [0128.195] GetTickCount () returned 0x2d0a4 [0128.195] GetWindowsDirectoryW (in: lpBuffer=0x142f7c0, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0128.195] wvnsprintfW (in: pszDest=0x142f5b8, cchDest=260, pszFmt="%s\\winsxs\\x86_microsoft.windows.common-controls_*6.0.*_*", arglist=0x142f354 | out: pszDest="C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_*6.0.*_*") returned 64 [0128.195] SetLastError (dwErrCode=0x0) [0128.195] FindFirstFileW (in: lpFileName="C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_*6.0.*_*", lpFindFileData=0x142f368 | out: lpFindFileData=0x142f368) returned 0x162dcf8 [0128.197] wvnsprintfW (in: pszDest=0x15c1927, cchDest=260, pszFmt="%s\\winsxs\\%s\\comctl32.dll", arglist=0x142f350 | out: pszDest="C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll") returned 123 [0128.197] SetLastError (dwErrCode=0x0) [0128.197] FindClose (in: hFindFile=0x162dcf8 | out: hFindFile=0x162dcf8) returned 1 [0128.197] Sleep (dwMilliseconds=0x3c) [0128.267] GetModuleHandleW (lpModuleName=0x0) returned 0x3100000 [0128.267] GetSystemWow64DirectoryW (in: lpBuffer=0x142f370, uSize=0x103 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0128.267] PathAppendW (in: pszPath="C:\\Windows\\SysWOW64", pMore="explorer.exe" | out: pszPath="C:\\Windows\\SysWOW64\\explorer.exe") returned 1 [0128.267] GetFileAttributesW (lpFileName="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20 [0128.267] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x248 [0128.267] GetFileSize (in: hFile=0x248, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3db190 [0128.268] ReadFile (in: hFile=0x248, lpBuffer=0x142f018, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0x142f350, lpOverlapped=0x0 | out: lpBuffer=0x142f018*, lpNumberOfBytesRead=0x142f350*=0x338, lpOverlapped=0x0) returned 1 [0128.279] CloseHandle (hObject=0x248) returned 1 [0128.313] wvnsprintfA (in: pszDest=0x142f77c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f764 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:PS_v1$") returned 54 [0128.313] SetLastError (dwErrCode=0x0) [0128.314] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] GetLastError () returned 0x0 [0128.314] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] GetLastError () returned 0x0 [0128.314] SetLastError (dwErrCode=0x0) [0128.314] CreateEventA (lpEventAttributes=0x142f878, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:PS_v1$") returned 0x248 [0128.314] SetLastError (dwErrCode=0x0) [0128.314] wvnsprintfA (in: pszDest=0x142f77c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f764 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:IP_v1$") returned 54 [0128.314] SetLastError (dwErrCode=0x0) [0128.314] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] GetLastError () returned 0x0 [0128.314] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] GetLastError () returned 0x0 [0128.314] SetLastError (dwErrCode=0x0) [0128.314] CreateEventA (lpEventAttributes=0x142f878, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:IP_v1$") returned 0x24c [0128.314] SetLastError (dwErrCode=0x0) [0128.314] wvnsprintfA (in: pszDest=0x142f77c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f764 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:AR_v1$") returned 54 [0128.314] SetLastError (dwErrCode=0x0) [0128.314] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] GetLastError () returned 0x0 [0128.314] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.314] GetLastError () returned 0x0 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] CreateEventA (lpEventAttributes=0x142f878, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:AR_v1$") returned 0x250 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] wvnsprintfA (in: pszDest=0x142f77c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f764 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:DS_v1$") returned 54 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.315] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.315] GetLastError () returned 0x0 [0128.315] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.315] GetLastError () returned 0x0 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] CreateEventA (lpEventAttributes=0x142f878, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:DS_v1$") returned 0x254 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] wvnsprintfA (in: pszDest=0x142f77c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f764 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULI_v1$") returned 55 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.315] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.315] GetLastError () returned 0x0 [0128.315] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.315] GetLastError () returned 0x0 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] CreateEventA (lpEventAttributes=0x142f878, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULI_v1$") returned 0x258 [0128.315] SetLastError (dwErrCode=0x0) [0128.315] ResetEvent (hEvent=0x258) returned 1 [0128.315] ResetEvent (hEvent=0x248) returned 1 [0128.316] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x142f9ec, ProcessInformationLength=0x4, ReturnLength=0x142f9e8 | out: ProcessInformation=0x142f9ec, ReturnLength=0x142f9e8) returned 0x0 [0128.316] wvnsprintfA (in: pszDest=0x142f988, cchDest=63, pszFmt="0x%08X", arglist=0x142f980 | out: pszDest="0x0000073C") returned 10 [0128.316] SetLastError (dwErrCode=0x0) [0128.316] wvnsprintfA (in: pszDest=0x142f748, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f730 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x0000073C_v1$") returned 62 [0128.316] SetLastError (dwErrCode=0x0) [0128.316] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x0000073C_v1$") returned 0x0 [0128.316] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.316] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.316] GetLastError () returned 0x2 [0128.316] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.316] GetLastError () returned 0x2 [0128.316] SetLastError (dwErrCode=0x2) [0128.316] CreateEventA (lpEventAttributes=0x142f844, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x0000073C_v1$") returned 0x25c [0128.316] GetLastError () returned 0x0 [0128.316] SetLastError (dwErrCode=0x0) [0128.321] CreateFileA (lpFileName="\\\\.\\HGFS" (normalized: "hgfs"), dwDesiredAccess=0x1, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0128.326] CreateFileA (lpFileName="\\\\.\\VBoxGuest" (normalized: "vboxguest"), dwDesiredAccess=0x1, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0128.326] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x200, samDesired=0x1, phkResult=0x142f9cc | out: phkResult=0x142f9cc*=0x260) returned 0x0 [0128.326] SetLastError (dwErrCode=0x0) [0128.326] RegEnumValueW (in: hKey=0x260, dwIndex=0x0, lpValueName=0x142f17c, lpcchValueName=0x142f9a4, lpReserved=0x0, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0 | out: lpValueName="SunJavaUpdateSched", lpcchValueName=0x142f9a4, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0) returned 0x0 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVP") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcui_exe") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcpltui_exe") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="McAfeeUpdaterUI") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bdagent") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Titanium") returned -1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Client Framework") returned -1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AvastUI.exe") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="avast") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="MSC") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVG_UI") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="BullGuard") returned 1 [0128.326] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Sophos AutoUpdate Monitor") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="SpIDerAgent") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="APVXDWIN") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="PSUAMain") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="WRSVC") returned -1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="emsisoft anti-malware") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ISTray") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="G Data AntiVirus Tray") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ZoneAlarm") returned -1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bkav") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="V3 Application") returned -1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Baidu Antivirus") returned 1 [0128.327] RegEnumValueW (in: hKey=0x260, dwIndex=0x1, lpValueName=0x142f17c, lpcchValueName=0x142f9a4, lpReserved=0x0, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0 | out: lpValueName="", lpcchValueName=0x142f9a4, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0) returned 0x103 [0128.327] RegCloseKey (hKey=0x260) returned 0x0 [0128.327] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x100, samDesired=0x1, phkResult=0x142f9cc | out: phkResult=0x142f9cc*=0x260) returned 0x0 [0128.327] SetLastError (dwErrCode=0x0) [0128.327] RegEnumValueW (in: hKey=0x260, dwIndex=0x0, lpValueName=0x142f17c, lpcchValueName=0x142f9a4, lpReserved=0x0, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0 | out: lpValueName="SunJavaUpdateSched", lpcchValueName=0x142f9a4, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0) returned 0x0 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVP") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcui_exe") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcpltui_exe") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="McAfeeUpdaterUI") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bdagent") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Titanium") returned -1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Client Framework") returned -1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AvastUI.exe") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="avast") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="MSC") returned 1 [0128.327] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVG_UI") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="BullGuard") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Sophos AutoUpdate Monitor") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="SpIDerAgent") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="APVXDWIN") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="PSUAMain") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="WRSVC") returned -1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="emsisoft anti-malware") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ISTray") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="G Data AntiVirus Tray") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ZoneAlarm") returned -1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bkav") returned 1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="V3 Application") returned -1 [0128.328] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Baidu Antivirus") returned 1 [0128.328] RegEnumValueW (in: hKey=0x260, dwIndex=0x1, lpValueName=0x142f17c, lpcchValueName=0x142f9a4, lpReserved=0x0, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0 | out: lpValueName="", lpcchValueName=0x142f9a4, lpType=0x0, lpData=0x1657af0, lpcbData=0x142f9a0) returned 0x103 [0128.328] RegCloseKey (hKey=0x260) returned 0x0 [0128.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services", ulOptions=0x0, samDesired=0x9, phkResult=0x142f9cc | out: phkResult=0x142f9cc*=0x260) returned 0x0 [0128.328] SetLastError (dwErrCode=0x0) [0128.328] RegQueryInfoKeyA (in: hKey=0x260, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x231, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.328] SetLastError (dwErrCode=0x0) [0128.328] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET CLR Data", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.328] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET CLR Data") returned 47 [0128.328] SetLastError (dwErrCode=0x0) [0128.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET CLR Data", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.328] SetLastError (dwErrCode=0x0) [0128.328] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.328] RegCloseKey (hKey=0x264) returned 0x0 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] GetLastError () returned 0x0 [0128.329] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET CLR Networking", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.329] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking") returned 53 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.329] RegCloseKey (hKey=0x264) returned 0x0 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] GetLastError () returned 0x0 [0128.329] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET CLR Networking 4.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.329] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking 4.0.0.0") returned 61 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking 4.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.329] RegCloseKey (hKey=0x264) returned 0x0 [0128.329] SetLastError (dwErrCode=0x0) [0128.329] GetLastError () returned 0x0 [0128.330] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET Data Provider for Oracle", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.330] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for Oracle") returned 63 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for Oracle", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.330] RegCloseKey (hKey=0x264) returned 0x0 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] GetLastError () returned 0x0 [0128.330] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET Data Provider for SqlServer", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.330] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for SqlServer") returned 66 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for SqlServer", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.330] RegCloseKey (hKey=0x264) returned 0x0 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] GetLastError () returned 0x0 [0128.330] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET Memory Cache 4.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.330] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET Memory Cache 4.0") returned 55 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET Memory Cache 4.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.330] SetLastError (dwErrCode=0x0) [0128.330] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.330] RegCloseKey (hKey=0x264) returned 0x0 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] GetLastError () returned 0x0 [0128.331] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NETFramework", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.331] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NETFramework") returned 47 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NETFramework", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.331] RegCloseKey (hKey=0x264) returned 0x0 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] GetLastError () returned 0x0 [0128.331] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="1394ohci", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.331] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\1394ohci") returned 42 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\1394ohci", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.331] RegCloseKey (hKey=0x264) returned 0x0 [0128.331] SetLastError (dwErrCode=0x0) [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="NAVENG") returned -1 [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="ccEvtMgr") returned -1 [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="NAV") returned -1 [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="NIS") returned -1 [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="NAVEX15") returned -1 [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="AVP") returned -1 [0128.331] lstrcmpiW (lpString1="1394ohci", lpString2="AVP15.0.0") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="AVP15.0.1") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="kl1") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="McComponentHostService") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="ekrn") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="egui") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="avgwd") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="BdfNdisf") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="avast! Antivirus") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="MsMpSvc") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="RsMgrSvc") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="fshoster") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="AVKProxy") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="MBAMService") returned -1 [0128.332] lstrcmpiW (lpString1="1394ohci", lpString2="GbpSv") returned -1 [0128.332] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="3ware", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.332] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\3ware") returned 39 [0128.332] SetLastError (dwErrCode=0x0) [0128.332] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\3ware", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.332] SetLastError (dwErrCode=0x0) [0128.332] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.332] RegCloseKey (hKey=0x264) returned 0x0 [0128.332] SetLastError (dwErrCode=0x0) [0128.332] lstrcmpiW (lpString1="3ware", lpString2="NAVENG") returned -1 [0128.332] lstrcmpiW (lpString1="3ware", lpString2="ccEvtMgr") returned -1 [0128.332] lstrcmpiW (lpString1="3ware", lpString2="NAV") returned -1 [0128.332] lstrcmpiW (lpString1="3ware", lpString2="NIS") returned -1 [0128.332] lstrcmpiW (lpString1="3ware", lpString2="NAVEX15") returned -1 [0128.332] lstrcmpiW (lpString1="3ware", lpString2="AVP") returned -1 [0128.332] lstrcmpiW (lpString1="3ware", lpString2="AVP15.0.0") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="AVP15.0.1") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="kl1") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="McComponentHostService") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="ekrn") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="egui") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="avgwd") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="BdfNdisf") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="avast! Antivirus") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="MsMpSvc") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="RsMgrSvc") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="fshoster") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="AVKProxy") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="MBAMService") returned -1 [0128.333] lstrcmpiW (lpString1="3ware", lpString2="GbpSv") returned -1 [0128.333] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ACPI", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.333] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ACPI") returned 38 [0128.333] SetLastError (dwErrCode=0x0) [0128.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ACPI", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.333] SetLastError (dwErrCode=0x0) [0128.333] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.333] RegCloseKey (hKey=0x264) returned 0x0 [0128.333] SetLastError (dwErrCode=0x0) [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="NAVENG") returned -1 [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="ccEvtMgr") returned -1 [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="NAV") returned -1 [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="NIS") returned -1 [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="NAVEX15") returned -1 [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="AVP") returned -1 [0128.333] lstrcmpiW (lpString1="ACPI", lpString2="AVP15.0.0") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="AVP15.0.1") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="kl1") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="McComponentHostService") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="ekrn") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="egui") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="avgwd") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="BdfNdisf") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="avast! Antivirus") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="MsMpSvc") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="RsMgrSvc") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="fshoster") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="AVKProxy") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="MBAMService") returned -1 [0128.334] lstrcmpiW (lpString1="ACPI", lpString2="GbpSv") returned -1 [0128.334] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="acpiex", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.334] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\acpiex") returned 40 [0128.334] SetLastError (dwErrCode=0x0) [0128.334] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\acpiex", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.334] SetLastError (dwErrCode=0x0) [0128.334] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.334] RegCloseKey (hKey=0x264) returned 0x0 [0128.334] SetLastError (dwErrCode=0x0) [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="NAVENG") returned -1 [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="ccEvtMgr") returned -1 [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="NAV") returned -1 [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="NIS") returned -1 [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="NAVEX15") returned -1 [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="AVP") returned -1 [0128.334] lstrcmpiW (lpString1="acpiex", lpString2="AVP15.0.0") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="AVP15.0.1") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="kl1") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="McComponentHostService") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="ekrn") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="egui") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="avgwd") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="BdfNdisf") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="avast! Antivirus") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="MsMpSvc") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="RsMgrSvc") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="fshoster") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="AVKProxy") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="MBAMService") returned -1 [0128.335] lstrcmpiW (lpString1="acpiex", lpString2="GbpSv") returned -1 [0128.335] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="acpipagr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.335] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\acpipagr") returned 42 [0128.335] SetLastError (dwErrCode=0x0) [0128.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\acpipagr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.335] SetLastError (dwErrCode=0x0) [0128.335] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.335] RegCloseKey (hKey=0x264) returned 0x0 [0128.335] SetLastError (dwErrCode=0x0) [0128.335] lstrcmpiW (lpString1="acpipagr", lpString2="NAVENG") returned -1 [0128.335] lstrcmpiW (lpString1="acpipagr", lpString2="ccEvtMgr") returned -1 [0128.335] lstrcmpiW (lpString1="acpipagr", lpString2="NAV") returned -1 [0128.335] lstrcmpiW (lpString1="acpipagr", lpString2="NIS") returned -1 [0128.335] lstrcmpiW (lpString1="acpipagr", lpString2="NAVEX15") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="AVP") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="AVP15.0.0") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="AVP15.0.1") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="kl1") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="McComponentHostService") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="ekrn") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="egui") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="avgwd") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="BdfNdisf") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="avast! Antivirus") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="MsMpSvc") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="RsMgrSvc") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="fshoster") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="AVKProxy") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="MBAMService") returned -1 [0128.336] lstrcmpiW (lpString1="acpipagr", lpString2="GbpSv") returned -1 [0128.336] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AcpiPmi", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.336] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AcpiPmi") returned 41 [0128.336] SetLastError (dwErrCode=0x0) [0128.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AcpiPmi", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.336] SetLastError (dwErrCode=0x0) [0128.336] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.336] RegCloseKey (hKey=0x264) returned 0x0 [0128.336] SetLastError (dwErrCode=0x0) [0128.336] lstrcmpiW (lpString1="AcpiPmi", lpString2="NAVENG") returned -1 [0128.336] lstrcmpiW (lpString1="AcpiPmi", lpString2="ccEvtMgr") returned -1 [0128.336] lstrcmpiW (lpString1="AcpiPmi", lpString2="NAV") returned -1 [0128.336] lstrcmpiW (lpString1="AcpiPmi", lpString2="NIS") returned -1 [0128.336] lstrcmpiW (lpString1="AcpiPmi", lpString2="NAVEX15") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVP") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVP15.0.0") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVP15.0.1") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="kl1") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="McComponentHostService") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="ekrn") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="egui") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="avgwd") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="BdfNdisf") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="avast! Antivirus") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="MsMpSvc") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="RsMgrSvc") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="fshoster") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVKProxy") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="MBAMService") returned -1 [0128.337] lstrcmpiW (lpString1="AcpiPmi", lpString2="GbpSv") returned -1 [0128.337] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="acpitime", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.337] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\acpitime") returned 42 [0128.337] SetLastError (dwErrCode=0x0) [0128.337] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\acpitime", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.337] SetLastError (dwErrCode=0x0) [0128.337] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.337] RegCloseKey (hKey=0x264) returned 0x0 [0128.337] SetLastError (dwErrCode=0x0) [0128.337] lstrcmpiW (lpString1="acpitime", lpString2="NAVENG") returned -1 [0128.337] lstrcmpiW (lpString1="acpitime", lpString2="ccEvtMgr") returned -1 [0128.337] lstrcmpiW (lpString1="acpitime", lpString2="NAV") returned -1 [0128.337] lstrcmpiW (lpString1="acpitime", lpString2="NIS") returned -1 [0128.337] lstrcmpiW (lpString1="acpitime", lpString2="NAVEX15") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="AVP") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="AVP15.0.0") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="AVP15.0.1") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="kl1") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="McComponentHostService") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="ekrn") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="egui") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="avgwd") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="BdfNdisf") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="avast! Antivirus") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="MsMpSvc") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="RsMgrSvc") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="fshoster") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="AVKProxy") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="MBAMService") returned -1 [0128.338] lstrcmpiW (lpString1="acpitime", lpString2="GbpSv") returned -1 [0128.338] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AdobeARMservice", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.338] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AdobeARMservice") returned 49 [0128.338] SetLastError (dwErrCode=0x0) [0128.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AdobeARMservice", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.338] SetLastError (dwErrCode=0x0) [0128.338] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.338] RegCloseKey (hKey=0x264) returned 0x0 [0128.338] SetLastError (dwErrCode=0x0) [0128.338] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NAVENG") returned -1 [0128.338] lstrcmpiW (lpString1="AdobeARMservice", lpString2="ccEvtMgr") returned -1 [0128.338] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NAV") returned -1 [0128.338] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NIS") returned -1 [0128.338] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NAVEX15") returned -1 [0128.338] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVP") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVP15.0.0") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVP15.0.1") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="kl1") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="McComponentHostService") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="ekrn") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="egui") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="avgwd") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="BdfNdisf") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="avast! Antivirus") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="MsMpSvc") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="RsMgrSvc") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="fshoster") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVKProxy") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="MBAMService") returned -1 [0128.339] lstrcmpiW (lpString1="AdobeARMservice", lpString2="GbpSv") returned -1 [0128.339] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ADOVMPPackage", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.339] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ADOVMPPackage") returned 47 [0128.339] SetLastError (dwErrCode=0x0) [0128.339] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ADOVMPPackage", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.339] SetLastError (dwErrCode=0x0) [0128.339] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.339] RegCloseKey (hKey=0x264) returned 0x0 [0128.339] SetLastError (dwErrCode=0x0) [0128.339] GetLastError () returned 0x0 [0128.339] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ADP80XX", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.339] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ADP80XX") returned 41 [0128.339] SetLastError (dwErrCode=0x0) [0128.340] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ADP80XX", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.340] SetLastError (dwErrCode=0x0) [0128.340] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.340] RegCloseKey (hKey=0x264) returned 0x0 [0128.340] SetLastError (dwErrCode=0x0) [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="NAVENG") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="ccEvtMgr") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="NAV") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="NIS") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="NAVEX15") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="AVP") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="AVP15.0.0") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="AVP15.0.1") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="kl1") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="McComponentHostService") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="ekrn") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="egui") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="avgwd") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="BdfNdisf") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="avast! Antivirus") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="MsMpSvc") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="RsMgrSvc") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="fshoster") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="AVKProxy") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="MBAMService") returned -1 [0128.340] lstrcmpiW (lpString1="ADP80XX", lpString2="GbpSv") returned -1 [0128.340] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="adsi", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.341] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\adsi") returned 38 [0128.341] SetLastError (dwErrCode=0x0) [0128.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\adsi", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.341] SetLastError (dwErrCode=0x0) [0128.341] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.341] RegCloseKey (hKey=0x264) returned 0x0 [0128.341] SetLastError (dwErrCode=0x0) [0128.341] GetLastError () returned 0x0 [0128.341] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AFD", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.341] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AFD") returned 37 [0128.341] SetLastError (dwErrCode=0x0) [0128.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AFD", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.341] SetLastError (dwErrCode=0x0) [0128.341] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.341] RegCloseKey (hKey=0x264) returned 0x0 [0128.341] SetLastError (dwErrCode=0x0) [0128.341] lstrcmpiW (lpString1="AFD", lpString2="NAVENG") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="ccEvtMgr") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="NAV") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="NIS") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="NAVEX15") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="AVP") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="AVP15.0.0") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="AVP15.0.1") returned -1 [0128.341] lstrcmpiW (lpString1="AFD", lpString2="kl1") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="McComponentHostService") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="ekrn") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="egui") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="avgwd") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="BdfNdisf") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="avast! Antivirus") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="MsMpSvc") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="RsMgrSvc") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="fshoster") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="AVKProxy") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="MBAMService") returned -1 [0128.342] lstrcmpiW (lpString1="AFD", lpString2="GbpSv") returned -1 [0128.342] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="agp440", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.342] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\agp440") returned 40 [0128.342] SetLastError (dwErrCode=0x0) [0128.342] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\agp440", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.342] SetLastError (dwErrCode=0x0) [0128.342] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.342] RegCloseKey (hKey=0x264) returned 0x0 [0128.342] SetLastError (dwErrCode=0x0) [0128.342] lstrcmpiW (lpString1="agp440", lpString2="NAVENG") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="ccEvtMgr") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="NAV") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="NIS") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="NAVEX15") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="AVP") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="AVP15.0.0") returned -1 [0128.342] lstrcmpiW (lpString1="agp440", lpString2="AVP15.0.1") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="kl1") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="McComponentHostService") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="ekrn") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="egui") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="avgwd") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="BdfNdisf") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="avast! Antivirus") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="MsMpSvc") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="RsMgrSvc") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="fshoster") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="AVKProxy") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="MBAMService") returned -1 [0128.343] lstrcmpiW (lpString1="agp440", lpString2="GbpSv") returned -1 [0128.343] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ahcache", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.343] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ahcache") returned 41 [0128.343] SetLastError (dwErrCode=0x0) [0128.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ahcache", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.343] SetLastError (dwErrCode=0x0) [0128.343] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.343] RegCloseKey (hKey=0x264) returned 0x0 [0128.343] SetLastError (dwErrCode=0x0) [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="NAVENG") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="ccEvtMgr") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="NAV") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="NIS") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="NAVEX15") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="AVP") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="AVP15.0.0") returned -1 [0128.343] lstrcmpiW (lpString1="ahcache", lpString2="AVP15.0.1") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="kl1") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="McComponentHostService") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="ekrn") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="egui") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="avgwd") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="BdfNdisf") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="avast! Antivirus") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="MsMpSvc") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="RsMgrSvc") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="fshoster") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="AVKProxy") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="MBAMService") returned -1 [0128.344] lstrcmpiW (lpString1="ahcache", lpString2="GbpSv") returned -1 [0128.344] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AJRouter", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.344] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AJRouter") returned 42 [0128.344] SetLastError (dwErrCode=0x0) [0128.344] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AJRouter", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.344] SetLastError (dwErrCode=0x0) [0128.344] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.344] RegCloseKey (hKey=0x264) returned 0x0 [0128.344] SetLastError (dwErrCode=0x0) [0128.344] lstrcmpiW (lpString1="AJRouter", lpString2="NAVENG") returned -1 [0128.344] lstrcmpiW (lpString1="AJRouter", lpString2="ccEvtMgr") returned -1 [0128.344] lstrcmpiW (lpString1="AJRouter", lpString2="NAV") returned -1 [0128.344] lstrcmpiW (lpString1="AJRouter", lpString2="NIS") returned -1 [0128.344] lstrcmpiW (lpString1="AJRouter", lpString2="NAVEX15") returned -1 [0128.344] lstrcmpiW (lpString1="AJRouter", lpString2="AVP") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="AVP15.0.0") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="AVP15.0.1") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="kl1") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="McComponentHostService") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="ekrn") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="egui") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="avgwd") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="BdfNdisf") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="avast! Antivirus") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="MsMpSvc") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="RsMgrSvc") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="fshoster") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="AVKProxy") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="MBAMService") returned -1 [0128.345] lstrcmpiW (lpString1="AJRouter", lpString2="GbpSv") returned -1 [0128.345] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ALG", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.345] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ALG") returned 37 [0128.345] SetLastError (dwErrCode=0x0) [0128.345] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ALG", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.345] SetLastError (dwErrCode=0x0) [0128.346] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.346] RegCloseKey (hKey=0x264) returned 0x0 [0128.346] SetLastError (dwErrCode=0x0) [0128.346] lstrcmpiW (lpString1="ALG", lpString2="NAVENG") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="ccEvtMgr") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="NAV") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="NIS") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="NAVEX15") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="AVP") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="AVP15.0.0") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="AVP15.0.1") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="kl1") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="McComponentHostService") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="ekrn") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="egui") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="avgwd") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="BdfNdisf") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="avast! Antivirus") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="MsMpSvc") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="RsMgrSvc") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="fshoster") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="AVKProxy") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="MBAMService") returned -1 [0128.346] lstrcmpiW (lpString1="ALG", lpString2="GbpSv") returned -1 [0128.346] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AmdK8", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.346] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AmdK8") returned 39 [0128.346] SetLastError (dwErrCode=0x0) [0128.346] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AmdK8", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.346] SetLastError (dwErrCode=0x0) [0128.346] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.347] RegCloseKey (hKey=0x264) returned 0x0 [0128.347] SetLastError (dwErrCode=0x0) [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="NAVENG") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="ccEvtMgr") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="NAV") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="NIS") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="NAVEX15") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="AVP") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="AVP15.0.0") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="AVP15.0.1") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="kl1") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="McComponentHostService") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="ekrn") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="egui") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="avgwd") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="BdfNdisf") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="avast! Antivirus") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="MsMpSvc") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="RsMgrSvc") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="fshoster") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="AVKProxy") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="MBAMService") returned -1 [0128.347] lstrcmpiW (lpString1="AmdK8", lpString2="GbpSv") returned -1 [0128.347] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AmdPPM", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.347] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AmdPPM") returned 40 [0128.347] SetLastError (dwErrCode=0x0) [0128.347] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AmdPPM", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.348] SetLastError (dwErrCode=0x0) [0128.348] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.348] RegCloseKey (hKey=0x264) returned 0x0 [0128.348] SetLastError (dwErrCode=0x0) [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="NAVENG") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="ccEvtMgr") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="NAV") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="NIS") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="NAVEX15") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="AVP") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="AVP15.0.0") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="AVP15.0.1") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="kl1") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="McComponentHostService") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="ekrn") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="egui") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="avgwd") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="BdfNdisf") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="avast! Antivirus") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="MsMpSvc") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="RsMgrSvc") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="fshoster") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="AVKProxy") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="MBAMService") returned -1 [0128.348] lstrcmpiW (lpString1="AmdPPM", lpString2="GbpSv") returned -1 [0128.348] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="amdsata", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.348] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\amdsata") returned 41 [0128.348] SetLastError (dwErrCode=0x0) [0128.348] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\amdsata", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.349] SetLastError (dwErrCode=0x0) [0128.349] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.349] RegCloseKey (hKey=0x264) returned 0x0 [0128.349] SetLastError (dwErrCode=0x0) [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="NAVENG") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="ccEvtMgr") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="NAV") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="NIS") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="NAVEX15") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="AVP") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="AVP15.0.0") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="AVP15.0.1") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="kl1") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="McComponentHostService") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="ekrn") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="egui") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="avgwd") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="BdfNdisf") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="avast! Antivirus") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="MsMpSvc") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="RsMgrSvc") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="fshoster") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="AVKProxy") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="MBAMService") returned -1 [0128.349] lstrcmpiW (lpString1="amdsata", lpString2="GbpSv") returned -1 [0128.349] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="amdsbs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.349] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\amdsbs") returned 40 [0128.349] SetLastError (dwErrCode=0x0) [0128.349] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\amdsbs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.350] SetLastError (dwErrCode=0x0) [0128.350] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.350] RegCloseKey (hKey=0x264) returned 0x0 [0128.350] SetLastError (dwErrCode=0x0) [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="NAVENG") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="ccEvtMgr") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="NAV") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="NIS") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="NAVEX15") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="AVP") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="AVP15.0.0") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="AVP15.0.1") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="kl1") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="McComponentHostService") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="ekrn") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="egui") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="avgwd") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="BdfNdisf") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="avast! Antivirus") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="MsMpSvc") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="RsMgrSvc") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="fshoster") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="AVKProxy") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="MBAMService") returned -1 [0128.350] lstrcmpiW (lpString1="amdsbs", lpString2="GbpSv") returned -1 [0128.350] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="amdxata", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.350] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\amdxata") returned 41 [0128.350] SetLastError (dwErrCode=0x0) [0128.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\amdxata", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.351] SetLastError (dwErrCode=0x0) [0128.351] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.351] RegCloseKey (hKey=0x264) returned 0x0 [0128.351] SetLastError (dwErrCode=0x0) [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="NAVENG") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="ccEvtMgr") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="NAV") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="NIS") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="NAVEX15") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="AVP") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="AVP15.0.0") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="AVP15.0.1") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="kl1") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="McComponentHostService") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="ekrn") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="egui") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="avgwd") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="BdfNdisf") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="avast! Antivirus") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="MsMpSvc") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="RsMgrSvc") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="fshoster") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="AVKProxy") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="MBAMService") returned -1 [0128.351] lstrcmpiW (lpString1="amdxata", lpString2="GbpSv") returned -1 [0128.351] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppID", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.351] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppID") returned 39 [0128.351] SetLastError (dwErrCode=0x0) [0128.351] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppID", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.352] SetLastError (dwErrCode=0x0) [0128.352] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.352] RegCloseKey (hKey=0x264) returned 0x0 [0128.352] SetLastError (dwErrCode=0x0) [0128.352] lstrcmpiW (lpString1="AppID", lpString2="NAVENG") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="ccEvtMgr") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="NAV") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="NIS") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="NAVEX15") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="AVP") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="AVP15.0.0") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="AVP15.0.1") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="kl1") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="McComponentHostService") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="ekrn") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="egui") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="avgwd") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="BdfNdisf") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="avast! Antivirus") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="MsMpSvc") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="RsMgrSvc") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="fshoster") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="AVKProxy") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="MBAMService") returned -1 [0128.352] lstrcmpiW (lpString1="AppID", lpString2="GbpSv") returned -1 [0128.352] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppIDSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.352] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppIDSvc") returned 42 [0128.352] SetLastError (dwErrCode=0x0) [0128.352] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppIDSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.353] SetLastError (dwErrCode=0x0) [0128.353] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.353] RegCloseKey (hKey=0x264) returned 0x0 [0128.353] SetLastError (dwErrCode=0x0) [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="NAVENG") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="ccEvtMgr") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="NAV") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="NIS") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="NAVEX15") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVP") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVP15.0.0") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVP15.0.1") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="kl1") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="McComponentHostService") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="ekrn") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="egui") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="avgwd") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="BdfNdisf") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="avast! Antivirus") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="MsMpSvc") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="RsMgrSvc") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="fshoster") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVKProxy") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="MBAMService") returned -1 [0128.353] lstrcmpiW (lpString1="AppIDSvc", lpString2="GbpSv") returned -1 [0128.353] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Appinfo", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.353] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Appinfo") returned 41 [0128.353] SetLastError (dwErrCode=0x0) [0128.353] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Appinfo", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.354] SetLastError (dwErrCode=0x0) [0128.354] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.354] RegCloseKey (hKey=0x264) returned 0x0 [0128.354] SetLastError (dwErrCode=0x0) [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="NAVENG") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="ccEvtMgr") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="NAV") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="NIS") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="NAVEX15") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="AVP") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="AVP15.0.0") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="AVP15.0.1") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="kl1") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="McComponentHostService") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="ekrn") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="egui") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="avgwd") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="BdfNdisf") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="avast! Antivirus") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="MsMpSvc") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="RsMgrSvc") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="fshoster") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="AVKProxy") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="MBAMService") returned -1 [0128.354] lstrcmpiW (lpString1="Appinfo", lpString2="GbpSv") returned -1 [0128.354] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppMgmt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.354] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppMgmt") returned 41 [0128.354] SetLastError (dwErrCode=0x0) [0128.354] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppMgmt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.355] SetLastError (dwErrCode=0x0) [0128.355] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.355] RegCloseKey (hKey=0x264) returned 0x0 [0128.355] SetLastError (dwErrCode=0x0) [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="NAVENG") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="ccEvtMgr") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="NAV") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="NIS") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="NAVEX15") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="AVP") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="AVP15.0.0") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="AVP15.0.1") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="kl1") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="McComponentHostService") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="ekrn") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="egui") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="avgwd") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="BdfNdisf") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="avast! Antivirus") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="MsMpSvc") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="RsMgrSvc") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="fshoster") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="AVKProxy") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="MBAMService") returned -1 [0128.355] lstrcmpiW (lpString1="AppMgmt", lpString2="GbpSv") returned -1 [0128.355] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x20, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppReadiness", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.355] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppReadiness") returned 46 [0128.355] SetLastError (dwErrCode=0x0) [0128.355] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppReadiness", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.356] SetLastError (dwErrCode=0x0) [0128.356] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.356] RegCloseKey (hKey=0x264) returned 0x0 [0128.356] SetLastError (dwErrCode=0x0) [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="NAVENG") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="ccEvtMgr") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="NAV") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="NIS") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="NAVEX15") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="AVP") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="AVP15.0.0") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="AVP15.0.1") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="kl1") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="McComponentHostService") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="ekrn") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="egui") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="avgwd") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="BdfNdisf") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="avast! Antivirus") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="MsMpSvc") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="RsMgrSvc") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="fshoster") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="AVKProxy") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="MBAMService") returned -1 [0128.356] lstrcmpiW (lpString1="AppReadiness", lpString2="GbpSv") returned -1 [0128.356] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x21, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppXSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.356] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppXSvc") returned 41 [0128.356] SetLastError (dwErrCode=0x0) [0128.356] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppXSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.357] SetLastError (dwErrCode=0x0) [0128.357] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.357] RegCloseKey (hKey=0x264) returned 0x0 [0128.357] SetLastError (dwErrCode=0x0) [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="NAVENG") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="ccEvtMgr") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="NAV") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="NIS") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="NAVEX15") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="AVP") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="AVP15.0.0") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="AVP15.0.1") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="kl1") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="McComponentHostService") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="ekrn") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="egui") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="avgwd") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="BdfNdisf") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="avast! Antivirus") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="MsMpSvc") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="RsMgrSvc") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="fshoster") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="AVKProxy") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="MBAMService") returned -1 [0128.357] lstrcmpiW (lpString1="AppXSvc", lpString2="GbpSv") returned -1 [0128.357] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x22, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="arcsas", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.357] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\arcsas") returned 40 [0128.357] SetLastError (dwErrCode=0x0) [0128.357] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\arcsas", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.358] SetLastError (dwErrCode=0x0) [0128.358] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.358] RegCloseKey (hKey=0x264) returned 0x0 [0128.358] SetLastError (dwErrCode=0x0) [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="NAVENG") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="ccEvtMgr") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="NAV") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="NIS") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="NAVEX15") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="AVP") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="AVP15.0.0") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="AVP15.0.1") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="kl1") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="McComponentHostService") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="ekrn") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="egui") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="avgwd") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="BdfNdisf") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="avast! Antivirus") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="MsMpSvc") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="RsMgrSvc") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="fshoster") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="AVKProxy") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="MBAMService") returned -1 [0128.358] lstrcmpiW (lpString1="arcsas", lpString2="GbpSv") returned -1 [0128.358] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x23, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AsyncMac", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.358] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AsyncMac") returned 42 [0128.358] SetLastError (dwErrCode=0x0) [0128.358] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AsyncMac", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.359] SetLastError (dwErrCode=0x0) [0128.359] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.359] RegCloseKey (hKey=0x264) returned 0x0 [0128.359] SetLastError (dwErrCode=0x0) [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="NAVENG") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="ccEvtMgr") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="NAV") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="NIS") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="NAVEX15") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="AVP") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="AVP15.0.0") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="AVP15.0.1") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="kl1") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="McComponentHostService") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="ekrn") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="egui") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="avgwd") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="BdfNdisf") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="avast! Antivirus") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="MsMpSvc") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="RsMgrSvc") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="fshoster") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="AVKProxy") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="MBAMService") returned -1 [0128.359] lstrcmpiW (lpString1="AsyncMac", lpString2="GbpSv") returned -1 [0128.359] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x24, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="atapi", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.359] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\atapi") returned 39 [0128.359] SetLastError (dwErrCode=0x0) [0128.359] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\atapi", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.360] SetLastError (dwErrCode=0x0) [0128.360] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.360] RegCloseKey (hKey=0x264) returned 0x0 [0128.360] SetLastError (dwErrCode=0x0) [0128.360] lstrcmpiW (lpString1="atapi", lpString2="NAVENG") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="ccEvtMgr") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="NAV") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="NIS") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="NAVEX15") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="AVP") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="AVP15.0.0") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="AVP15.0.1") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="kl1") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="McComponentHostService") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="ekrn") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="egui") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="avgwd") returned -1 [0128.360] lstrcmpiW (lpString1="atapi", lpString2="BdfNdisf") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="avast! Antivirus") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="MsMpSvc") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="RsMgrSvc") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="fshoster") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="AVKProxy") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="MBAMService") returned -1 [0128.361] lstrcmpiW (lpString1="atapi", lpString2="GbpSv") returned -1 [0128.361] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x25, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AudioEndpointBuilder", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.361] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AudioEndpointBuilder") returned 54 [0128.361] SetLastError (dwErrCode=0x0) [0128.362] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AudioEndpointBuilder", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.362] SetLastError (dwErrCode=0x0) [0128.362] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.362] RegCloseKey (hKey=0x264) returned 0x0 [0128.362] SetLastError (dwErrCode=0x0) [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NAVENG") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="ccEvtMgr") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NAV") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NIS") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NAVEX15") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVP") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVP15.0.0") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVP15.0.1") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="kl1") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="McComponentHostService") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="ekrn") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="egui") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="avgwd") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="BdfNdisf") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="avast! Antivirus") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="MsMpSvc") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="RsMgrSvc") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="fshoster") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVKProxy") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="MBAMService") returned -1 [0128.362] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="GbpSv") returned -1 [0128.362] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x26, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Audiosrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.362] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Audiosrv") returned 42 [0128.362] SetLastError (dwErrCode=0x0) [0128.363] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Audiosrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.363] SetLastError (dwErrCode=0x0) [0128.363] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.363] RegCloseKey (hKey=0x264) returned 0x0 [0128.363] SetLastError (dwErrCode=0x0) [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="NAVENG") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="ccEvtMgr") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="NAV") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="NIS") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="NAVEX15") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="AVP") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="AVP15.0.0") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="AVP15.0.1") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="kl1") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="McComponentHostService") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="ekrn") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="egui") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="avgwd") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="BdfNdisf") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="avast! Antivirus") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="MsMpSvc") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="RsMgrSvc") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="fshoster") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="AVKProxy") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="MBAMService") returned -1 [0128.363] lstrcmpiW (lpString1="Audiosrv", lpString2="GbpSv") returned -1 [0128.363] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x27, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AxInstSV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.363] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AxInstSV") returned 42 [0128.363] SetLastError (dwErrCode=0x0) [0128.364] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AxInstSV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.364] SetLastError (dwErrCode=0x0) [0128.364] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.364] RegCloseKey (hKey=0x264) returned 0x0 [0128.364] SetLastError (dwErrCode=0x0) [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="NAVENG") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="ccEvtMgr") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="NAV") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="NIS") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="NAVEX15") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="AVP") returned 1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="AVP15.0.0") returned 1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="AVP15.0.1") returned 1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="kl1") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="McComponentHostService") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="ekrn") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="egui") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="avgwd") returned 1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="BdfNdisf") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="avast! Antivirus") returned 1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="MsMpSvc") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="RsMgrSvc") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="fshoster") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="AVKProxy") returned 1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="MBAMService") returned -1 [0128.364] lstrcmpiW (lpString1="AxInstSV", lpString2="GbpSv") returned -1 [0128.364] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x28, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="b06bdrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.364] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\b06bdrv") returned 41 [0128.364] SetLastError (dwErrCode=0x0) [0128.364] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\b06bdrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.365] SetLastError (dwErrCode=0x0) [0128.365] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.365] RegCloseKey (hKey=0x264) returned 0x0 [0128.365] SetLastError (dwErrCode=0x0) [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="NAVENG") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="ccEvtMgr") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="NAV") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="NIS") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="NAVEX15") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="AVP") returned 1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="AVP15.0.0") returned 1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="AVP15.0.1") returned 1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="kl1") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="McComponentHostService") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="ekrn") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="egui") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="avgwd") returned 1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="BdfNdisf") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="avast! Antivirus") returned 1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="MsMpSvc") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="RsMgrSvc") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="fshoster") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="AVKProxy") returned 1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="MBAMService") returned -1 [0128.365] lstrcmpiW (lpString1="b06bdrv", lpString2="GbpSv") returned -1 [0128.365] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x29, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BasicDisplay", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.365] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BasicDisplay") returned 46 [0128.365] SetLastError (dwErrCode=0x0) [0128.365] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BasicDisplay", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.365] SetLastError (dwErrCode=0x0) [0128.365] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.365] RegCloseKey (hKey=0x264) returned 0x0 [0128.366] SetLastError (dwErrCode=0x0) [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="NAVENG") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="ccEvtMgr") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="NAV") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="NIS") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="NAVEX15") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVP") returned 1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVP15.0.0") returned 1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVP15.0.1") returned 1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="kl1") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="McComponentHostService") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="ekrn") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="egui") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="avgwd") returned 1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="BdfNdisf") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="avast! Antivirus") returned 1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="MsMpSvc") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="RsMgrSvc") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="fshoster") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVKProxy") returned 1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="MBAMService") returned -1 [0128.366] lstrcmpiW (lpString1="BasicDisplay", lpString2="GbpSv") returned -1 [0128.366] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BasicRender", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.366] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BasicRender") returned 45 [0128.366] SetLastError (dwErrCode=0x0) [0128.366] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BasicRender", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.366] SetLastError (dwErrCode=0x0) [0128.366] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.366] RegCloseKey (hKey=0x264) returned 0x0 [0128.366] SetLastError (dwErrCode=0x0) [0128.366] lstrcmpiW (lpString1="BasicRender", lpString2="NAVENG") returned -1 [0128.366] lstrcmpiW (lpString1="BasicRender", lpString2="ccEvtMgr") returned -1 [0128.366] lstrcmpiW (lpString1="BasicRender", lpString2="NAV") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="NIS") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="NAVEX15") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="AVP") returned 1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="AVP15.0.0") returned 1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="AVP15.0.1") returned 1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="kl1") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="McComponentHostService") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="ekrn") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="egui") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="avgwd") returned 1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="BdfNdisf") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="avast! Antivirus") returned 1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="MsMpSvc") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="RsMgrSvc") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="fshoster") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="AVKProxy") returned 1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="MBAMService") returned -1 [0128.367] lstrcmpiW (lpString1="BasicRender", lpString2="GbpSv") returned -1 [0128.367] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BattC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.367] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BattC") returned 39 [0128.367] SetLastError (dwErrCode=0x0) [0128.367] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BattC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.367] SetLastError (dwErrCode=0x0) [0128.367] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.367] RegCloseKey (hKey=0x264) returned 0x0 [0128.367] SetLastError (dwErrCode=0x0) [0128.367] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bcmfn2", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.367] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bcmfn2") returned 40 [0128.367] SetLastError (dwErrCode=0x0) [0128.367] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bcmfn2", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.368] SetLastError (dwErrCode=0x0) [0128.368] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.368] RegCloseKey (hKey=0x264) returned 0x0 [0128.368] SetLastError (dwErrCode=0x0) [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="NAVENG") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="ccEvtMgr") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="NAV") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="NIS") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="NAVEX15") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="AVP") returned 1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="AVP15.0.0") returned 1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="AVP15.0.1") returned 1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="kl1") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="McComponentHostService") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="ekrn") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="egui") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="avgwd") returned 1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="BdfNdisf") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="avast! Antivirus") returned 1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="MsMpSvc") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="RsMgrSvc") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="fshoster") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="AVKProxy") returned 1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="MBAMService") returned -1 [0128.368] lstrcmpiW (lpString1="bcmfn2", lpString2="GbpSv") returned -1 [0128.368] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BDESVC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.368] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BDESVC") returned 40 [0128.368] SetLastError (dwErrCode=0x0) [0128.368] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BDESVC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.368] SetLastError (dwErrCode=0x0) [0128.368] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.368] RegCloseKey (hKey=0x264) returned 0x0 [0128.369] SetLastError (dwErrCode=0x0) [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="NAVENG") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="ccEvtMgr") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="NAV") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="NIS") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="NAVEX15") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="AVP") returned 1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="AVP15.0.0") returned 1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="AVP15.0.1") returned 1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="kl1") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="McComponentHostService") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="ekrn") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="egui") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="avgwd") returned 1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="BdfNdisf") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="avast! Antivirus") returned 1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="MsMpSvc") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="RsMgrSvc") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="fshoster") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="AVKProxy") returned 1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="MBAMService") returned -1 [0128.369] lstrcmpiW (lpString1="BDESVC", lpString2="GbpSv") returned -1 [0128.369] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Beep", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.369] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Beep") returned 38 [0128.369] SetLastError (dwErrCode=0x0) [0128.369] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Beep", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.369] SetLastError (dwErrCode=0x0) [0128.369] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.369] RegCloseKey (hKey=0x264) returned 0x0 [0128.369] SetLastError (dwErrCode=0x0) [0128.369] lstrcmpiW (lpString1="Beep", lpString2="NAVENG") returned -1 [0128.369] lstrcmpiW (lpString1="Beep", lpString2="ccEvtMgr") returned -1 [0128.369] lstrcmpiW (lpString1="Beep", lpString2="NAV") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="NIS") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="NAVEX15") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="AVP") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="AVP15.0.0") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="AVP15.0.1") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="kl1") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="McComponentHostService") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="ekrn") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="egui") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="avgwd") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="BdfNdisf") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="avast! Antivirus") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="MsMpSvc") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="RsMgrSvc") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="fshoster") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="AVKProxy") returned 1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="MBAMService") returned -1 [0128.370] lstrcmpiW (lpString1="Beep", lpString2="GbpSv") returned -1 [0128.370] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x2f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BFE", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.370] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BFE") returned 37 [0128.370] SetLastError (dwErrCode=0x0) [0128.370] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BFE", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.370] SetLastError (dwErrCode=0x0) [0128.370] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.370] RegCloseKey (hKey=0x264) returned 0x0 [0128.370] SetLastError (dwErrCode=0x0) [0128.370] lstrcmpiW (lpString1="BFE", lpString2="NAVENG") returned -1 [0128.370] lstrcmpiW (lpString1="BFE", lpString2="ccEvtMgr") returned -1 [0128.370] lstrcmpiW (lpString1="BFE", lpString2="NAV") returned -1 [0128.370] lstrcmpiW (lpString1="BFE", lpString2="NIS") returned -1 [0128.370] lstrcmpiW (lpString1="BFE", lpString2="NAVEX15") returned -1 [0128.370] lstrcmpiW (lpString1="BFE", lpString2="AVP") returned 1 [0128.370] lstrcmpiW (lpString1="BFE", lpString2="AVP15.0.0") returned 1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="AVP15.0.1") returned 1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="kl1") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="McComponentHostService") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="ekrn") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="egui") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="avgwd") returned 1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="BdfNdisf") returned 1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="avast! Antivirus") returned 1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="MsMpSvc") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="RsMgrSvc") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="fshoster") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="AVKProxy") returned 1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="MBAMService") returned -1 [0128.371] lstrcmpiW (lpString1="BFE", lpString2="GbpSv") returned -1 [0128.371] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x30, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BITS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.371] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BITS") returned 38 [0128.371] SetLastError (dwErrCode=0x0) [0128.371] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BITS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.371] SetLastError (dwErrCode=0x0) [0128.371] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.371] RegCloseKey (hKey=0x264) returned 0x0 [0128.371] SetLastError (dwErrCode=0x0) [0128.371] lstrcmpiW (lpString1="BITS", lpString2="NAVENG") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="ccEvtMgr") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="NAV") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="NIS") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="NAVEX15") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="AVP") returned 1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="AVP15.0.0") returned 1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="AVP15.0.1") returned 1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="kl1") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="McComponentHostService") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="ekrn") returned -1 [0128.371] lstrcmpiW (lpString1="BITS", lpString2="egui") returned -1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="avgwd") returned 1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="BdfNdisf") returned 1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="avast! Antivirus") returned 1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="MsMpSvc") returned -1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="RsMgrSvc") returned -1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="fshoster") returned -1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="AVKProxy") returned 1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="MBAMService") returned -1 [0128.372] lstrcmpiW (lpString1="BITS", lpString2="GbpSv") returned -1 [0128.372] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x31, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bowser", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.372] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bowser") returned 40 [0128.372] SetLastError (dwErrCode=0x0) [0128.372] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bowser", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.372] SetLastError (dwErrCode=0x0) [0128.372] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.372] RegCloseKey (hKey=0x264) returned 0x0 [0128.372] SetLastError (dwErrCode=0x0) [0128.372] lstrcmpiW (lpString1="bowser", lpString2="NAVENG") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="ccEvtMgr") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="NAV") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="NIS") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="NAVEX15") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="AVP") returned 1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="AVP15.0.0") returned 1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="AVP15.0.1") returned 1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="kl1") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="McComponentHostService") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="ekrn") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="egui") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="avgwd") returned 1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="BdfNdisf") returned 1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="avast! Antivirus") returned 1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="MsMpSvc") returned -1 [0128.372] lstrcmpiW (lpString1="bowser", lpString2="RsMgrSvc") returned -1 [0128.373] lstrcmpiW (lpString1="bowser", lpString2="fshoster") returned -1 [0128.373] lstrcmpiW (lpString1="bowser", lpString2="AVKProxy") returned 1 [0128.373] lstrcmpiW (lpString1="bowser", lpString2="MBAMService") returned -1 [0128.373] lstrcmpiW (lpString1="bowser", lpString2="GbpSv") returned -1 [0128.373] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x32, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BrokerInfrastructure", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.373] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BrokerInfrastructure") returned 54 [0128.373] SetLastError (dwErrCode=0x0) [0128.373] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BrokerInfrastructure", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.373] SetLastError (dwErrCode=0x0) [0128.373] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.373] RegCloseKey (hKey=0x264) returned 0x0 [0128.373] SetLastError (dwErrCode=0x0) [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NAVENG") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="ccEvtMgr") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NAV") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NIS") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NAVEX15") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVP") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVP15.0.0") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVP15.0.1") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="kl1") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="McComponentHostService") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="ekrn") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="egui") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="avgwd") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="BdfNdisf") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="avast! Antivirus") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="MsMpSvc") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="RsMgrSvc") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="fshoster") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVKProxy") returned 1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="MBAMService") returned -1 [0128.373] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="GbpSv") returned -1 [0128.374] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x33, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Browser", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.374] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Browser") returned 41 [0128.374] SetLastError (dwErrCode=0x0) [0128.374] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Browser", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.374] SetLastError (dwErrCode=0x0) [0128.374] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.374] RegCloseKey (hKey=0x264) returned 0x0 [0128.374] SetLastError (dwErrCode=0x0) [0128.374] lstrcmpiW (lpString1="Browser", lpString2="NAVENG") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="ccEvtMgr") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="NAV") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="NIS") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="NAVEX15") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="AVP") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="AVP15.0.0") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="AVP15.0.1") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="kl1") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="McComponentHostService") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="ekrn") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="egui") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="avgwd") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="BdfNdisf") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="avast! Antivirus") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="MsMpSvc") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="RsMgrSvc") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="fshoster") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="AVKProxy") returned 1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="MBAMService") returned -1 [0128.374] lstrcmpiW (lpString1="Browser", lpString2="GbpSv") returned -1 [0128.374] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x34, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BthAvrcpTg", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.374] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BthAvrcpTg") returned 44 [0128.374] SetLastError (dwErrCode=0x0) [0128.375] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BthAvrcpTg", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.375] SetLastError (dwErrCode=0x0) [0128.375] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.375] RegCloseKey (hKey=0x264) returned 0x0 [0128.375] SetLastError (dwErrCode=0x0) [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NAVENG") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="ccEvtMgr") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NAV") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NIS") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NAVEX15") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVP") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVP15.0.0") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVP15.0.1") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="kl1") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="McComponentHostService") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="ekrn") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="egui") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="avgwd") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="BdfNdisf") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="avast! Antivirus") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="MsMpSvc") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="RsMgrSvc") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="fshoster") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVKProxy") returned 1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="MBAMService") returned -1 [0128.375] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="GbpSv") returned -1 [0128.375] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x35, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BthHFEnum", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.375] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BthHFEnum") returned 43 [0128.375] SetLastError (dwErrCode=0x0) [0128.375] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BthHFEnum", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.375] SetLastError (dwErrCode=0x0) [0128.376] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.376] RegCloseKey (hKey=0x264) returned 0x0 [0128.376] SetLastError (dwErrCode=0x0) [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="NAVENG") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="ccEvtMgr") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="NAV") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="NIS") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="NAVEX15") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVP") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVP15.0.0") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVP15.0.1") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="kl1") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="McComponentHostService") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="ekrn") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="egui") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="avgwd") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="BdfNdisf") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="avast! Antivirus") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="MsMpSvc") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="RsMgrSvc") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="fshoster") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVKProxy") returned 1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="MBAMService") returned -1 [0128.376] lstrcmpiW (lpString1="BthHFEnum", lpString2="GbpSv") returned -1 [0128.377] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x36, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bthhfhid", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.377] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bthhfhid") returned 42 [0128.377] SetLastError (dwErrCode=0x0) [0128.377] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bthhfhid", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.377] SetLastError (dwErrCode=0x0) [0128.377] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.377] RegCloseKey (hKey=0x264) returned 0x0 [0128.377] SetLastError (dwErrCode=0x0) [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="NAVENG") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="ccEvtMgr") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="NAV") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="NIS") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="NAVEX15") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="AVP") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="AVP15.0.0") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="AVP15.0.1") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="kl1") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="McComponentHostService") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="ekrn") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="egui") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="avgwd") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="BdfNdisf") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="avast! Antivirus") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="MsMpSvc") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="RsMgrSvc") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="fshoster") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="AVKProxy") returned 1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="MBAMService") returned -1 [0128.377] lstrcmpiW (lpString1="bthhfhid", lpString2="GbpSv") returned -1 [0128.377] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x37, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BthHFSrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.377] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BthHFSrv") returned 42 [0128.377] SetLastError (dwErrCode=0x0) [0128.378] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BthHFSrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.378] SetLastError (dwErrCode=0x0) [0128.378] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.378] RegCloseKey (hKey=0x264) returned 0x0 [0128.378] SetLastError (dwErrCode=0x0) [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="NAVENG") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="ccEvtMgr") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="NAV") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="NIS") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="NAVEX15") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVP") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVP15.0.0") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVP15.0.1") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="kl1") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="McComponentHostService") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="ekrn") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="egui") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="avgwd") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="BdfNdisf") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="avast! Antivirus") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="MsMpSvc") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="RsMgrSvc") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="fshoster") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVKProxy") returned 1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="MBAMService") returned -1 [0128.378] lstrcmpiW (lpString1="BthHFSrv", lpString2="GbpSv") returned -1 [0128.378] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x38, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BTHMODEM", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.378] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BTHMODEM") returned 42 [0128.378] SetLastError (dwErrCode=0x0) [0128.379] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BTHMODEM", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.379] SetLastError (dwErrCode=0x0) [0128.379] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.379] RegCloseKey (hKey=0x264) returned 0x0 [0128.379] SetLastError (dwErrCode=0x0) [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="NAVENG") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="ccEvtMgr") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="NAV") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="NIS") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="NAVEX15") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVP") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVP15.0.0") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVP15.0.1") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="kl1") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="McComponentHostService") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="ekrn") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="egui") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="avgwd") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="BdfNdisf") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="avast! Antivirus") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="MsMpSvc") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="RsMgrSvc") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="fshoster") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVKProxy") returned 1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="MBAMService") returned -1 [0128.379] lstrcmpiW (lpString1="BTHMODEM", lpString2="GbpSv") returned -1 [0128.379] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x39, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BTHPORT", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.379] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BTHPORT") returned 41 [0128.379] SetLastError (dwErrCode=0x0) [0128.379] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BTHPORT", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.380] SetLastError (dwErrCode=0x0) [0128.380] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.380] RegCloseKey (hKey=0x264) returned 0x0 [0128.380] SetLastError (dwErrCode=0x0) [0128.380] GetLastError () returned 0x0 [0128.380] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bthserv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.380] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bthserv") returned 41 [0128.380] SetLastError (dwErrCode=0x0) [0128.380] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bthserv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.380] SetLastError (dwErrCode=0x0) [0128.380] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.380] RegCloseKey (hKey=0x264) returned 0x0 [0128.380] SetLastError (dwErrCode=0x0) [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="NAVENG") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="ccEvtMgr") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="NAV") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="NIS") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="NAVEX15") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="AVP") returned 1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="AVP15.0.0") returned 1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="AVP15.0.1") returned 1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="kl1") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="McComponentHostService") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="ekrn") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="egui") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="avgwd") returned 1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="BdfNdisf") returned 1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="avast! Antivirus") returned 1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="MsMpSvc") returned -1 [0128.380] lstrcmpiW (lpString1="bthserv", lpString2="RsMgrSvc") returned -1 [0128.381] lstrcmpiW (lpString1="bthserv", lpString2="fshoster") returned -1 [0128.381] lstrcmpiW (lpString1="bthserv", lpString2="AVKProxy") returned 1 [0128.381] lstrcmpiW (lpString1="bthserv", lpString2="MBAMService") returned -1 [0128.381] lstrcmpiW (lpString1="bthserv", lpString2="GbpSv") returned -1 [0128.381] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="buttonconverter", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.381] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\buttonconverter") returned 49 [0128.381] SetLastError (dwErrCode=0x0) [0128.381] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\buttonconverter", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.381] SetLastError (dwErrCode=0x0) [0128.381] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.381] RegCloseKey (hKey=0x264) returned 0x0 [0128.381] SetLastError (dwErrCode=0x0) [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="NAVENG") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="ccEvtMgr") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="NAV") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="NIS") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="NAVEX15") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="AVP") returned 1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="AVP15.0.0") returned 1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="AVP15.0.1") returned 1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="kl1") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="McComponentHostService") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="ekrn") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="egui") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="avgwd") returned 1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="BdfNdisf") returned 1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="avast! Antivirus") returned 1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="MsMpSvc") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="RsMgrSvc") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="fshoster") returned -1 [0128.381] lstrcmpiW (lpString1="buttonconverter", lpString2="AVKProxy") returned 1 [0128.382] lstrcmpiW (lpString1="buttonconverter", lpString2="MBAMService") returned -1 [0128.382] lstrcmpiW (lpString1="buttonconverter", lpString2="GbpSv") returned -1 [0128.382] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CapImg", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.382] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CapImg") returned 40 [0128.382] SetLastError (dwErrCode=0x0) [0128.382] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CapImg", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.382] SetLastError (dwErrCode=0x0) [0128.382] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.382] RegCloseKey (hKey=0x264) returned 0x0 [0128.382] SetLastError (dwErrCode=0x0) [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="NAVENG") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="ccEvtMgr") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="NAV") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="NIS") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="NAVEX15") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="AVP") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="AVP15.0.0") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="AVP15.0.1") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="kl1") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="McComponentHostService") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="ekrn") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="egui") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="avgwd") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="BdfNdisf") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="avast! Antivirus") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="MsMpSvc") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="RsMgrSvc") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="fshoster") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="AVKProxy") returned 1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="MBAMService") returned -1 [0128.382] lstrcmpiW (lpString1="CapImg", lpString2="GbpSv") returned -1 [0128.383] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="cdfs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.383] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\cdfs") returned 38 [0128.383] SetLastError (dwErrCode=0x0) [0128.383] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\cdfs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.383] SetLastError (dwErrCode=0x0) [0128.383] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.383] RegCloseKey (hKey=0x264) returned 0x0 [0128.383] SetLastError (dwErrCode=0x0) [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="NAVENG") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="ccEvtMgr") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="NAV") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="NIS") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="NAVEX15") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="AVP") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="AVP15.0.0") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="AVP15.0.1") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="kl1") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="McComponentHostService") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="ekrn") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="egui") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="avgwd") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="BdfNdisf") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="avast! Antivirus") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="MsMpSvc") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="RsMgrSvc") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="fshoster") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="AVKProxy") returned 1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="MBAMService") returned -1 [0128.383] lstrcmpiW (lpString1="cdfs", lpString2="GbpSv") returned -1 [0128.383] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CDPSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.384] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CDPSvc") returned 40 [0128.384] SetLastError (dwErrCode=0x0) [0128.384] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CDPSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.384] SetLastError (dwErrCode=0x0) [0128.384] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.384] RegCloseKey (hKey=0x264) returned 0x0 [0128.384] SetLastError (dwErrCode=0x0) [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="NAVENG") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="ccEvtMgr") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="NAV") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="NIS") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="NAVEX15") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="AVP") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="AVP15.0.0") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="AVP15.0.1") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="kl1") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="McComponentHostService") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="ekrn") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="egui") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="avgwd") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="BdfNdisf") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="avast! Antivirus") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="MsMpSvc") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="RsMgrSvc") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="fshoster") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="AVKProxy") returned 1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="MBAMService") returned -1 [0128.384] lstrcmpiW (lpString1="CDPSvc", lpString2="GbpSv") returned -1 [0128.384] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x3f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="cdrom", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.384] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\cdrom") returned 39 [0128.384] SetLastError (dwErrCode=0x0) [0128.385] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\cdrom", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.385] SetLastError (dwErrCode=0x0) [0128.385] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.385] RegCloseKey (hKey=0x264) returned 0x0 [0128.385] SetLastError (dwErrCode=0x0) [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="NAVENG") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="ccEvtMgr") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="NAV") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="NIS") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="NAVEX15") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="AVP") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="AVP15.0.0") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="AVP15.0.1") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="kl1") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="McComponentHostService") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="ekrn") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="egui") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="avgwd") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="BdfNdisf") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="avast! Antivirus") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="MsMpSvc") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="RsMgrSvc") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="fshoster") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="AVKProxy") returned 1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="MBAMService") returned -1 [0128.385] lstrcmpiW (lpString1="cdrom", lpString2="GbpSv") returned -1 [0128.385] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x40, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CertPropSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.385] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CertPropSvc") returned 45 [0128.385] SetLastError (dwErrCode=0x0) [0128.385] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CertPropSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.386] SetLastError (dwErrCode=0x0) [0128.386] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.386] RegCloseKey (hKey=0x264) returned 0x0 [0128.386] SetLastError (dwErrCode=0x0) [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="NAVENG") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="ccEvtMgr") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="NAV") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="NIS") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="NAVEX15") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVP") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVP15.0.0") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVP15.0.1") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="kl1") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="McComponentHostService") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="ekrn") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="egui") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="avgwd") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="BdfNdisf") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="avast! Antivirus") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="MsMpSvc") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="RsMgrSvc") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="fshoster") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVKProxy") returned 1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="MBAMService") returned -1 [0128.386] lstrcmpiW (lpString1="CertPropSvc", lpString2="GbpSv") returned -1 [0128.386] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x41, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="circlass", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.386] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\circlass") returned 42 [0128.386] SetLastError (dwErrCode=0x0) [0128.386] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\circlass", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.387] SetLastError (dwErrCode=0x0) [0128.387] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.387] RegCloseKey (hKey=0x264) returned 0x0 [0128.387] SetLastError (dwErrCode=0x0) [0128.387] lstrcmpiW (lpString1="circlass", lpString2="NAVENG") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="ccEvtMgr") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="NAV") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="NIS") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="NAVEX15") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="AVP") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="AVP15.0.0") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="AVP15.0.1") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="kl1") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="McComponentHostService") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="ekrn") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="egui") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="avgwd") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="BdfNdisf") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="avast! Antivirus") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="MsMpSvc") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="RsMgrSvc") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="fshoster") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="AVKProxy") returned 1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="MBAMService") returned -1 [0128.387] lstrcmpiW (lpString1="circlass", lpString2="GbpSv") returned -1 [0128.387] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x42, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CLFS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.387] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CLFS") returned 38 [0128.387] SetLastError (dwErrCode=0x0) [0128.387] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CLFS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.388] SetLastError (dwErrCode=0x0) [0128.388] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.388] RegCloseKey (hKey=0x264) returned 0x0 [0128.388] SetLastError (dwErrCode=0x0) [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="NAVENG") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="ccEvtMgr") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="NAV") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="NIS") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="NAVEX15") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="AVP") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="AVP15.0.0") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="AVP15.0.1") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="kl1") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="McComponentHostService") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="ekrn") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="egui") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="avgwd") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="BdfNdisf") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="avast! Antivirus") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="MsMpSvc") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="RsMgrSvc") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="fshoster") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="AVKProxy") returned 1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="MBAMService") returned -1 [0128.388] lstrcmpiW (lpString1="CLFS", lpString2="GbpSv") returned -1 [0128.388] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x43, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ClickToRunSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.388] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ClickToRunSvc") returned 47 [0128.388] SetLastError (dwErrCode=0x0) [0128.388] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ClickToRunSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.388] SetLastError (dwErrCode=0x0) [0128.389] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.389] RegCloseKey (hKey=0x264) returned 0x0 [0128.389] SetLastError (dwErrCode=0x0) [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NAVENG") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="ccEvtMgr") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NAV") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NIS") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NAVEX15") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVP") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVP15.0.0") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVP15.0.1") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="kl1") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="McComponentHostService") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="ekrn") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="egui") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="avgwd") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="BdfNdisf") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="avast! Antivirus") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="MsMpSvc") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="RsMgrSvc") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="fshoster") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVKProxy") returned 1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="MBAMService") returned -1 [0128.389] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="GbpSv") returned -1 [0128.389] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x44, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ClipSVC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.389] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ClipSVC") returned 41 [0128.389] SetLastError (dwErrCode=0x0) [0128.389] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ClipSVC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.389] SetLastError (dwErrCode=0x0) [0128.390] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.390] RegCloseKey (hKey=0x264) returned 0x0 [0128.390] SetLastError (dwErrCode=0x0) [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="NAVENG") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="ccEvtMgr") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="NAV") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="NIS") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="NAVEX15") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="AVP") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="AVP15.0.0") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="AVP15.0.1") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="kl1") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="McComponentHostService") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="ekrn") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="egui") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="avgwd") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="BdfNdisf") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="avast! Antivirus") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="MsMpSvc") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="RsMgrSvc") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="fshoster") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="AVKProxy") returned 1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="MBAMService") returned -1 [0128.390] lstrcmpiW (lpString1="ClipSVC", lpString2="GbpSv") returned -1 [0128.390] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x45, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v2.0.50727_32", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.390] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_32") returned 64 [0128.390] SetLastError (dwErrCode=0x0) [0128.390] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_32", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.390] SetLastError (dwErrCode=0x0) [0128.390] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.390] RegCloseKey (hKey=0x264) returned 0x0 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x46, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v2.0.50727_64", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.391] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_64") returned 64 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_64", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.391] RegCloseKey (hKey=0x264) returned 0x0 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x47, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v4.0.30319_32", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.391] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_32") returned 64 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_32", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.391] RegCloseKey (hKey=0x264) returned 0x0 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x48, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v4.0.30319_64", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.391] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_64") returned 64 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_64", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.391] SetLastError (dwErrCode=0x0) [0128.391] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.391] RegCloseKey (hKey=0x264) returned 0x0 [0128.392] SetLastError (dwErrCode=0x0) [0128.392] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x49, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CmBatt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.392] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CmBatt") returned 40 [0128.392] SetLastError (dwErrCode=0x0) [0128.392] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CmBatt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.392] SetLastError (dwErrCode=0x0) [0128.392] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.392] RegCloseKey (hKey=0x264) returned 0x0 [0128.392] SetLastError (dwErrCode=0x0) [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="NAVENG") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="ccEvtMgr") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="NAV") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="NIS") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="NAVEX15") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="AVP") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="AVP15.0.0") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="AVP15.0.1") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="kl1") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="McComponentHostService") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="ekrn") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="egui") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="avgwd") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="BdfNdisf") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="avast! Antivirus") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="MsMpSvc") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="RsMgrSvc") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="fshoster") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="AVKProxy") returned 1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="MBAMService") returned -1 [0128.392] lstrcmpiW (lpString1="CmBatt", lpString2="GbpSv") returned -1 [0128.392] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CNG", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.393] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CNG") returned 37 [0128.393] SetLastError (dwErrCode=0x0) [0128.393] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CNG", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.393] SetLastError (dwErrCode=0x0) [0128.393] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.393] RegCloseKey (hKey=0x264) returned 0x0 [0128.393] SetLastError (dwErrCode=0x0) [0128.393] lstrcmpiW (lpString1="CNG", lpString2="NAVENG") returned -1 [0128.393] lstrcmpiW (lpString1="CNG", lpString2="ccEvtMgr") returned 1 [0128.393] lstrcmpiW (lpString1="CNG", lpString2="NAV") returned -1 [0128.393] lstrcmpiW (lpString1="CNG", lpString2="NIS") returned -1 [0128.393] lstrcmpiW (lpString1="CNG", lpString2="NAVEX15") returned -1 [0128.393] lstrcmpiW (lpString1="CNG", lpString2="AVP") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="AVP15.0.0") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="AVP15.0.1") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="kl1") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="McComponentHostService") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="ekrn") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="egui") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="avgwd") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="BdfNdisf") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="avast! Antivirus") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="MsMpSvc") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="RsMgrSvc") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="fshoster") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="AVKProxy") returned 1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="MBAMService") returned -1 [0128.394] lstrcmpiW (lpString1="CNG", lpString2="GbpSv") returned -1 [0128.394] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="cnghwassist", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.394] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\cnghwassist") returned 45 [0128.394] SetLastError (dwErrCode=0x0) [0128.394] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\cnghwassist", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.394] SetLastError (dwErrCode=0x0) [0128.394] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.394] RegCloseKey (hKey=0x264) returned 0x0 [0128.394] SetLastError (dwErrCode=0x0) [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="NAVENG") returned -1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="ccEvtMgr") returned 1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="NAV") returned -1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="NIS") returned -1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="NAVEX15") returned -1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="AVP") returned 1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="AVP15.0.0") returned 1 [0128.394] lstrcmpiW (lpString1="cnghwassist", lpString2="AVP15.0.1") returned 1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="kl1") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="McComponentHostService") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="ekrn") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="egui") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="avgwd") returned 1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="BdfNdisf") returned 1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="avast! Antivirus") returned 1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="MsMpSvc") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="RsMgrSvc") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="fshoster") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="AVKProxy") returned 1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="MBAMService") returned -1 [0128.395] lstrcmpiW (lpString1="cnghwassist", lpString2="GbpSv") returned -1 [0128.395] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CompositeBus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.395] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CompositeBus") returned 46 [0128.395] SetLastError (dwErrCode=0x0) [0128.395] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CompositeBus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.395] SetLastError (dwErrCode=0x0) [0128.395] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.395] RegCloseKey (hKey=0x264) returned 0x0 [0128.395] SetLastError (dwErrCode=0x0) [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="NAVENG") returned -1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="ccEvtMgr") returned 1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="NAV") returned -1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="NIS") returned -1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="NAVEX15") returned -1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="AVP") returned 1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="AVP15.0.0") returned 1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="AVP15.0.1") returned 1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="kl1") returned -1 [0128.395] lstrcmpiW (lpString1="CompositeBus", lpString2="McComponentHostService") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="ekrn") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="egui") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="avgwd") returned 1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="BdfNdisf") returned 1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="avast! Antivirus") returned 1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="MsMpSvc") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="RsMgrSvc") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="fshoster") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="AVKProxy") returned 1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="MBAMService") returned -1 [0128.396] lstrcmpiW (lpString1="CompositeBus", lpString2="GbpSv") returned -1 [0128.396] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="COMSysApp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.396] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\COMSysApp") returned 43 [0128.396] SetLastError (dwErrCode=0x0) [0128.396] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\COMSysApp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.396] SetLastError (dwErrCode=0x0) [0128.396] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.396] RegCloseKey (hKey=0x264) returned 0x0 [0128.396] SetLastError (dwErrCode=0x0) [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="NAVENG") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="ccEvtMgr") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="NAV") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="NIS") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="NAVEX15") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="AVP") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="AVP15.0.0") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="AVP15.0.1") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="kl1") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="McComponentHostService") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="ekrn") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="egui") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="avgwd") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="BdfNdisf") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="avast! Antivirus") returned 1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="MsMpSvc") returned -1 [0128.396] lstrcmpiW (lpString1="COMSysApp", lpString2="RsMgrSvc") returned -1 [0128.397] lstrcmpiW (lpString1="COMSysApp", lpString2="fshoster") returned -1 [0128.397] lstrcmpiW (lpString1="COMSysApp", lpString2="AVKProxy") returned 1 [0128.397] lstrcmpiW (lpString1="COMSysApp", lpString2="MBAMService") returned -1 [0128.397] lstrcmpiW (lpString1="COMSysApp", lpString2="GbpSv") returned -1 [0128.397] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="condrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.397] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\condrv") returned 40 [0128.397] SetLastError (dwErrCode=0x0) [0128.397] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\condrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.397] SetLastError (dwErrCode=0x0) [0128.397] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.397] RegCloseKey (hKey=0x264) returned 0x0 [0128.397] SetLastError (dwErrCode=0x0) [0128.397] lstrcmpiW (lpString1="condrv", lpString2="NAVENG") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="ccEvtMgr") returned 1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="NAV") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="NIS") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="NAVEX15") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="AVP") returned 1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="AVP15.0.0") returned 1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="AVP15.0.1") returned 1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="kl1") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="McComponentHostService") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="ekrn") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="egui") returned -1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="avgwd") returned 1 [0128.397] lstrcmpiW (lpString1="condrv", lpString2="BdfNdisf") returned 1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="avast! Antivirus") returned 1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="MsMpSvc") returned -1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="RsMgrSvc") returned -1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="fshoster") returned -1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="AVKProxy") returned 1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="MBAMService") returned -1 [0128.398] lstrcmpiW (lpString1="condrv", lpString2="GbpSv") returned -1 [0128.398] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x4f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CoreMessagingRegistrar", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.398] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CoreMessagingRegistrar") returned 56 [0128.398] SetLastError (dwErrCode=0x0) [0128.398] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CoreMessagingRegistrar", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.398] SetLastError (dwErrCode=0x0) [0128.398] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.398] RegCloseKey (hKey=0x264) returned 0x0 [0128.398] SetLastError (dwErrCode=0x0) [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NAVENG") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="ccEvtMgr") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NAV") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NIS") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NAVEX15") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVP") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVP15.0.0") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVP15.0.1") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="kl1") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="McComponentHostService") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="ekrn") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="egui") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="avgwd") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="BdfNdisf") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="avast! Antivirus") returned 1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="MsMpSvc") returned -1 [0128.398] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="RsMgrSvc") returned -1 [0128.399] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="fshoster") returned -1 [0128.399] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVKProxy") returned 1 [0128.399] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="MBAMService") returned -1 [0128.399] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="GbpSv") returned -1 [0128.399] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x50, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CoreUI", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.399] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CoreUI") returned 40 [0128.399] SetLastError (dwErrCode=0x0) [0128.399] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CoreUI", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.399] SetLastError (dwErrCode=0x0) [0128.399] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.399] RegCloseKey (hKey=0x264) returned 0x0 [0128.399] SetLastError (dwErrCode=0x0) [0128.399] GetLastError () returned 0x0 [0128.399] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x51, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="crypt32", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.399] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\crypt32") returned 41 [0128.399] SetLastError (dwErrCode=0x0) [0128.399] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\crypt32", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.399] SetLastError (dwErrCode=0x0) [0128.399] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.399] RegCloseKey (hKey=0x264) returned 0x0 [0128.399] SetLastError (dwErrCode=0x0) [0128.399] GetLastError () returned 0x0 [0128.399] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x52, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CryptSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.399] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CryptSvc") returned 42 [0128.400] SetLastError (dwErrCode=0x0) [0128.400] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CryptSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.400] SetLastError (dwErrCode=0x0) [0128.400] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.400] RegCloseKey (hKey=0x264) returned 0x0 [0128.400] SetLastError (dwErrCode=0x0) [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="NAVENG") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="ccEvtMgr") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="NAV") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="NIS") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="NAVEX15") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="AVP") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="AVP15.0.0") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="AVP15.0.1") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="kl1") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="McComponentHostService") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="ekrn") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="egui") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="avgwd") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="BdfNdisf") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="avast! Antivirus") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="MsMpSvc") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="RsMgrSvc") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="fshoster") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="AVKProxy") returned 1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="MBAMService") returned -1 [0128.400] lstrcmpiW (lpString1="CryptSvc", lpString2="GbpSv") returned -1 [0128.400] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x53, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CSC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.400] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CSC") returned 37 [0128.401] SetLastError (dwErrCode=0x0) [0128.401] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CSC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.401] SetLastError (dwErrCode=0x0) [0128.401] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.401] RegCloseKey (hKey=0x264) returned 0x0 [0128.401] SetLastError (dwErrCode=0x0) [0128.401] lstrcmpiW (lpString1="CSC", lpString2="NAVENG") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="ccEvtMgr") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="NAV") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="NIS") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="NAVEX15") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="AVP") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="AVP15.0.0") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="AVP15.0.1") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="kl1") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="McComponentHostService") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="ekrn") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="egui") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="avgwd") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="BdfNdisf") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="avast! Antivirus") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="MsMpSvc") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="RsMgrSvc") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="fshoster") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="AVKProxy") returned 1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="MBAMService") returned -1 [0128.401] lstrcmpiW (lpString1="CSC", lpString2="GbpSv") returned -1 [0128.401] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x54, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CscService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.401] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CscService") returned 44 [0128.401] SetLastError (dwErrCode=0x0) [0128.401] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CscService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.402] SetLastError (dwErrCode=0x0) [0128.402] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.402] RegCloseKey (hKey=0x264) returned 0x0 [0128.402] SetLastError (dwErrCode=0x0) [0128.402] lstrcmpiW (lpString1="CscService", lpString2="NAVENG") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="ccEvtMgr") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="NAV") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="NIS") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="NAVEX15") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="AVP") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="AVP15.0.0") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="AVP15.0.1") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="kl1") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="McComponentHostService") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="ekrn") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="egui") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="avgwd") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="BdfNdisf") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="avast! Antivirus") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="MsMpSvc") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="RsMgrSvc") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="fshoster") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="AVKProxy") returned 1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="MBAMService") returned -1 [0128.402] lstrcmpiW (lpString1="CscService", lpString2="GbpSv") returned -1 [0128.402] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x55, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dam", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.402] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dam") returned 37 [0128.402] SetLastError (dwErrCode=0x0) [0128.402] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dam", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.403] SetLastError (dwErrCode=0x0) [0128.403] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.403] RegCloseKey (hKey=0x264) returned 0x0 [0128.403] SetLastError (dwErrCode=0x0) [0128.403] lstrcmpiW (lpString1="dam", lpString2="NAVENG") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="ccEvtMgr") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="NAV") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="NIS") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="NAVEX15") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="AVP") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="AVP15.0.0") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="AVP15.0.1") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="kl1") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="McComponentHostService") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="ekrn") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="egui") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="avgwd") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="BdfNdisf") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="avast! Antivirus") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="MsMpSvc") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="RsMgrSvc") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="fshoster") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="AVKProxy") returned 1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="MBAMService") returned -1 [0128.403] lstrcmpiW (lpString1="dam", lpString2="GbpSv") returned -1 [0128.403] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x56, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DCLocator", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.403] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DCLocator") returned 43 [0128.403] SetLastError (dwErrCode=0x0) [0128.403] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DCLocator", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.403] SetLastError (dwErrCode=0x0) [0128.404] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.404] RegCloseKey (hKey=0x264) returned 0x0 [0128.404] SetLastError (dwErrCode=0x0) [0128.404] GetLastError () returned 0x0 [0128.404] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x57, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DcomLaunch", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.404] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DcomLaunch") returned 44 [0128.404] SetLastError (dwErrCode=0x0) [0128.404] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DcomLaunch", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.404] SetLastError (dwErrCode=0x0) [0128.404] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.404] RegCloseKey (hKey=0x264) returned 0x0 [0128.404] SetLastError (dwErrCode=0x0) [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="NAVENG") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="ccEvtMgr") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="NAV") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="NIS") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="NAVEX15") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVP") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVP15.0.0") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVP15.0.1") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="kl1") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="McComponentHostService") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="ekrn") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="egui") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="avgwd") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="BdfNdisf") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="avast! Antivirus") returned 1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="MsMpSvc") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="RsMgrSvc") returned -1 [0128.404] lstrcmpiW (lpString1="DcomLaunch", lpString2="fshoster") returned -1 [0128.405] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVKProxy") returned 1 [0128.405] lstrcmpiW (lpString1="DcomLaunch", lpString2="MBAMService") returned -1 [0128.405] lstrcmpiW (lpString1="DcomLaunch", lpString2="GbpSv") returned -1 [0128.405] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x58, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DcpSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.405] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DcpSvc") returned 40 [0128.405] SetLastError (dwErrCode=0x0) [0128.405] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DcpSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.405] SetLastError (dwErrCode=0x0) [0128.405] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.405] RegCloseKey (hKey=0x264) returned 0x0 [0128.405] SetLastError (dwErrCode=0x0) [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="NAVENG") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="ccEvtMgr") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="NAV") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="NIS") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="NAVEX15") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="AVP") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="AVP15.0.0") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="AVP15.0.1") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="kl1") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="McComponentHostService") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="ekrn") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="egui") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="avgwd") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="BdfNdisf") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="avast! Antivirus") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="MsMpSvc") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="RsMgrSvc") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="fshoster") returned -1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="AVKProxy") returned 1 [0128.405] lstrcmpiW (lpString1="DcpSvc", lpString2="MBAMService") returned -1 [0128.406] lstrcmpiW (lpString1="DcpSvc", lpString2="GbpSv") returned -1 [0128.406] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x59, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="defragsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.406] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\defragsvc") returned 43 [0128.406] SetLastError (dwErrCode=0x0) [0128.406] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\defragsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.406] SetLastError (dwErrCode=0x0) [0128.406] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.406] RegCloseKey (hKey=0x264) returned 0x0 [0128.406] SetLastError (dwErrCode=0x0) [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="NAVENG") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="ccEvtMgr") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="NAV") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="NIS") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="NAVEX15") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="AVP") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="AVP15.0.0") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="AVP15.0.1") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="kl1") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="McComponentHostService") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="ekrn") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="egui") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="avgwd") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="BdfNdisf") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="avast! Antivirus") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="MsMpSvc") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="RsMgrSvc") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="fshoster") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="AVKProxy") returned 1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="MBAMService") returned -1 [0128.406] lstrcmpiW (lpString1="defragsvc", lpString2="GbpSv") returned -1 [0128.406] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DeviceAssociationService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.407] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DeviceAssociationService") returned 58 [0128.407] SetLastError (dwErrCode=0x0) [0128.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DeviceAssociationService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.407] SetLastError (dwErrCode=0x0) [0128.407] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.407] RegCloseKey (hKey=0x264) returned 0x0 [0128.407] SetLastError (dwErrCode=0x0) [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NAVENG") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="ccEvtMgr") returned 1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NAV") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NIS") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NAVEX15") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVP") returned 1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVP15.0.0") returned 1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVP15.0.1") returned 1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="kl1") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="McComponentHostService") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="ekrn") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="egui") returned -1 [0128.407] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="avgwd") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="BdfNdisf") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="avast! Antivirus") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="MsMpSvc") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="RsMgrSvc") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="fshoster") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVKProxy") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="MBAMService") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="GbpSv") returned -1 [0128.408] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DeviceInstall", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.408] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DeviceInstall") returned 47 [0128.408] SetLastError (dwErrCode=0x0) [0128.408] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DeviceInstall", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.408] SetLastError (dwErrCode=0x0) [0128.408] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.408] RegCloseKey (hKey=0x264) returned 0x0 [0128.408] SetLastError (dwErrCode=0x0) [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="NAVENG") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="ccEvtMgr") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="NAV") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="NIS") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="NAVEX15") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVP") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVP15.0.0") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVP15.0.1") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="kl1") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="McComponentHostService") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="ekrn") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="egui") returned -1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="avgwd") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="BdfNdisf") returned 1 [0128.408] lstrcmpiW (lpString1="DeviceInstall", lpString2="avast! Antivirus") returned 1 [0128.409] lstrcmpiW (lpString1="DeviceInstall", lpString2="MsMpSvc") returned -1 [0128.409] lstrcmpiW (lpString1="DeviceInstall", lpString2="RsMgrSvc") returned -1 [0128.409] lstrcmpiW (lpString1="DeviceInstall", lpString2="fshoster") returned -1 [0128.409] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVKProxy") returned 1 [0128.409] lstrcmpiW (lpString1="DeviceInstall", lpString2="MBAMService") returned -1 [0128.409] lstrcmpiW (lpString1="DeviceInstall", lpString2="GbpSv") returned -1 [0128.409] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DevQueryBroker", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.409] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DevQueryBroker") returned 48 [0128.409] SetLastError (dwErrCode=0x0) [0128.409] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DevQueryBroker", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.409] SetLastError (dwErrCode=0x0) [0128.409] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.409] RegCloseKey (hKey=0x264) returned 0x0 [0128.409] SetLastError (dwErrCode=0x0) [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NAVENG") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="ccEvtMgr") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NAV") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NIS") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NAVEX15") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVP") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVP15.0.0") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVP15.0.1") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="kl1") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="McComponentHostService") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="ekrn") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="egui") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="avgwd") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="BdfNdisf") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="avast! Antivirus") returned 1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="MsMpSvc") returned -1 [0128.409] lstrcmpiW (lpString1="DevQueryBroker", lpString2="RsMgrSvc") returned -1 [0128.410] lstrcmpiW (lpString1="DevQueryBroker", lpString2="fshoster") returned -1 [0128.410] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVKProxy") returned 1 [0128.410] lstrcmpiW (lpString1="DevQueryBroker", lpString2="MBAMService") returned -1 [0128.410] lstrcmpiW (lpString1="DevQueryBroker", lpString2="GbpSv") returned -1 [0128.410] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Dfsc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.410] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Dfsc") returned 38 [0128.410] SetLastError (dwErrCode=0x0) [0128.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Dfsc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.410] SetLastError (dwErrCode=0x0) [0128.410] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.410] RegCloseKey (hKey=0x264) returned 0x0 [0128.410] SetLastError (dwErrCode=0x0) [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="NAVENG") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="ccEvtMgr") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="NAV") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="NIS") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="NAVEX15") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="AVP") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="AVP15.0.0") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="AVP15.0.1") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="kl1") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="McComponentHostService") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="ekrn") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="egui") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="avgwd") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="BdfNdisf") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="avast! Antivirus") returned 1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="MsMpSvc") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="RsMgrSvc") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="fshoster") returned -1 [0128.410] lstrcmpiW (lpString1="Dfsc", lpString2="AVKProxy") returned 1 [0128.411] lstrcmpiW (lpString1="Dfsc", lpString2="MBAMService") returned -1 [0128.411] lstrcmpiW (lpString1="Dfsc", lpString2="GbpSv") returned -1 [0128.411] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Dhcp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.411] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Dhcp") returned 38 [0128.411] SetLastError (dwErrCode=0x0) [0128.411] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Dhcp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.411] SetLastError (dwErrCode=0x0) [0128.411] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.411] RegCloseKey (hKey=0x264) returned 0x0 [0128.411] SetLastError (dwErrCode=0x0) [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="NAVENG") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="ccEvtMgr") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="NAV") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="NIS") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="NAVEX15") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="AVP") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="AVP15.0.0") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="AVP15.0.1") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="kl1") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="McComponentHostService") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="ekrn") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="egui") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="avgwd") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="BdfNdisf") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="avast! Antivirus") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="MsMpSvc") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="RsMgrSvc") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="fshoster") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="AVKProxy") returned 1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="MBAMService") returned -1 [0128.411] lstrcmpiW (lpString1="Dhcp", lpString2="GbpSv") returned -1 [0128.411] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x5f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="diagnosticshub.standardcollector.service", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.412] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\diagnosticshub.standardcollector.service") returned 74 [0128.412] SetLastError (dwErrCode=0x0) [0128.412] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\diagnosticshub.standardcollector.service", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.412] SetLastError (dwErrCode=0x0) [0128.412] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.412] RegCloseKey (hKey=0x264) returned 0x0 [0128.412] SetLastError (dwErrCode=0x0) [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NAVENG") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="ccEvtMgr") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NAV") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NIS") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NAVEX15") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVP") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVP15.0.0") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVP15.0.1") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="kl1") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="McComponentHostService") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="ekrn") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="egui") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="avgwd") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="BdfNdisf") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="avast! Antivirus") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="MsMpSvc") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="RsMgrSvc") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="fshoster") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVKProxy") returned 1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="MBAMService") returned -1 [0128.412] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="GbpSv") returned -1 [0128.412] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x60, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DiagTrack", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.413] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DiagTrack") returned 43 [0128.413] SetLastError (dwErrCode=0x0) [0128.413] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DiagTrack", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.413] SetLastError (dwErrCode=0x0) [0128.413] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.413] RegCloseKey (hKey=0x264) returned 0x0 [0128.413] SetLastError (dwErrCode=0x0) [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="NAVENG") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="ccEvtMgr") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="NAV") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="NIS") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="NAVEX15") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="AVP") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="AVP15.0.0") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="AVP15.0.1") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="kl1") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="McComponentHostService") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="ekrn") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="egui") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="avgwd") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="BdfNdisf") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="avast! Antivirus") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="MsMpSvc") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="RsMgrSvc") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="fshoster") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="AVKProxy") returned 1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="MBAMService") returned -1 [0128.413] lstrcmpiW (lpString1="DiagTrack", lpString2="GbpSv") returned -1 [0128.413] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x61, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="disk", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.413] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\disk") returned 38 [0128.413] SetLastError (dwErrCode=0x0) [0128.413] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\disk", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.414] SetLastError (dwErrCode=0x0) [0128.414] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.414] RegCloseKey (hKey=0x264) returned 0x0 [0128.414] SetLastError (dwErrCode=0x0) [0128.414] lstrcmpiW (lpString1="disk", lpString2="NAVENG") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="ccEvtMgr") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="NAV") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="NIS") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="NAVEX15") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="AVP") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="AVP15.0.0") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="AVP15.0.1") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="kl1") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="McComponentHostService") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="ekrn") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="egui") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="avgwd") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="BdfNdisf") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="avast! Antivirus") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="MsMpSvc") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="RsMgrSvc") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="fshoster") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="AVKProxy") returned 1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="MBAMService") returned -1 [0128.414] lstrcmpiW (lpString1="disk", lpString2="GbpSv") returned -1 [0128.414] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x62, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DmEnrollmentSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.414] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DmEnrollmentSvc") returned 49 [0128.414] SetLastError (dwErrCode=0x0) [0128.414] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DmEnrollmentSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.414] SetLastError (dwErrCode=0x0) [0128.415] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.415] RegCloseKey (hKey=0x264) returned 0x0 [0128.415] SetLastError (dwErrCode=0x0) [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NAVENG") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="ccEvtMgr") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NAV") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NIS") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NAVEX15") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVP") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVP15.0.0") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVP15.0.1") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="kl1") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="McComponentHostService") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="ekrn") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="egui") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="avgwd") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="BdfNdisf") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="avast! Antivirus") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="MsMpSvc") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="RsMgrSvc") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="fshoster") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVKProxy") returned 1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="MBAMService") returned -1 [0128.415] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="GbpSv") returned -1 [0128.415] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x63, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dmvsc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.415] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dmvsc") returned 39 [0128.415] SetLastError (dwErrCode=0x0) [0128.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dmvsc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.415] SetLastError (dwErrCode=0x0) [0128.415] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.415] RegCloseKey (hKey=0x264) returned 0x0 [0128.416] SetLastError (dwErrCode=0x0) [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="NAVENG") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="ccEvtMgr") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="NAV") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="NIS") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="NAVEX15") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="AVP") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="AVP15.0.0") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="AVP15.0.1") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="kl1") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="McComponentHostService") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="ekrn") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="egui") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="avgwd") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="BdfNdisf") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="avast! Antivirus") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="MsMpSvc") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="RsMgrSvc") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="fshoster") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="AVKProxy") returned 1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="MBAMService") returned -1 [0128.416] lstrcmpiW (lpString1="dmvsc", lpString2="GbpSv") returned -1 [0128.416] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x64, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dmwappushservice", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.416] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dmwappushservice") returned 50 [0128.416] SetLastError (dwErrCode=0x0) [0128.416] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dmwappushservice", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.416] SetLastError (dwErrCode=0x0) [0128.416] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.416] RegCloseKey (hKey=0x264) returned 0x0 [0128.417] SetLastError (dwErrCode=0x0) [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="NAVENG") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="ccEvtMgr") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="NAV") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="NIS") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="NAVEX15") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVP") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVP15.0.0") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVP15.0.1") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="kl1") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="McComponentHostService") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="ekrn") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="egui") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="avgwd") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="BdfNdisf") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="avast! Antivirus") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="MsMpSvc") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="RsMgrSvc") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="fshoster") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVKProxy") returned 1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="MBAMService") returned -1 [0128.417] lstrcmpiW (lpString1="dmwappushservice", lpString2="GbpSv") returned -1 [0128.417] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x65, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Dnscache", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.417] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Dnscache") returned 42 [0128.417] SetLastError (dwErrCode=0x0) [0128.417] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Dnscache", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.417] SetLastError (dwErrCode=0x0) [0128.417] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.417] RegCloseKey (hKey=0x264) returned 0x0 [0128.417] SetLastError (dwErrCode=0x0) [0128.417] lstrcmpiW (lpString1="Dnscache", lpString2="NAVENG") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="ccEvtMgr") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="NAV") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="NIS") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="NAVEX15") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="AVP") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="AVP15.0.0") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="AVP15.0.1") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="kl1") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="McComponentHostService") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="ekrn") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="egui") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="avgwd") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="BdfNdisf") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="avast! Antivirus") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="MsMpSvc") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="RsMgrSvc") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="fshoster") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="AVKProxy") returned 1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="MBAMService") returned -1 [0128.418] lstrcmpiW (lpString1="Dnscache", lpString2="GbpSv") returned -1 [0128.418] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x66, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DoSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.418] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DoSvc") returned 39 [0128.418] SetLastError (dwErrCode=0x0) [0128.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DoSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.418] SetLastError (dwErrCode=0x0) [0128.418] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xe, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.418] RegCloseKey (hKey=0x264) returned 0x0 [0128.418] SetLastError (dwErrCode=0x0) [0128.418] lstrcmpiW (lpString1="DoSvc", lpString2="NAVENG") returned -1 [0128.418] lstrcmpiW (lpString1="DoSvc", lpString2="ccEvtMgr") returned 1 [0128.418] lstrcmpiW (lpString1="DoSvc", lpString2="NAV") returned -1 [0128.418] lstrcmpiW (lpString1="DoSvc", lpString2="NIS") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="NAVEX15") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="AVP") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="AVP15.0.0") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="AVP15.0.1") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="kl1") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="McComponentHostService") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="ekrn") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="egui") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="avgwd") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="BdfNdisf") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="avast! Antivirus") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="MsMpSvc") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="RsMgrSvc") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="fshoster") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="AVKProxy") returned 1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="MBAMService") returned -1 [0128.419] lstrcmpiW (lpString1="DoSvc", lpString2="GbpSv") returned -1 [0128.419] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x67, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dot3svc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.419] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dot3svc") returned 41 [0128.419] SetLastError (dwErrCode=0x0) [0128.419] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dot3svc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.419] SetLastError (dwErrCode=0x0) [0128.419] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.419] RegCloseKey (hKey=0x264) returned 0x0 [0128.419] SetLastError (dwErrCode=0x0) [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="NAVENG") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="ccEvtMgr") returned 1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="NAV") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="NIS") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="NAVEX15") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="AVP") returned 1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="AVP15.0.0") returned 1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="AVP15.0.1") returned 1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="kl1") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="McComponentHostService") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="ekrn") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="egui") returned -1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="avgwd") returned 1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="BdfNdisf") returned 1 [0128.419] lstrcmpiW (lpString1="dot3svc", lpString2="avast! Antivirus") returned 1 [0128.420] lstrcmpiW (lpString1="dot3svc", lpString2="MsMpSvc") returned -1 [0128.420] lstrcmpiW (lpString1="dot3svc", lpString2="RsMgrSvc") returned -1 [0128.420] lstrcmpiW (lpString1="dot3svc", lpString2="fshoster") returned -1 [0128.420] lstrcmpiW (lpString1="dot3svc", lpString2="AVKProxy") returned 1 [0128.420] lstrcmpiW (lpString1="dot3svc", lpString2="MBAMService") returned -1 [0128.420] lstrcmpiW (lpString1="dot3svc", lpString2="GbpSv") returned -1 [0128.420] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x68, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DPS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.420] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DPS") returned 37 [0128.420] SetLastError (dwErrCode=0x0) [0128.420] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DPS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.420] SetLastError (dwErrCode=0x0) [0128.420] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.420] RegCloseKey (hKey=0x264) returned 0x0 [0128.420] SetLastError (dwErrCode=0x0) [0128.420] lstrcmpiW (lpString1="DPS", lpString2="NAVENG") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="ccEvtMgr") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="NAV") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="NIS") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="NAVEX15") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="AVP") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="AVP15.0.0") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="AVP15.0.1") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="kl1") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="McComponentHostService") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="ekrn") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="egui") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="avgwd") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="BdfNdisf") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="avast! Antivirus") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="MsMpSvc") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="RsMgrSvc") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="fshoster") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="AVKProxy") returned 1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="MBAMService") returned -1 [0128.420] lstrcmpiW (lpString1="DPS", lpString2="GbpSv") returned -1 [0128.420] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x69, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="drmkaud", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.420] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\drmkaud") returned 41 [0128.421] SetLastError (dwErrCode=0x0) [0128.421] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\drmkaud", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.421] SetLastError (dwErrCode=0x0) [0128.421] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.421] RegCloseKey (hKey=0x264) returned 0x0 [0128.421] SetLastError (dwErrCode=0x0) [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="NAVENG") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="ccEvtMgr") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="NAV") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="NIS") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="NAVEX15") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="AVP") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="AVP15.0.0") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="AVP15.0.1") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="kl1") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="McComponentHostService") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="ekrn") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="egui") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="avgwd") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="BdfNdisf") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="avast! Antivirus") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="MsMpSvc") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="RsMgrSvc") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="fshoster") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="AVKProxy") returned 1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="MBAMService") returned -1 [0128.421] lstrcmpiW (lpString1="drmkaud", lpString2="GbpSv") returned -1 [0128.421] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DsmSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.421] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DsmSvc") returned 40 [0128.421] SetLastError (dwErrCode=0x0) [0128.421] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DsmSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.421] SetLastError (dwErrCode=0x0) [0128.421] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.421] RegCloseKey (hKey=0x264) returned 0x0 [0128.421] SetLastError (dwErrCode=0x0) [0128.421] lstrcmpiW (lpString1="DsmSvc", lpString2="NAVENG") returned -1 [0128.421] lstrcmpiW (lpString1="DsmSvc", lpString2="ccEvtMgr") returned 1 [0128.421] lstrcmpiW (lpString1="DsmSvc", lpString2="NAV") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="NIS") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="NAVEX15") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="AVP") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="AVP15.0.0") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="AVP15.0.1") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="kl1") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="McComponentHostService") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="ekrn") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="egui") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="avgwd") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="BdfNdisf") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="avast! Antivirus") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="MsMpSvc") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="RsMgrSvc") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="fshoster") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="AVKProxy") returned 1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="MBAMService") returned -1 [0128.422] lstrcmpiW (lpString1="DsmSvc", lpString2="GbpSv") returned -1 [0128.422] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DsSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.422] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DsSvc") returned 39 [0128.422] SetLastError (dwErrCode=0x0) [0128.422] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DsSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.422] SetLastError (dwErrCode=0x0) [0128.422] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.422] RegCloseKey (hKey=0x264) returned 0x0 [0128.423] SetLastError (dwErrCode=0x0) [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="NAVENG") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="ccEvtMgr") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="NAV") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="NIS") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="NAVEX15") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="AVP") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="AVP15.0.0") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="AVP15.0.1") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="kl1") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="McComponentHostService") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="ekrn") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="egui") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="avgwd") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="BdfNdisf") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="avast! Antivirus") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="MsMpSvc") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="RsMgrSvc") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="fshoster") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="AVKProxy") returned 1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="MBAMService") returned -1 [0128.423] lstrcmpiW (lpString1="DsSvc", lpString2="GbpSv") returned -1 [0128.423] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXGKrnl", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.423] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DXGKrnl") returned 41 [0128.423] SetLastError (dwErrCode=0x0) [0128.423] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DXGKrnl", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.423] SetLastError (dwErrCode=0x0) [0128.423] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.423] RegCloseKey (hKey=0x264) returned 0x0 [0128.423] SetLastError (dwErrCode=0x0) [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="NAVENG") returned -1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="ccEvtMgr") returned 1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="NAV") returned -1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="NIS") returned -1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="NAVEX15") returned -1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVP") returned 1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVP15.0.0") returned 1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVP15.0.1") returned 1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="kl1") returned -1 [0128.423] lstrcmpiW (lpString1="DXGKrnl", lpString2="McComponentHostService") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="ekrn") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="egui") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="avgwd") returned 1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="BdfNdisf") returned 1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="avast! Antivirus") returned 1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="MsMpSvc") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="RsMgrSvc") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="fshoster") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVKProxy") returned 1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="MBAMService") returned -1 [0128.424] lstrcmpiW (lpString1="DXGKrnl", lpString2="GbpSv") returned -1 [0128.424] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="e1iexpress", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.424] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\e1iexpress") returned 44 [0128.424] SetLastError (dwErrCode=0x0) [0128.424] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\e1iexpress", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.424] SetLastError (dwErrCode=0x0) [0128.424] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.424] RegCloseKey (hKey=0x264) returned 0x0 [0128.424] SetLastError (dwErrCode=0x0) [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="NAVENG") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="ccEvtMgr") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="NAV") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="NIS") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="NAVEX15") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="AVP") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="AVP15.0.0") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="AVP15.0.1") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="kl1") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="McComponentHostService") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="ekrn") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="egui") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="avgwd") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="BdfNdisf") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="avast! Antivirus") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="MsMpSvc") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="RsMgrSvc") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="fshoster") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="AVKProxy") returned 1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="MBAMService") returned -1 [0128.424] lstrcmpiW (lpString1="e1iexpress", lpString2="GbpSv") returned -1 [0128.424] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Eaphost", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.425] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Eaphost") returned 41 [0128.425] SetLastError (dwErrCode=0x0) [0128.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Eaphost", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.425] SetLastError (dwErrCode=0x0) [0128.425] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.425] RegCloseKey (hKey=0x264) returned 0x0 [0128.425] SetLastError (dwErrCode=0x0) [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="NAVENG") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="ccEvtMgr") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="NAV") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="NIS") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="NAVEX15") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="AVP") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="AVP15.0.0") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="AVP15.0.1") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="kl1") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="McComponentHostService") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="ekrn") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="egui") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="avgwd") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="BdfNdisf") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="avast! Antivirus") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="MsMpSvc") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="RsMgrSvc") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="fshoster") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="AVKProxy") returned 1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="MBAMService") returned -1 [0128.425] lstrcmpiW (lpString1="Eaphost", lpString2="GbpSv") returned -1 [0128.425] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x6f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ebdrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.425] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ebdrv") returned 39 [0128.425] SetLastError (dwErrCode=0x0) [0128.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ebdrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.425] SetLastError (dwErrCode=0x0) [0128.425] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.425] RegCloseKey (hKey=0x264) returned 0x0 [0128.425] SetLastError (dwErrCode=0x0) [0128.425] lstrcmpiW (lpString1="ebdrv", lpString2="NAVENG") returned -1 [0128.425] lstrcmpiW (lpString1="ebdrv", lpString2="ccEvtMgr") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="NAV") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="NIS") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="NAVEX15") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="AVP") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="AVP15.0.0") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="AVP15.0.1") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="kl1") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="McComponentHostService") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="ekrn") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="egui") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="avgwd") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="BdfNdisf") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="avast! Antivirus") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="MsMpSvc") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="RsMgrSvc") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="fshoster") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="AVKProxy") returned 1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="MBAMService") returned -1 [0128.426] lstrcmpiW (lpString1="ebdrv", lpString2="GbpSv") returned -1 [0128.426] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x70, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EFS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.426] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EFS") returned 37 [0128.426] SetLastError (dwErrCode=0x0) [0128.426] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EFS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.426] SetLastError (dwErrCode=0x0) [0128.426] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.426] RegCloseKey (hKey=0x264) returned 0x0 [0128.426] SetLastError (dwErrCode=0x0) [0128.426] lstrcmpiW (lpString1="EFS", lpString2="NAVENG") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="ccEvtMgr") returned 1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="NAV") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="NIS") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="NAVEX15") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="AVP") returned 1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="AVP15.0.0") returned 1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="AVP15.0.1") returned 1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="kl1") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="McComponentHostService") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="ekrn") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="egui") returned -1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="avgwd") returned 1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="BdfNdisf") returned 1 [0128.426] lstrcmpiW (lpString1="EFS", lpString2="avast! Antivirus") returned 1 [0128.427] lstrcmpiW (lpString1="EFS", lpString2="MsMpSvc") returned -1 [0128.427] lstrcmpiW (lpString1="EFS", lpString2="RsMgrSvc") returned -1 [0128.427] lstrcmpiW (lpString1="EFS", lpString2="fshoster") returned -1 [0128.427] lstrcmpiW (lpString1="EFS", lpString2="AVKProxy") returned 1 [0128.427] lstrcmpiW (lpString1="EFS", lpString2="MBAMService") returned -1 [0128.427] lstrcmpiW (lpString1="EFS", lpString2="GbpSv") returned -1 [0128.427] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x71, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EhStorClass", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.427] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EhStorClass") returned 45 [0128.427] SetLastError (dwErrCode=0x0) [0128.427] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EhStorClass", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.427] SetLastError (dwErrCode=0x0) [0128.427] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.427] RegCloseKey (hKey=0x264) returned 0x0 [0128.427] SetLastError (dwErrCode=0x0) [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="NAVENG") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="ccEvtMgr") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="NAV") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="NIS") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="NAVEX15") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="AVP") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="AVP15.0.0") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="AVP15.0.1") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="kl1") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="McComponentHostService") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="ekrn") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="egui") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="avgwd") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="BdfNdisf") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="avast! Antivirus") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="MsMpSvc") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="RsMgrSvc") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="fshoster") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="AVKProxy") returned 1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="MBAMService") returned -1 [0128.427] lstrcmpiW (lpString1="EhStorClass", lpString2="GbpSv") returned -1 [0128.427] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x72, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EhStorTcgDrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.428] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EhStorTcgDrv") returned 46 [0128.428] SetLastError (dwErrCode=0x0) [0128.428] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EhStorTcgDrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.428] SetLastError (dwErrCode=0x0) [0128.428] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.428] RegCloseKey (hKey=0x264) returned 0x0 [0128.428] SetLastError (dwErrCode=0x0) [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NAVENG") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="ccEvtMgr") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NAV") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NIS") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NAVEX15") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVP") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVP15.0.0") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVP15.0.1") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="kl1") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="McComponentHostService") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="ekrn") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="egui") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="avgwd") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="BdfNdisf") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="avast! Antivirus") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="MsMpSvc") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="RsMgrSvc") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="fshoster") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVKProxy") returned 1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="MBAMService") returned -1 [0128.428] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="GbpSv") returned -1 [0128.428] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x73, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="embeddedmode", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.428] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\embeddedmode") returned 46 [0128.428] SetLastError (dwErrCode=0x0) [0128.428] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\embeddedmode", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.428] SetLastError (dwErrCode=0x0) [0128.428] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.428] RegCloseKey (hKey=0x264) returned 0x0 [0128.429] SetLastError (dwErrCode=0x0) [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="NAVENG") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="ccEvtMgr") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="NAV") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="NIS") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="NAVEX15") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="AVP") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="AVP15.0.0") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="AVP15.0.1") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="kl1") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="McComponentHostService") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="ekrn") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="egui") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="avgwd") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="BdfNdisf") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="avast! Antivirus") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="MsMpSvc") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="RsMgrSvc") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="fshoster") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="AVKProxy") returned 1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="MBAMService") returned -1 [0128.429] lstrcmpiW (lpString1="embeddedmode", lpString2="GbpSv") returned -1 [0128.429] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x74, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EntAppSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.429] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EntAppSvc") returned 43 [0128.429] SetLastError (dwErrCode=0x0) [0128.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EntAppSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.429] SetLastError (dwErrCode=0x0) [0128.429] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.429] RegCloseKey (hKey=0x264) returned 0x0 [0128.429] SetLastError (dwErrCode=0x0) [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="NAVENG") returned -1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="ccEvtMgr") returned 1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="NAV") returned -1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="NIS") returned -1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="NAVEX15") returned -1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVP") returned 1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVP15.0.0") returned 1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVP15.0.1") returned 1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="kl1") returned -1 [0128.429] lstrcmpiW (lpString1="EntAppSvc", lpString2="McComponentHostService") returned -1 [0128.430] lstrcmpiW (lpString1="EntAppSvc", lpString2="ekrn") returned 1 [0128.431] lstrcmpiW (lpString1="EntAppSvc", lpString2="egui") returned 1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="avgwd") returned 1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="BdfNdisf") returned 1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="avast! Antivirus") returned 1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="MsMpSvc") returned -1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="RsMgrSvc") returned -1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="fshoster") returned -1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVKProxy") returned 1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="MBAMService") returned -1 [0128.432] lstrcmpiW (lpString1="EntAppSvc", lpString2="GbpSv") returned -1 [0128.432] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x75, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ErrDev", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.432] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ErrDev") returned 40 [0128.432] SetLastError (dwErrCode=0x0) [0128.432] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ErrDev", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.432] SetLastError (dwErrCode=0x0) [0128.432] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.432] RegCloseKey (hKey=0x264) returned 0x0 [0128.432] SetLastError (dwErrCode=0x0) [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="NAVENG") returned -1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="ccEvtMgr") returned 1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="NAV") returned -1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="NIS") returned -1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="NAVEX15") returned -1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="AVP") returned 1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="AVP15.0.0") returned 1 [0128.432] lstrcmpiW (lpString1="ErrDev", lpString2="AVP15.0.1") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="kl1") returned -1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="McComponentHostService") returned -1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="ekrn") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="egui") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="avgwd") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="BdfNdisf") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="avast! Antivirus") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="MsMpSvc") returned -1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="RsMgrSvc") returned -1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="fshoster") returned -1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="AVKProxy") returned 1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="MBAMService") returned -1 [0128.433] lstrcmpiW (lpString1="ErrDev", lpString2="GbpSv") returned -1 [0128.433] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x76, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ESENT", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.433] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ESENT") returned 39 [0128.433] SetLastError (dwErrCode=0x0) [0128.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ESENT", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.433] SetLastError (dwErrCode=0x0) [0128.433] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.433] RegCloseKey (hKey=0x264) returned 0x0 [0128.433] SetLastError (dwErrCode=0x0) [0128.433] GetLastError () returned 0x0 [0128.433] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x77, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventLog", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.433] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EventLog") returned 42 [0128.433] SetLastError (dwErrCode=0x0) [0128.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EventLog", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.434] SetLastError (dwErrCode=0x0) [0128.434] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.434] RegCloseKey (hKey=0x264) returned 0x0 [0128.434] SetLastError (dwErrCode=0x0) [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="NAVENG") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="ccEvtMgr") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="NAV") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="NIS") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="NAVEX15") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="AVP") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="AVP15.0.0") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="AVP15.0.1") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="kl1") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="McComponentHostService") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="ekrn") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="egui") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="avgwd") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="BdfNdisf") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="avast! Antivirus") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="MsMpSvc") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="RsMgrSvc") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="fshoster") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="AVKProxy") returned 1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="MBAMService") returned -1 [0128.434] lstrcmpiW (lpString1="EventLog", lpString2="GbpSv") returned -1 [0128.434] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x78, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.434] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EventSystem") returned 45 [0128.434] SetLastError (dwErrCode=0x0) [0128.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EventSystem", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.435] SetLastError (dwErrCode=0x0) [0128.435] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.435] RegCloseKey (hKey=0x264) returned 0x0 [0128.435] SetLastError (dwErrCode=0x0) [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="NAVENG") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="ccEvtMgr") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="NAV") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="NIS") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="NAVEX15") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="AVP") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="AVP15.0.0") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="AVP15.0.1") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="kl1") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="McComponentHostService") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="ekrn") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="egui") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="avgwd") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="BdfNdisf") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="avast! Antivirus") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="MsMpSvc") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="RsMgrSvc") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="fshoster") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="AVKProxy") returned 1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="MBAMService") returned -1 [0128.435] lstrcmpiW (lpString1="EventSystem", lpString2="GbpSv") returned -1 [0128.435] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x79, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="exfat", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.436] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\exfat") returned 39 [0128.436] SetLastError (dwErrCode=0x0) [0128.436] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\exfat", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.436] SetLastError (dwErrCode=0x0) [0128.436] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.436] RegCloseKey (hKey=0x264) returned 0x0 [0128.436] SetLastError (dwErrCode=0x0) [0128.436] lstrcmpiW (lpString1="exfat", lpString2="NAVENG") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="ccEvtMgr") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="NAV") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="NIS") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="NAVEX15") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="AVP") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="AVP15.0.0") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="AVP15.0.1") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="kl1") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="McComponentHostService") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="ekrn") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="egui") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="avgwd") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="BdfNdisf") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="avast! Antivirus") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="MsMpSvc") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="RsMgrSvc") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="fshoster") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="AVKProxy") returned 1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="MBAMService") returned -1 [0128.436] lstrcmpiW (lpString1="exfat", lpString2="GbpSv") returned -1 [0128.436] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fastfat", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.437] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fastfat") returned 41 [0128.437] SetLastError (dwErrCode=0x0) [0128.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fastfat", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.437] SetLastError (dwErrCode=0x0) [0128.437] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.437] RegCloseKey (hKey=0x264) returned 0x0 [0128.437] SetLastError (dwErrCode=0x0) [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="NAVENG") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="ccEvtMgr") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="NAV") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="NIS") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="NAVEX15") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="AVP") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="AVP15.0.0") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="AVP15.0.1") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="kl1") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="McComponentHostService") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="ekrn") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="egui") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="avgwd") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="BdfNdisf") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="avast! Antivirus") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="MsMpSvc") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="RsMgrSvc") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="fshoster") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="AVKProxy") returned 1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="MBAMService") returned -1 [0128.437] lstrcmpiW (lpString1="fastfat", lpString2="GbpSv") returned -1 [0128.438] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.438] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Fax") returned 37 [0128.438] SetLastError (dwErrCode=0x0) [0128.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Fax", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.438] SetLastError (dwErrCode=0x0) [0128.438] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.438] RegCloseKey (hKey=0x264) returned 0x0 [0128.438] SetLastError (dwErrCode=0x0) [0128.438] lstrcmpiW (lpString1="Fax", lpString2="NAVENG") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="ccEvtMgr") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="NAV") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="NIS") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="NAVEX15") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="AVP") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="AVP15.0.0") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="AVP15.0.1") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="kl1") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="McComponentHostService") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="ekrn") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="egui") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="avgwd") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="BdfNdisf") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="avast! Antivirus") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="MsMpSvc") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="RsMgrSvc") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="fshoster") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="AVKProxy") returned 1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="MBAMService") returned -1 [0128.438] lstrcmpiW (lpString1="Fax", lpString2="GbpSv") returned -1 [0128.438] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fcvsc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.438] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fcvsc") returned 39 [0128.438] SetLastError (dwErrCode=0x0) [0128.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fcvsc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.439] SetLastError (dwErrCode=0x0) [0128.439] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.439] RegCloseKey (hKey=0x264) returned 0x0 [0128.439] SetLastError (dwErrCode=0x0) [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="NAVENG") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="ccEvtMgr") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="NAV") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="NIS") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="NAVEX15") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="AVP") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="AVP15.0.0") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="AVP15.0.1") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="kl1") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="McComponentHostService") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="ekrn") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="egui") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="avgwd") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="BdfNdisf") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="avast! Antivirus") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="MsMpSvc") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="RsMgrSvc") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="fshoster") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="AVKProxy") returned 1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="MBAMService") returned -1 [0128.439] lstrcmpiW (lpString1="fcvsc", lpString2="GbpSv") returned -1 [0128.439] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fdc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.439] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fdc") returned 37 [0128.439] SetLastError (dwErrCode=0x0) [0128.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fdc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.439] SetLastError (dwErrCode=0x0) [0128.439] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.439] RegCloseKey (hKey=0x264) returned 0x0 [0128.439] SetLastError (dwErrCode=0x0) [0128.439] lstrcmpiW (lpString1="fdc", lpString2="NAVENG") returned -1 [0128.439] lstrcmpiW (lpString1="fdc", lpString2="ccEvtMgr") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="NAV") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="NIS") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="NAVEX15") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="AVP") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="AVP15.0.0") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="AVP15.0.1") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="kl1") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="McComponentHostService") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="ekrn") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="egui") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="avgwd") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="BdfNdisf") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="avast! Antivirus") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="MsMpSvc") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="RsMgrSvc") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="fshoster") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="AVKProxy") returned 1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="MBAMService") returned -1 [0128.440] lstrcmpiW (lpString1="fdc", lpString2="GbpSv") returned -1 [0128.440] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fdPHost", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.440] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fdPHost") returned 41 [0128.440] SetLastError (dwErrCode=0x0) [0128.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fdPHost", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.440] SetLastError (dwErrCode=0x0) [0128.441] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.441] RegCloseKey (hKey=0x264) returned 0x0 [0128.441] SetLastError (dwErrCode=0x0) [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="NAVENG") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="ccEvtMgr") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="NAV") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="NIS") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="NAVEX15") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="AVP") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="AVP15.0.0") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="AVP15.0.1") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="kl1") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="McComponentHostService") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="ekrn") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="egui") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="avgwd") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="BdfNdisf") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="avast! Antivirus") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="MsMpSvc") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="RsMgrSvc") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="fshoster") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="AVKProxy") returned 1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="MBAMService") returned -1 [0128.441] lstrcmpiW (lpString1="fdPHost", lpString2="GbpSv") returned -1 [0128.441] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x7f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FDResPub", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.441] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FDResPub") returned 42 [0128.441] SetLastError (dwErrCode=0x0) [0128.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FDResPub", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.442] SetLastError (dwErrCode=0x0) [0128.442] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.442] RegCloseKey (hKey=0x264) returned 0x0 [0128.442] SetLastError (dwErrCode=0x0) [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="NAVENG") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="ccEvtMgr") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="NAV") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="NIS") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="NAVEX15") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="AVP") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="AVP15.0.0") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="AVP15.0.1") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="kl1") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="McComponentHostService") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="ekrn") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="egui") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="avgwd") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="BdfNdisf") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="avast! Antivirus") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="MsMpSvc") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="RsMgrSvc") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="fshoster") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="AVKProxy") returned 1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="MBAMService") returned -1 [0128.442] lstrcmpiW (lpString1="FDResPub", lpString2="GbpSv") returned -1 [0128.442] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x80, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fhsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.442] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fhsvc") returned 39 [0128.442] SetLastError (dwErrCode=0x0) [0128.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fhsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.443] SetLastError (dwErrCode=0x0) [0128.443] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.443] RegCloseKey (hKey=0x264) returned 0x0 [0128.443] SetLastError (dwErrCode=0x0) [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="NAVENG") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="ccEvtMgr") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="NAV") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="NIS") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="NAVEX15") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="AVP") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="AVP15.0.0") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="AVP15.0.1") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="kl1") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="McComponentHostService") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="ekrn") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="egui") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="avgwd") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="BdfNdisf") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="avast! Antivirus") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="MsMpSvc") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="RsMgrSvc") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="fshoster") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="AVKProxy") returned 1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="MBAMService") returned -1 [0128.443] lstrcmpiW (lpString1="fhsvc", lpString2="GbpSv") returned -1 [0128.443] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x81, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FileCrypt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.444] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FileCrypt") returned 43 [0128.444] SetLastError (dwErrCode=0x0) [0128.444] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FileCrypt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.444] SetLastError (dwErrCode=0x0) [0128.444] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.444] RegCloseKey (hKey=0x264) returned 0x0 [0128.444] SetLastError (dwErrCode=0x0) [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="NAVENG") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="ccEvtMgr") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="NAV") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="NIS") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="NAVEX15") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="AVP") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="AVP15.0.0") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="AVP15.0.1") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="kl1") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="McComponentHostService") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="ekrn") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="egui") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="avgwd") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="BdfNdisf") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="avast! Antivirus") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="MsMpSvc") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="RsMgrSvc") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="fshoster") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="AVKProxy") returned 1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="MBAMService") returned -1 [0128.444] lstrcmpiW (lpString1="FileCrypt", lpString2="GbpSv") returned -1 [0128.444] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x82, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FileInfo", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.445] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FileInfo") returned 42 [0128.445] SetLastError (dwErrCode=0x0) [0128.445] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FileInfo", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.445] SetLastError (dwErrCode=0x0) [0128.445] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.445] RegCloseKey (hKey=0x264) returned 0x0 [0128.445] SetLastError (dwErrCode=0x0) [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="NAVENG") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="ccEvtMgr") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="NAV") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="NIS") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="NAVEX15") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="AVP") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="AVP15.0.0") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="AVP15.0.1") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="kl1") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="McComponentHostService") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="ekrn") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="egui") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="avgwd") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="BdfNdisf") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="avast! Antivirus") returned 1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="MsMpSvc") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="RsMgrSvc") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="fshoster") returned -1 [0128.445] lstrcmpiW (lpString1="FileInfo", lpString2="AVKProxy") returned 1 [0128.446] lstrcmpiW (lpString1="FileInfo", lpString2="MBAMService") returned -1 [0128.446] lstrcmpiW (lpString1="FileInfo", lpString2="GbpSv") returned -1 [0128.446] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x83, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Filetrace", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.446] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Filetrace") returned 43 [0128.446] SetLastError (dwErrCode=0x0) [0128.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Filetrace", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.446] SetLastError (dwErrCode=0x0) [0128.446] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.446] RegCloseKey (hKey=0x264) returned 0x0 [0128.446] SetLastError (dwErrCode=0x0) [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="NAVENG") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="ccEvtMgr") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="NAV") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="NIS") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="NAVEX15") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="AVP") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="AVP15.0.0") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="AVP15.0.1") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="kl1") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="McComponentHostService") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="ekrn") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="egui") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="avgwd") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="BdfNdisf") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="avast! Antivirus") returned 1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="MsMpSvc") returned -1 [0128.446] lstrcmpiW (lpString1="Filetrace", lpString2="RsMgrSvc") returned -1 [0128.447] lstrcmpiW (lpString1="Filetrace", lpString2="fshoster") returned -1 [0128.447] lstrcmpiW (lpString1="Filetrace", lpString2="AVKProxy") returned 1 [0128.447] lstrcmpiW (lpString1="Filetrace", lpString2="MBAMService") returned -1 [0128.447] lstrcmpiW (lpString1="Filetrace", lpString2="GbpSv") returned -1 [0128.447] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x84, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="flpydisk", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.447] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\flpydisk") returned 42 [0128.447] SetLastError (dwErrCode=0x0) [0128.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\flpydisk", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.447] SetLastError (dwErrCode=0x0) [0128.447] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.447] RegCloseKey (hKey=0x264) returned 0x0 [0128.447] SetLastError (dwErrCode=0x0) [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="NAVENG") returned -1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="ccEvtMgr") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="NAV") returned -1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="NIS") returned -1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="NAVEX15") returned -1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="AVP") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="AVP15.0.0") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="AVP15.0.1") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="kl1") returned -1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="McComponentHostService") returned -1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="ekrn") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="egui") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="avgwd") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="BdfNdisf") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="avast! Antivirus") returned 1 [0128.447] lstrcmpiW (lpString1="flpydisk", lpString2="MsMpSvc") returned -1 [0128.448] lstrcmpiW (lpString1="flpydisk", lpString2="RsMgrSvc") returned -1 [0128.448] lstrcmpiW (lpString1="flpydisk", lpString2="fshoster") returned -1 [0128.448] lstrcmpiW (lpString1="flpydisk", lpString2="AVKProxy") returned 1 [0128.448] lstrcmpiW (lpString1="flpydisk", lpString2="MBAMService") returned -1 [0128.448] lstrcmpiW (lpString1="flpydisk", lpString2="GbpSv") returned -1 [0128.448] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x85, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FltMgr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.448] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FltMgr") returned 40 [0128.448] SetLastError (dwErrCode=0x0) [0128.448] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FltMgr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.448] SetLastError (dwErrCode=0x0) [0128.448] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.448] RegCloseKey (hKey=0x264) returned 0x0 [0128.448] SetLastError (dwErrCode=0x0) [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="NAVENG") returned -1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="ccEvtMgr") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="NAV") returned -1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="NIS") returned -1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="NAVEX15") returned -1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="AVP") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="AVP15.0.0") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="AVP15.0.1") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="kl1") returned -1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="McComponentHostService") returned -1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="ekrn") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="egui") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="avgwd") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="BdfNdisf") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="avast! Antivirus") returned 1 [0128.448] lstrcmpiW (lpString1="FltMgr", lpString2="MsMpSvc") returned -1 [0128.449] lstrcmpiW (lpString1="FltMgr", lpString2="RsMgrSvc") returned -1 [0128.449] lstrcmpiW (lpString1="FltMgr", lpString2="fshoster") returned -1 [0128.449] lstrcmpiW (lpString1="FltMgr", lpString2="AVKProxy") returned 1 [0128.449] lstrcmpiW (lpString1="FltMgr", lpString2="MBAMService") returned -1 [0128.449] lstrcmpiW (lpString1="FltMgr", lpString2="GbpSv") returned -1 [0128.449] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x86, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FontCache", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.449] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FontCache") returned 43 [0128.449] SetLastError (dwErrCode=0x0) [0128.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FontCache", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.449] SetLastError (dwErrCode=0x0) [0128.449] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.449] RegCloseKey (hKey=0x264) returned 0x0 [0128.449] SetLastError (dwErrCode=0x0) [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="NAVENG") returned -1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="ccEvtMgr") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="NAV") returned -1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="NIS") returned -1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="NAVEX15") returned -1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="AVP") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="AVP15.0.0") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="AVP15.0.1") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="kl1") returned -1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="McComponentHostService") returned -1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="ekrn") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="egui") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="avgwd") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="BdfNdisf") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="avast! Antivirus") returned 1 [0128.449] lstrcmpiW (lpString1="FontCache", lpString2="MsMpSvc") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache", lpString2="RsMgrSvc") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache", lpString2="fshoster") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache", lpString2="AVKProxy") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache", lpString2="MBAMService") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache", lpString2="GbpSv") returned -1 [0128.450] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x87, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FontCache3.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.450] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FontCache3.0.0.0") returned 50 [0128.450] SetLastError (dwErrCode=0x0) [0128.450] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FontCache3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.450] SetLastError (dwErrCode=0x0) [0128.450] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.450] RegCloseKey (hKey=0x264) returned 0x0 [0128.450] SetLastError (dwErrCode=0x0) [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NAVENG") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="ccEvtMgr") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NAV") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NIS") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NAVEX15") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVP") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVP15.0.0") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVP15.0.1") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="kl1") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="McComponentHostService") returned -1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="ekrn") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="egui") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="avgwd") returned 1 [0128.450] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="BdfNdisf") returned 1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="avast! Antivirus") returned 1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="MsMpSvc") returned -1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="RsMgrSvc") returned -1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="fshoster") returned -1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVKProxy") returned 1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="MBAMService") returned -1 [0128.451] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="GbpSv") returned -1 [0128.451] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x88, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FsDepends", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.451] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FsDepends") returned 43 [0128.451] SetLastError (dwErrCode=0x0) [0128.451] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FsDepends", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.451] SetLastError (dwErrCode=0x0) [0128.451] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.451] RegCloseKey (hKey=0x264) returned 0x0 [0128.451] SetLastError (dwErrCode=0x0) [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="NAVENG") returned -1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="ccEvtMgr") returned 1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="NAV") returned -1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="NIS") returned -1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="NAVEX15") returned -1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="AVP") returned 1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="AVP15.0.0") returned 1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="AVP15.0.1") returned 1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="kl1") returned -1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="McComponentHostService") returned -1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="ekrn") returned 1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="egui") returned 1 [0128.451] lstrcmpiW (lpString1="FsDepends", lpString2="avgwd") returned 1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="BdfNdisf") returned 1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="avast! Antivirus") returned 1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="MsMpSvc") returned -1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="RsMgrSvc") returned -1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="fshoster") returned -1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="AVKProxy") returned 1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="MBAMService") returned -1 [0128.452] lstrcmpiW (lpString1="FsDepends", lpString2="GbpSv") returned -1 [0128.452] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x89, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fs_Rec", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.452] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Fs_Rec") returned 40 [0128.452] SetLastError (dwErrCode=0x0) [0128.452] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Fs_Rec", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.452] SetLastError (dwErrCode=0x0) [0128.452] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.452] RegCloseKey (hKey=0x264) returned 0x0 [0128.452] SetLastError (dwErrCode=0x0) [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="NAVENG") returned -1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="ccEvtMgr") returned 1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="NAV") returned -1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="NIS") returned -1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="NAVEX15") returned -1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVP") returned 1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVP15.0.0") returned 1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVP15.0.1") returned 1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="kl1") returned -1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="McComponentHostService") returned -1 [0128.452] lstrcmpiW (lpString1="Fs_Rec", lpString2="ekrn") returned 1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="egui") returned 1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="avgwd") returned 1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="BdfNdisf") returned 1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="avast! Antivirus") returned 1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="MsMpSvc") returned -1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="RsMgrSvc") returned -1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="fshoster") returned -1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVKProxy") returned 1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="MBAMService") returned -1 [0128.453] lstrcmpiW (lpString1="Fs_Rec", lpString2="GbpSv") returned -1 [0128.453] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fvevol", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.453] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fvevol") returned 40 [0128.453] SetLastError (dwErrCode=0x0) [0128.453] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fvevol", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.453] SetLastError (dwErrCode=0x0) [0128.453] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.453] RegCloseKey (hKey=0x264) returned 0x0 [0128.453] SetLastError (dwErrCode=0x0) [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="NAVENG") returned -1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="ccEvtMgr") returned 1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="NAV") returned -1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="NIS") returned -1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="NAVEX15") returned -1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="AVP") returned 1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="AVP15.0.0") returned 1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="AVP15.0.1") returned 1 [0128.453] lstrcmpiW (lpString1="fvevol", lpString2="kl1") returned -1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="McComponentHostService") returned -1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="ekrn") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="egui") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="avgwd") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="BdfNdisf") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="avast! Antivirus") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="MsMpSvc") returned -1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="RsMgrSvc") returned -1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="fshoster") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="AVKProxy") returned 1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="MBAMService") returned -1 [0128.454] lstrcmpiW (lpString1="fvevol", lpString2="GbpSv") returned -1 [0128.454] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gagp30kx", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.454] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gagp30kx") returned 42 [0128.454] SetLastError (dwErrCode=0x0) [0128.454] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gagp30kx", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.454] SetLastError (dwErrCode=0x0) [0128.454] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.454] RegCloseKey (hKey=0x264) returned 0x0 [0128.454] SetLastError (dwErrCode=0x0) [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="NAVENG") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="ccEvtMgr") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="NAV") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="NIS") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="NAVEX15") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="AVP") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="AVP15.0.0") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="AVP15.0.1") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="kl1") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="McComponentHostService") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="ekrn") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="egui") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="avgwd") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="BdfNdisf") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="avast! Antivirus") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="MsMpSvc") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="RsMgrSvc") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="fshoster") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="AVKProxy") returned 1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="MBAMService") returned -1 [0128.455] lstrcmpiW (lpString1="gagp30kx", lpString2="GbpSv") returned -1 [0128.455] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gencounter", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.455] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gencounter") returned 44 [0128.455] SetLastError (dwErrCode=0x0) [0128.455] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gencounter", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.455] SetLastError (dwErrCode=0x0) [0128.455] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.455] RegCloseKey (hKey=0x264) returned 0x0 [0128.455] SetLastError (dwErrCode=0x0) [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="NAVENG") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="ccEvtMgr") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="NAV") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="NIS") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="NAVEX15") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="AVP") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="AVP15.0.0") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="AVP15.0.1") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="kl1") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="McComponentHostService") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="ekrn") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="egui") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="avgwd") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="BdfNdisf") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="avast! Antivirus") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="MsMpSvc") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="RsMgrSvc") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="fshoster") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="AVKProxy") returned 1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="MBAMService") returned -1 [0128.456] lstrcmpiW (lpString1="gencounter", lpString2="GbpSv") returned 1 [0128.456] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="genericusbfn", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.456] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\genericusbfn") returned 46 [0128.456] SetLastError (dwErrCode=0x0) [0128.456] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\genericusbfn", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.456] SetLastError (dwErrCode=0x0) [0128.456] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.456] RegCloseKey (hKey=0x264) returned 0x0 [0128.456] SetLastError (dwErrCode=0x0) [0128.456] lstrcmpiW (lpString1="genericusbfn", lpString2="NAVENG") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="ccEvtMgr") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="NAV") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="NIS") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="NAVEX15") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="AVP") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="AVP15.0.0") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="AVP15.0.1") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="kl1") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="McComponentHostService") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="ekrn") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="egui") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="avgwd") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="BdfNdisf") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="avast! Antivirus") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="MsMpSvc") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="RsMgrSvc") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="fshoster") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="AVKProxy") returned 1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="MBAMService") returned -1 [0128.457] lstrcmpiW (lpString1="genericusbfn", lpString2="GbpSv") returned 1 [0128.457] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GPIOClx0101", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.457] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\GPIOClx0101") returned 45 [0128.457] SetLastError (dwErrCode=0x0) [0128.457] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\GPIOClx0101", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.457] SetLastError (dwErrCode=0x0) [0128.457] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.457] RegCloseKey (hKey=0x264) returned 0x0 [0128.458] SetLastError (dwErrCode=0x0) [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NAVENG") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="ccEvtMgr") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NAV") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NIS") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NAVEX15") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVP") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVP15.0.0") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVP15.0.1") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="kl1") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="McComponentHostService") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="ekrn") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="egui") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="avgwd") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="BdfNdisf") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="avast! Antivirus") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="MsMpSvc") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="RsMgrSvc") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="fshoster") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVKProxy") returned 1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="MBAMService") returned -1 [0128.458] lstrcmpiW (lpString1="GPIOClx0101", lpString2="GbpSv") returned 1 [0128.458] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x8f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gpsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.458] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gpsvc") returned 39 [0128.458] SetLastError (dwErrCode=0x0) [0128.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gpsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.459] SetLastError (dwErrCode=0x0) [0128.459] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.459] RegCloseKey (hKey=0x264) returned 0x0 [0128.459] SetLastError (dwErrCode=0x0) [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="NAVENG") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="ccEvtMgr") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="NAV") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="NIS") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="NAVEX15") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="AVP") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="AVP15.0.0") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="AVP15.0.1") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="kl1") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="McComponentHostService") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="ekrn") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="egui") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="avgwd") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="BdfNdisf") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="avast! Antivirus") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="MsMpSvc") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="RsMgrSvc") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="fshoster") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="AVKProxy") returned 1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="MBAMService") returned -1 [0128.459] lstrcmpiW (lpString1="gpsvc", lpString2="GbpSv") returned 1 [0128.459] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x90, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GpuEnergyDrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.459] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\GpuEnergyDrv") returned 46 [0128.459] SetLastError (dwErrCode=0x0) [0128.459] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\GpuEnergyDrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.460] SetLastError (dwErrCode=0x0) [0128.460] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.460] RegCloseKey (hKey=0x264) returned 0x0 [0128.460] SetLastError (dwErrCode=0x0) [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NAVENG") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="ccEvtMgr") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NAV") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NIS") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NAVEX15") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVP") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVP15.0.0") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVP15.0.1") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="kl1") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="McComponentHostService") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="ekrn") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="egui") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="avgwd") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="BdfNdisf") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="avast! Antivirus") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="MsMpSvc") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="RsMgrSvc") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="fshoster") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVKProxy") returned 1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="MBAMService") returned -1 [0128.460] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="GbpSv") returned 1 [0128.460] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x91, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gupdate", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.460] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gupdate") returned 41 [0128.460] SetLastError (dwErrCode=0x0) [0128.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gupdate", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.461] SetLastError (dwErrCode=0x0) [0128.461] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.461] RegCloseKey (hKey=0x264) returned 0x0 [0128.461] SetLastError (dwErrCode=0x0) [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="NAVENG") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="ccEvtMgr") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="NAV") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="NIS") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="NAVEX15") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="AVP") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="AVP15.0.0") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="AVP15.0.1") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="kl1") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="McComponentHostService") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="ekrn") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="egui") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="avgwd") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="BdfNdisf") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="avast! Antivirus") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="MsMpSvc") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="RsMgrSvc") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="fshoster") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="AVKProxy") returned 1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="MBAMService") returned -1 [0128.461] lstrcmpiW (lpString1="gupdate", lpString2="GbpSv") returned 1 [0128.461] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x92, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gupdatem", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.461] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gupdatem") returned 42 [0128.461] SetLastError (dwErrCode=0x0) [0128.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gupdatem", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.462] SetLastError (dwErrCode=0x0) [0128.462] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.462] RegCloseKey (hKey=0x264) returned 0x0 [0128.462] SetLastError (dwErrCode=0x0) [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="NAVENG") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="ccEvtMgr") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="NAV") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="NIS") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="NAVEX15") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="AVP") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="AVP15.0.0") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="AVP15.0.1") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="kl1") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="McComponentHostService") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="ekrn") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="egui") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="avgwd") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="BdfNdisf") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="avast! Antivirus") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="MsMpSvc") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="RsMgrSvc") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="fshoster") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="AVKProxy") returned 1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="MBAMService") returned -1 [0128.462] lstrcmpiW (lpString1="gupdatem", lpString2="GbpSv") returned 1 [0128.462] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x93, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HdAudAddService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.462] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HdAudAddService") returned 49 [0128.462] SetLastError (dwErrCode=0x0) [0128.462] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HdAudAddService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.462] SetLastError (dwErrCode=0x0) [0128.462] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.462] RegCloseKey (hKey=0x264) returned 0x0 [0128.463] SetLastError (dwErrCode=0x0) [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="NAVENG") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="ccEvtMgr") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="NAV") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="NIS") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="NAVEX15") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVP") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVP15.0.0") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVP15.0.1") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="kl1") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="McComponentHostService") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="ekrn") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="egui") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="avgwd") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="BdfNdisf") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="avast! Antivirus") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="MsMpSvc") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="RsMgrSvc") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="fshoster") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVKProxy") returned 1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="MBAMService") returned -1 [0128.463] lstrcmpiW (lpString1="HdAudAddService", lpString2="GbpSv") returned 1 [0128.463] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x94, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HDAudBus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.463] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HDAudBus") returned 42 [0128.463] SetLastError (dwErrCode=0x0) [0128.463] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HDAudBus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.463] SetLastError (dwErrCode=0x0) [0128.463] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.463] RegCloseKey (hKey=0x264) returned 0x0 [0128.463] SetLastError (dwErrCode=0x0) [0128.463] lstrcmpiW (lpString1="HDAudBus", lpString2="NAVENG") returned -1 [0128.463] lstrcmpiW (lpString1="HDAudBus", lpString2="ccEvtMgr") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="NAV") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="NIS") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="NAVEX15") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="AVP") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="AVP15.0.0") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="AVP15.0.1") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="kl1") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="McComponentHostService") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="ekrn") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="egui") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="avgwd") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="BdfNdisf") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="avast! Antivirus") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="MsMpSvc") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="RsMgrSvc") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="fshoster") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="AVKProxy") returned 1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="MBAMService") returned -1 [0128.464] lstrcmpiW (lpString1="HDAudBus", lpString2="GbpSv") returned 1 [0128.464] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x95, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidBatt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.464] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidBatt") returned 41 [0128.464] SetLastError (dwErrCode=0x0) [0128.464] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidBatt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.464] SetLastError (dwErrCode=0x0) [0128.464] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.464] RegCloseKey (hKey=0x264) returned 0x0 [0128.464] SetLastError (dwErrCode=0x0) [0128.464] lstrcmpiW (lpString1="HidBatt", lpString2="NAVENG") returned -1 [0128.464] lstrcmpiW (lpString1="HidBatt", lpString2="ccEvtMgr") returned 1 [0128.464] lstrcmpiW (lpString1="HidBatt", lpString2="NAV") returned -1 [0128.464] lstrcmpiW (lpString1="HidBatt", lpString2="NIS") returned -1 [0128.464] lstrcmpiW (lpString1="HidBatt", lpString2="NAVEX15") returned -1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="AVP") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="AVP15.0.0") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="AVP15.0.1") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="kl1") returned -1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="McComponentHostService") returned -1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="ekrn") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="egui") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="avgwd") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="BdfNdisf") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="avast! Antivirus") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="MsMpSvc") returned -1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="RsMgrSvc") returned -1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="fshoster") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="AVKProxy") returned 1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="MBAMService") returned -1 [0128.465] lstrcmpiW (lpString1="HidBatt", lpString2="GbpSv") returned 1 [0128.465] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x96, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidBth", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.465] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidBth") returned 40 [0128.465] SetLastError (dwErrCode=0x0) [0128.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidBth", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.465] SetLastError (dwErrCode=0x0) [0128.465] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.465] RegCloseKey (hKey=0x264) returned 0x0 [0128.465] SetLastError (dwErrCode=0x0) [0128.465] lstrcmpiW (lpString1="HidBth", lpString2="NAVENG") returned -1 [0128.465] lstrcmpiW (lpString1="HidBth", lpString2="ccEvtMgr") returned 1 [0128.465] lstrcmpiW (lpString1="HidBth", lpString2="NAV") returned -1 [0128.465] lstrcmpiW (lpString1="HidBth", lpString2="NIS") returned -1 [0128.465] lstrcmpiW (lpString1="HidBth", lpString2="NAVEX15") returned -1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="AVP") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="AVP15.0.0") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="AVP15.0.1") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="kl1") returned -1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="McComponentHostService") returned -1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="ekrn") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="egui") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="avgwd") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="BdfNdisf") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="avast! Antivirus") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="MsMpSvc") returned -1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="RsMgrSvc") returned -1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="fshoster") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="AVKProxy") returned 1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="MBAMService") returned -1 [0128.466] lstrcmpiW (lpString1="HidBth", lpString2="GbpSv") returned 1 [0128.466] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x97, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hidi2c", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.466] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hidi2c") returned 40 [0128.466] SetLastError (dwErrCode=0x0) [0128.466] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hidi2c", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.466] SetLastError (dwErrCode=0x0) [0128.466] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.466] RegCloseKey (hKey=0x264) returned 0x0 [0128.466] SetLastError (dwErrCode=0x0) [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="NAVENG") returned -1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="ccEvtMgr") returned 1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="NAV") returned -1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="NIS") returned -1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="NAVEX15") returned -1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="AVP") returned 1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="AVP15.0.0") returned 1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="AVP15.0.1") returned 1 [0128.466] lstrcmpiW (lpString1="hidi2c", lpString2="kl1") returned -1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="McComponentHostService") returned -1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="ekrn") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="egui") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="avgwd") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="BdfNdisf") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="avast! Antivirus") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="MsMpSvc") returned -1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="RsMgrSvc") returned -1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="fshoster") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="AVKProxy") returned 1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="MBAMService") returned -1 [0128.467] lstrcmpiW (lpString1="hidi2c", lpString2="GbpSv") returned 1 [0128.467] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x98, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hidinterrupt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.467] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hidinterrupt") returned 46 [0128.467] SetLastError (dwErrCode=0x0) [0128.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hidinterrupt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.467] SetLastError (dwErrCode=0x0) [0128.467] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.467] RegCloseKey (hKey=0x264) returned 0x0 [0128.467] SetLastError (dwErrCode=0x0) [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="NAVENG") returned -1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="ccEvtMgr") returned 1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="NAV") returned -1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="NIS") returned -1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="NAVEX15") returned -1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVP") returned 1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVP15.0.0") returned 1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVP15.0.1") returned 1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="kl1") returned -1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="McComponentHostService") returned -1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="ekrn") returned 1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="egui") returned 1 [0128.467] lstrcmpiW (lpString1="hidinterrupt", lpString2="avgwd") returned 1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="BdfNdisf") returned 1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="avast! Antivirus") returned 1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="MsMpSvc") returned -1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="RsMgrSvc") returned -1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="fshoster") returned 1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVKProxy") returned 1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="MBAMService") returned -1 [0128.468] lstrcmpiW (lpString1="hidinterrupt", lpString2="GbpSv") returned 1 [0128.468] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x99, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidIr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.468] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidIr") returned 39 [0128.468] SetLastError (dwErrCode=0x0) [0128.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidIr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.468] SetLastError (dwErrCode=0x0) [0128.468] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.468] RegCloseKey (hKey=0x264) returned 0x0 [0128.468] SetLastError (dwErrCode=0x0) [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="NAVENG") returned -1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="ccEvtMgr") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="NAV") returned -1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="NIS") returned -1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="NAVEX15") returned -1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="AVP") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="AVP15.0.0") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="AVP15.0.1") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="kl1") returned -1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="McComponentHostService") returned -1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="ekrn") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="egui") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="avgwd") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="BdfNdisf") returned 1 [0128.468] lstrcmpiW (lpString1="HidIr", lpString2="avast! Antivirus") returned 1 [0128.469] lstrcmpiW (lpString1="HidIr", lpString2="MsMpSvc") returned -1 [0128.469] lstrcmpiW (lpString1="HidIr", lpString2="RsMgrSvc") returned -1 [0128.469] lstrcmpiW (lpString1="HidIr", lpString2="fshoster") returned 1 [0128.469] lstrcmpiW (lpString1="HidIr", lpString2="AVKProxy") returned 1 [0128.469] lstrcmpiW (lpString1="HidIr", lpString2="MBAMService") returned -1 [0128.469] lstrcmpiW (lpString1="HidIr", lpString2="GbpSv") returned 1 [0128.469] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hidserv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.469] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hidserv") returned 41 [0128.469] SetLastError (dwErrCode=0x0) [0128.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hidserv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.469] SetLastError (dwErrCode=0x0) [0128.469] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.469] RegCloseKey (hKey=0x264) returned 0x0 [0128.469] SetLastError (dwErrCode=0x0) [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="NAVENG") returned -1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="ccEvtMgr") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="NAV") returned -1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="NIS") returned -1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="NAVEX15") returned -1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="AVP") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="AVP15.0.0") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="AVP15.0.1") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="kl1") returned -1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="McComponentHostService") returned -1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="ekrn") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="egui") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="avgwd") returned 1 [0128.469] lstrcmpiW (lpString1="hidserv", lpString2="BdfNdisf") returned 1 [0128.470] lstrcmpiW (lpString1="hidserv", lpString2="avast! Antivirus") returned 1 [0128.470] lstrcmpiW (lpString1="hidserv", lpString2="MsMpSvc") returned -1 [0128.470] lstrcmpiW (lpString1="hidserv", lpString2="RsMgrSvc") returned -1 [0128.471] lstrcmpiW (lpString1="hidserv", lpString2="fshoster") returned 1 [0128.471] lstrcmpiW (lpString1="hidserv", lpString2="AVKProxy") returned 1 [0128.471] lstrcmpiW (lpString1="hidserv", lpString2="MBAMService") returned -1 [0128.471] lstrcmpiW (lpString1="hidserv", lpString2="GbpSv") returned 1 [0128.471] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidUsb", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.471] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidUsb") returned 40 [0128.471] SetLastError (dwErrCode=0x0) [0128.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidUsb", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.471] SetLastError (dwErrCode=0x0) [0128.471] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.471] RegCloseKey (hKey=0x264) returned 0x0 [0128.471] SetLastError (dwErrCode=0x0) [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="NAVENG") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="ccEvtMgr") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="NAV") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="NIS") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="NAVEX15") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="AVP") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="AVP15.0.0") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="AVP15.0.1") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="kl1") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="McComponentHostService") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="ekrn") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="egui") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="avgwd") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="BdfNdisf") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="avast! Antivirus") returned 1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="MsMpSvc") returned -1 [0128.471] lstrcmpiW (lpString1="HidUsb", lpString2="RsMgrSvc") returned -1 [0128.472] lstrcmpiW (lpString1="HidUsb", lpString2="fshoster") returned 1 [0128.472] lstrcmpiW (lpString1="HidUsb", lpString2="AVKProxy") returned 1 [0128.472] lstrcmpiW (lpString1="HidUsb", lpString2="MBAMService") returned -1 [0128.472] lstrcmpiW (lpString1="HidUsb", lpString2="GbpSv") returned 1 [0128.472] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HomeGroupListener", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.472] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HomeGroupListener") returned 51 [0128.472] SetLastError (dwErrCode=0x0) [0128.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HomeGroupListener", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.472] SetLastError (dwErrCode=0x0) [0128.472] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.472] RegCloseKey (hKey=0x264) returned 0x0 [0128.472] SetLastError (dwErrCode=0x0) [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NAVENG") returned -1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="ccEvtMgr") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NAV") returned -1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NIS") returned -1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NAVEX15") returned -1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVP") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVP15.0.0") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVP15.0.1") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="kl1") returned -1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="McComponentHostService") returned -1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="ekrn") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="egui") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="avgwd") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="BdfNdisf") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="avast! Antivirus") returned 1 [0128.472] lstrcmpiW (lpString1="HomeGroupListener", lpString2="MsMpSvc") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupListener", lpString2="RsMgrSvc") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupListener", lpString2="fshoster") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVKProxy") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupListener", lpString2="MBAMService") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupListener", lpString2="GbpSv") returned 1 [0128.473] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HomeGroupProvider", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.473] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HomeGroupProvider") returned 51 [0128.473] SetLastError (dwErrCode=0x0) [0128.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HomeGroupProvider", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.473] SetLastError (dwErrCode=0x0) [0128.473] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.473] RegCloseKey (hKey=0x264) returned 0x0 [0128.473] SetLastError (dwErrCode=0x0) [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NAVENG") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="ccEvtMgr") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NAV") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NIS") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NAVEX15") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVP") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVP15.0.0") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVP15.0.1") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="kl1") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="McComponentHostService") returned -1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="ekrn") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="egui") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="avgwd") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="BdfNdisf") returned 1 [0128.473] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="avast! Antivirus") returned 1 [0128.474] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="MsMpSvc") returned -1 [0128.474] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="RsMgrSvc") returned -1 [0128.474] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="fshoster") returned 1 [0128.474] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVKProxy") returned 1 [0128.474] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="MBAMService") returned -1 [0128.474] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="GbpSv") returned 1 [0128.474] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HpSAMD", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.474] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HpSAMD") returned 40 [0128.474] SetLastError (dwErrCode=0x0) [0128.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HpSAMD", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.474] SetLastError (dwErrCode=0x0) [0128.474] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.474] RegCloseKey (hKey=0x264) returned 0x0 [0128.474] SetLastError (dwErrCode=0x0) [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="NAVENG") returned -1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="ccEvtMgr") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="NAV") returned -1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="NIS") returned -1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="NAVEX15") returned -1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="AVP") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="AVP15.0.0") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="AVP15.0.1") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="kl1") returned -1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="McComponentHostService") returned -1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="ekrn") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="egui") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="avgwd") returned 1 [0128.474] lstrcmpiW (lpString1="HpSAMD", lpString2="BdfNdisf") returned 1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="avast! Antivirus") returned 1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="MsMpSvc") returned -1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="RsMgrSvc") returned -1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="fshoster") returned 1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="AVKProxy") returned 1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="MBAMService") returned -1 [0128.475] lstrcmpiW (lpString1="HpSAMD", lpString2="GbpSv") returned 1 [0128.475] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x9f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HTTP", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.475] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HTTP") returned 38 [0128.475] SetLastError (dwErrCode=0x0) [0128.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HTTP", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.475] SetLastError (dwErrCode=0x0) [0128.475] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.475] RegCloseKey (hKey=0x264) returned 0x0 [0128.475] SetLastError (dwErrCode=0x0) [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="NAVENG") returned -1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="ccEvtMgr") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="NAV") returned -1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="NIS") returned -1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="NAVEX15") returned -1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="AVP") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="AVP15.0.0") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="AVP15.0.1") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="kl1") returned -1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="McComponentHostService") returned -1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="ekrn") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="egui") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="avgwd") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="BdfNdisf") returned 1 [0128.475] lstrcmpiW (lpString1="HTTP", lpString2="avast! Antivirus") returned 1 [0128.476] lstrcmpiW (lpString1="HTTP", lpString2="MsMpSvc") returned -1 [0128.476] lstrcmpiW (lpString1="HTTP", lpString2="RsMgrSvc") returned -1 [0128.476] lstrcmpiW (lpString1="HTTP", lpString2="fshoster") returned 1 [0128.476] lstrcmpiW (lpString1="HTTP", lpString2="AVKProxy") returned 1 [0128.476] lstrcmpiW (lpString1="HTTP", lpString2="MBAMService") returned -1 [0128.476] lstrcmpiW (lpString1="HTTP", lpString2="GbpSv") returned 1 [0128.476] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hwpolicy", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.476] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hwpolicy") returned 42 [0128.476] SetLastError (dwErrCode=0x0) [0128.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hwpolicy", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.476] SetLastError (dwErrCode=0x0) [0128.476] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.476] RegCloseKey (hKey=0x264) returned 0x0 [0128.476] SetLastError (dwErrCode=0x0) [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="NAVENG") returned -1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="ccEvtMgr") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="NAV") returned -1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="NIS") returned -1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="NAVEX15") returned -1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="AVP") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="AVP15.0.0") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="AVP15.0.1") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="kl1") returned -1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="McComponentHostService") returned -1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="ekrn") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="egui") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="avgwd") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="BdfNdisf") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="avast! Antivirus") returned 1 [0128.476] lstrcmpiW (lpString1="hwpolicy", lpString2="MsMpSvc") returned -1 [0128.477] lstrcmpiW (lpString1="hwpolicy", lpString2="RsMgrSvc") returned -1 [0128.477] lstrcmpiW (lpString1="hwpolicy", lpString2="fshoster") returned 1 [0128.477] lstrcmpiW (lpString1="hwpolicy", lpString2="AVKProxy") returned 1 [0128.477] lstrcmpiW (lpString1="hwpolicy", lpString2="MBAMService") returned -1 [0128.477] lstrcmpiW (lpString1="hwpolicy", lpString2="GbpSv") returned 1 [0128.477] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hyperkbd", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.477] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hyperkbd") returned 42 [0128.477] SetLastError (dwErrCode=0x0) [0128.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hyperkbd", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.477] SetLastError (dwErrCode=0x0) [0128.477] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.477] RegCloseKey (hKey=0x264) returned 0x0 [0128.477] SetLastError (dwErrCode=0x0) [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="NAVENG") returned -1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="ccEvtMgr") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="NAV") returned -1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="NIS") returned -1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="NAVEX15") returned -1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="AVP") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="AVP15.0.0") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="AVP15.0.1") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="kl1") returned -1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="McComponentHostService") returned -1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="ekrn") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="egui") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="avgwd") returned 1 [0128.477] lstrcmpiW (lpString1="hyperkbd", lpString2="BdfNdisf") returned 1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="avast! Antivirus") returned 1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="MsMpSvc") returned -1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="RsMgrSvc") returned -1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="fshoster") returned 1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="AVKProxy") returned 1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="MBAMService") returned -1 [0128.478] lstrcmpiW (lpString1="hyperkbd", lpString2="GbpSv") returned 1 [0128.478] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HyperVideo", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.478] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HyperVideo") returned 44 [0128.478] SetLastError (dwErrCode=0x0) [0128.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HyperVideo", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.478] SetLastError (dwErrCode=0x0) [0128.478] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.478] RegCloseKey (hKey=0x264) returned 0x0 [0128.478] SetLastError (dwErrCode=0x0) [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="NAVENG") returned -1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="ccEvtMgr") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="NAV") returned -1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="NIS") returned -1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="NAVEX15") returned -1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="AVP") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="AVP15.0.0") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="AVP15.0.1") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="kl1") returned -1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="McComponentHostService") returned -1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="ekrn") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="egui") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="avgwd") returned 1 [0128.478] lstrcmpiW (lpString1="HyperVideo", lpString2="BdfNdisf") returned 1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="avast! Antivirus") returned 1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="MsMpSvc") returned -1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="RsMgrSvc") returned -1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="fshoster") returned 1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="AVKProxy") returned 1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="MBAMService") returned -1 [0128.479] lstrcmpiW (lpString1="HyperVideo", lpString2="GbpSv") returned 1 [0128.479] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="i8042prt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.479] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\i8042prt") returned 42 [0128.479] SetLastError (dwErrCode=0x0) [0128.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\i8042prt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.479] SetLastError (dwErrCode=0x0) [0128.479] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.479] RegCloseKey (hKey=0x264) returned 0x0 [0128.479] SetLastError (dwErrCode=0x0) [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="NAVENG") returned -1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="ccEvtMgr") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="NAV") returned -1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="NIS") returned -1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="NAVEX15") returned -1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="AVP") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="AVP15.0.0") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="AVP15.0.1") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="kl1") returned -1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="McComponentHostService") returned -1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="ekrn") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="egui") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="avgwd") returned 1 [0128.479] lstrcmpiW (lpString1="i8042prt", lpString2="BdfNdisf") returned 1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="avast! Antivirus") returned 1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="MsMpSvc") returned -1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="RsMgrSvc") returned -1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="fshoster") returned 1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="AVKProxy") returned 1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="MBAMService") returned -1 [0128.480] lstrcmpiW (lpString1="i8042prt", lpString2="GbpSv") returned 1 [0128.480] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaLPSSi_GPIO", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.480] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_GPIO") returned 46 [0128.480] SetLastError (dwErrCode=0x0) [0128.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_GPIO", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.480] SetLastError (dwErrCode=0x0) [0128.480] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.480] RegCloseKey (hKey=0x264) returned 0x0 [0128.480] SetLastError (dwErrCode=0x0) [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NAVENG") returned -1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="ccEvtMgr") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NAV") returned -1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NIS") returned -1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NAVEX15") returned -1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVP") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVP15.0.0") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVP15.0.1") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="kl1") returned -1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="McComponentHostService") returned -1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="ekrn") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="egui") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="avgwd") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="BdfNdisf") returned 1 [0128.480] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="avast! Antivirus") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="MsMpSvc") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="RsMgrSvc") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="fshoster") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVKProxy") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="MBAMService") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="GbpSv") returned 1 [0128.481] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaLPSSi_I2C", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.481] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_I2C") returned 45 [0128.481] SetLastError (dwErrCode=0x0) [0128.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_I2C", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.481] SetLastError (dwErrCode=0x0) [0128.481] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.481] RegCloseKey (hKey=0x264) returned 0x0 [0128.481] SetLastError (dwErrCode=0x0) [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NAVENG") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="ccEvtMgr") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NAV") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NIS") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NAVEX15") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVP") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVP15.0.0") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVP15.0.1") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="kl1") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="McComponentHostService") returned -1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="ekrn") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="egui") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="avgwd") returned 1 [0128.481] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="BdfNdisf") returned 1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="avast! Antivirus") returned 1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="MsMpSvc") returned -1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="RsMgrSvc") returned -1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="fshoster") returned 1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVKProxy") returned 1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="MBAMService") returned -1 [0128.482] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="GbpSv") returned 1 [0128.482] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaStorAV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.482] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaStorAV") returned 42 [0128.482] SetLastError (dwErrCode=0x0) [0128.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaStorAV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.482] SetLastError (dwErrCode=0x0) [0128.482] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.482] RegCloseKey (hKey=0x264) returned 0x0 [0128.482] SetLastError (dwErrCode=0x0) [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="NAVENG") returned -1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="ccEvtMgr") returned 1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="NAV") returned -1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="NIS") returned -1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="NAVEX15") returned -1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="AVP") returned 1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="AVP15.0.0") returned 1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="AVP15.0.1") returned 1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="kl1") returned -1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="McComponentHostService") returned -1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="ekrn") returned 1 [0128.482] lstrcmpiW (lpString1="iaStorAV", lpString2="egui") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="avgwd") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="BdfNdisf") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="avast! Antivirus") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="MsMpSvc") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="RsMgrSvc") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="fshoster") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="AVKProxy") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="MBAMService") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorAV", lpString2="GbpSv") returned 1 [0128.483] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaStorV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.483] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaStorV") returned 41 [0128.483] SetLastError (dwErrCode=0x0) [0128.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaStorV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.483] SetLastError (dwErrCode=0x0) [0128.483] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.483] RegCloseKey (hKey=0x264) returned 0x0 [0128.483] SetLastError (dwErrCode=0x0) [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="NAVENG") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="ccEvtMgr") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="NAV") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="NIS") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="NAVEX15") returned -1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="AVP") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="AVP15.0.0") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="AVP15.0.1") returned 1 [0128.483] lstrcmpiW (lpString1="iaStorV", lpString2="kl1") returned -1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="McComponentHostService") returned -1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="ekrn") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="egui") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="avgwd") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="BdfNdisf") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="avast! Antivirus") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="MsMpSvc") returned -1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="RsMgrSvc") returned -1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="fshoster") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="AVKProxy") returned 1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="MBAMService") returned -1 [0128.484] lstrcmpiW (lpString1="iaStorV", lpString2="GbpSv") returned 1 [0128.484] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ibbus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.484] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ibbus") returned 39 [0128.484] SetLastError (dwErrCode=0x0) [0128.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ibbus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.484] SetLastError (dwErrCode=0x0) [0128.484] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.484] RegCloseKey (hKey=0x264) returned 0x0 [0128.484] SetLastError (dwErrCode=0x0) [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="NAVENG") returned -1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="ccEvtMgr") returned 1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="NAV") returned -1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="NIS") returned -1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="NAVEX15") returned -1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="AVP") returned 1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="AVP15.0.0") returned 1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="AVP15.0.1") returned 1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="kl1") returned -1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="McComponentHostService") returned -1 [0128.484] lstrcmpiW (lpString1="ibbus", lpString2="ekrn") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="egui") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="avgwd") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="BdfNdisf") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="avast! Antivirus") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="MsMpSvc") returned -1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="RsMgrSvc") returned -1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="fshoster") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="AVKProxy") returned 1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="MBAMService") returned -1 [0128.485] lstrcmpiW (lpString1="ibbus", lpString2="GbpSv") returned 1 [0128.485] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xa9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="icssvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.485] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\icssvc") returned 40 [0128.485] SetLastError (dwErrCode=0x0) [0128.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\icssvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.485] SetLastError (dwErrCode=0x0) [0128.485] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.485] RegCloseKey (hKey=0x264) returned 0x0 [0128.485] SetLastError (dwErrCode=0x0) [0128.485] lstrcmpiW (lpString1="icssvc", lpString2="NAVENG") returned -1 [0128.485] lstrcmpiW (lpString1="icssvc", lpString2="ccEvtMgr") returned 1 [0128.485] lstrcmpiW (lpString1="icssvc", lpString2="NAV") returned -1 [0128.485] lstrcmpiW (lpString1="icssvc", lpString2="NIS") returned -1 [0128.485] lstrcmpiW (lpString1="icssvc", lpString2="NAVEX15") returned -1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="AVP") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="AVP15.0.0") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="AVP15.0.1") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="kl1") returned -1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="McComponentHostService") returned -1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="ekrn") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="egui") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="avgwd") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="BdfNdisf") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="avast! Antivirus") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="MsMpSvc") returned -1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="RsMgrSvc") returned -1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="fshoster") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="AVKProxy") returned 1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="MBAMService") returned -1 [0128.486] lstrcmpiW (lpString1="icssvc", lpString2="GbpSv") returned 1 [0128.486] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xaa, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEEtwCollectorService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.486] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IEEtwCollectorService") returned 55 [0128.486] SetLastError (dwErrCode=0x0) [0128.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IEEtwCollectorService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.486] SetLastError (dwErrCode=0x0) [0128.486] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.486] RegCloseKey (hKey=0x264) returned 0x0 [0128.486] SetLastError (dwErrCode=0x0) [0128.486] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NAVENG") returned -1 [0128.486] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="ccEvtMgr") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NAV") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NIS") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NAVEX15") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVP") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVP15.0.0") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVP15.0.1") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="kl1") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="McComponentHostService") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="ekrn") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="egui") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="avgwd") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="BdfNdisf") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="avast! Antivirus") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="MsMpSvc") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="RsMgrSvc") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="fshoster") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVKProxy") returned 1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="MBAMService") returned -1 [0128.487] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="GbpSv") returned 1 [0128.487] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xab, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IKEEXT", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.487] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IKEEXT") returned 40 [0128.487] SetLastError (dwErrCode=0x0) [0128.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IKEEXT", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.487] SetLastError (dwErrCode=0x0) [0128.487] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.487] RegCloseKey (hKey=0x264) returned 0x0 [0128.487] SetLastError (dwErrCode=0x0) [0128.487] lstrcmpiW (lpString1="IKEEXT", lpString2="NAVENG") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="ccEvtMgr") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="NAV") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="NIS") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="NAVEX15") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="AVP") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="AVP15.0.0") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="AVP15.0.1") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="kl1") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="McComponentHostService") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="ekrn") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="egui") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="avgwd") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="BdfNdisf") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="avast! Antivirus") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="MsMpSvc") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="RsMgrSvc") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="fshoster") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="AVKProxy") returned 1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="MBAMService") returned -1 [0128.488] lstrcmpiW (lpString1="IKEEXT", lpString2="GbpSv") returned 1 [0128.488] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xac, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="inetaccs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.488] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\inetaccs") returned 42 [0128.488] SetLastError (dwErrCode=0x0) [0128.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\inetaccs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.488] SetLastError (dwErrCode=0x0) [0128.488] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.488] RegCloseKey (hKey=0x264) returned 0x0 [0128.488] SetLastError (dwErrCode=0x0) [0128.488] GetLastError () returned 0x0 [0128.489] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xad, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="intelide", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.489] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\intelide") returned 42 [0128.489] SetLastError (dwErrCode=0x0) [0128.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\intelide", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.489] SetLastError (dwErrCode=0x0) [0128.489] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.489] RegCloseKey (hKey=0x264) returned 0x0 [0128.489] SetLastError (dwErrCode=0x0) [0128.489] lstrcmpiW (lpString1="intelide", lpString2="NAVENG") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="ccEvtMgr") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="NAV") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="NIS") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="NAVEX15") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="AVP") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="AVP15.0.0") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="AVP15.0.1") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="kl1") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="McComponentHostService") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="ekrn") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="egui") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="avgwd") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="BdfNdisf") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="avast! Antivirus") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="MsMpSvc") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="RsMgrSvc") returned -1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="fshoster") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="AVKProxy") returned 1 [0128.489] lstrcmpiW (lpString1="intelide", lpString2="MBAMService") returned -1 [0128.490] lstrcmpiW (lpString1="intelide", lpString2="GbpSv") returned 1 [0128.490] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xae, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="intelpep", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.490] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\intelpep") returned 42 [0128.490] SetLastError (dwErrCode=0x0) [0128.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\intelpep", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.490] SetLastError (dwErrCode=0x0) [0128.490] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.490] RegCloseKey (hKey=0x264) returned 0x0 [0128.490] SetLastError (dwErrCode=0x0) [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="NAVENG") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="ccEvtMgr") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="NAV") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="NIS") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="NAVEX15") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="AVP") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="AVP15.0.0") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="AVP15.0.1") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="kl1") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="McComponentHostService") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="ekrn") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="egui") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="avgwd") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="BdfNdisf") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="avast! Antivirus") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="MsMpSvc") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="RsMgrSvc") returned -1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="fshoster") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="AVKProxy") returned 1 [0128.490] lstrcmpiW (lpString1="intelpep", lpString2="MBAMService") returned -1 [0128.491] lstrcmpiW (lpString1="intelpep", lpString2="GbpSv") returned 1 [0128.491] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xaf, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="intelppm", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.491] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\intelppm") returned 42 [0128.491] SetLastError (dwErrCode=0x0) [0128.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\intelppm", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.491] SetLastError (dwErrCode=0x0) [0128.491] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.491] RegCloseKey (hKey=0x264) returned 0x0 [0128.491] SetLastError (dwErrCode=0x0) [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="NAVENG") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="ccEvtMgr") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="NAV") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="NIS") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="NAVEX15") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="AVP") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="AVP15.0.0") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="AVP15.0.1") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="kl1") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="McComponentHostService") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="ekrn") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="egui") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="avgwd") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="BdfNdisf") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="avast! Antivirus") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="MsMpSvc") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="RsMgrSvc") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="fshoster") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="AVKProxy") returned 1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="MBAMService") returned -1 [0128.491] lstrcmpiW (lpString1="intelppm", lpString2="GbpSv") returned 1 [0128.492] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IoQos", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.492] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IoQos") returned 39 [0128.492] SetLastError (dwErrCode=0x0) [0128.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IoQos", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.492] SetLastError (dwErrCode=0x0) [0128.492] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.492] RegCloseKey (hKey=0x264) returned 0x0 [0128.492] SetLastError (dwErrCode=0x0) [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="NAVENG") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="ccEvtMgr") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="NAV") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="NIS") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="NAVEX15") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="AVP") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="AVP15.0.0") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="AVP15.0.1") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="kl1") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="McComponentHostService") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="ekrn") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="egui") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="avgwd") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="BdfNdisf") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="avast! Antivirus") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="MsMpSvc") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="RsMgrSvc") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="fshoster") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="AVKProxy") returned 1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="MBAMService") returned -1 [0128.492] lstrcmpiW (lpString1="IoQos", lpString2="GbpSv") returned 1 [0128.493] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IpFilterDriver", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.493] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IpFilterDriver") returned 48 [0128.493] SetLastError (dwErrCode=0x0) [0128.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IpFilterDriver", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.493] SetLastError (dwErrCode=0x0) [0128.493] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.493] RegCloseKey (hKey=0x264) returned 0x0 [0128.493] SetLastError (dwErrCode=0x0) [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NAVENG") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="ccEvtMgr") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NAV") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NIS") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NAVEX15") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVP") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVP15.0.0") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVP15.0.1") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="kl1") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="McComponentHostService") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="ekrn") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="egui") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="avgwd") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="BdfNdisf") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="avast! Antivirus") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="MsMpSvc") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="RsMgrSvc") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="fshoster") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVKProxy") returned 1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="MBAMService") returned -1 [0128.493] lstrcmpiW (lpString1="IpFilterDriver", lpString2="GbpSv") returned 1 [0128.494] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iphlpsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.494] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iphlpsvc") returned 42 [0128.494] SetLastError (dwErrCode=0x0) [0128.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iphlpsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.494] SetLastError (dwErrCode=0x0) [0128.494] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.494] RegCloseKey (hKey=0x264) returned 0x0 [0128.494] SetLastError (dwErrCode=0x0) [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="NAVENG") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="ccEvtMgr") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="NAV") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="NIS") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="NAVEX15") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVP") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVP15.0.0") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVP15.0.1") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="kl1") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="McComponentHostService") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="ekrn") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="egui") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="avgwd") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="BdfNdisf") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="avast! Antivirus") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="MsMpSvc") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="RsMgrSvc") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="fshoster") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVKProxy") returned 1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="MBAMService") returned -1 [0128.494] lstrcmpiW (lpString1="iphlpsvc", lpString2="GbpSv") returned 1 [0128.495] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IPMIDRV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.495] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IPMIDRV") returned 41 [0128.495] SetLastError (dwErrCode=0x0) [0128.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IPMIDRV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.495] SetLastError (dwErrCode=0x0) [0128.495] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.495] RegCloseKey (hKey=0x264) returned 0x0 [0128.495] SetLastError (dwErrCode=0x0) [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="NAVENG") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="ccEvtMgr") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="NAV") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="NIS") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="NAVEX15") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVP") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVP15.0.0") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVP15.0.1") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="kl1") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="McComponentHostService") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="ekrn") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="egui") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="avgwd") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="BdfNdisf") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="avast! Antivirus") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="MsMpSvc") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="RsMgrSvc") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="fshoster") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVKProxy") returned 1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="MBAMService") returned -1 [0128.495] lstrcmpiW (lpString1="IPMIDRV", lpString2="GbpSv") returned 1 [0128.496] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IPNAT", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.496] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IPNAT") returned 39 [0128.496] SetLastError (dwErrCode=0x0) [0128.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IPNAT", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.496] SetLastError (dwErrCode=0x0) [0128.496] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.496] RegCloseKey (hKey=0x264) returned 0x0 [0128.496] SetLastError (dwErrCode=0x0) [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="NAVENG") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="ccEvtMgr") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="NAV") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="NIS") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="NAVEX15") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="AVP") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="AVP15.0.0") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="AVP15.0.1") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="kl1") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="McComponentHostService") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="ekrn") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="egui") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="avgwd") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="BdfNdisf") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="avast! Antivirus") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="MsMpSvc") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="RsMgrSvc") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="fshoster") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="AVKProxy") returned 1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="MBAMService") returned -1 [0128.496] lstrcmpiW (lpString1="IPNAT", lpString2="GbpSv") returned 1 [0128.496] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IRENUM", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.497] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IRENUM") returned 40 [0128.497] SetLastError (dwErrCode=0x0) [0128.497] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IRENUM", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.497] SetLastError (dwErrCode=0x0) [0128.497] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.497] RegCloseKey (hKey=0x264) returned 0x0 [0128.497] SetLastError (dwErrCode=0x0) [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="NAVENG") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="ccEvtMgr") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="NAV") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="NIS") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="NAVEX15") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="AVP") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="AVP15.0.0") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="AVP15.0.1") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="kl1") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="McComponentHostService") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="ekrn") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="egui") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="avgwd") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="BdfNdisf") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="avast! Antivirus") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="MsMpSvc") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="RsMgrSvc") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="fshoster") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="AVKProxy") returned 1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="MBAMService") returned -1 [0128.497] lstrcmpiW (lpString1="IRENUM", lpString2="GbpSv") returned 1 [0128.497] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="isapnp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.497] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\isapnp") returned 40 [0128.498] SetLastError (dwErrCode=0x0) [0128.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\isapnp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.498] SetLastError (dwErrCode=0x0) [0128.498] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.498] RegCloseKey (hKey=0x264) returned 0x0 [0128.498] SetLastError (dwErrCode=0x0) [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="NAVENG") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="ccEvtMgr") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="NAV") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="NIS") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="NAVEX15") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="AVP") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="AVP15.0.0") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="AVP15.0.1") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="kl1") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="McComponentHostService") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="ekrn") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="egui") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="avgwd") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="BdfNdisf") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="avast! Antivirus") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="MsMpSvc") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="RsMgrSvc") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="fshoster") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="AVKProxy") returned 1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="MBAMService") returned -1 [0128.498] lstrcmpiW (lpString1="isapnp", lpString2="GbpSv") returned 1 [0128.498] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iScsiPrt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.498] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iScsiPrt") returned 42 [0128.498] SetLastError (dwErrCode=0x0) [0128.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iScsiPrt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.499] SetLastError (dwErrCode=0x0) [0128.499] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.499] RegCloseKey (hKey=0x264) returned 0x0 [0128.499] SetLastError (dwErrCode=0x0) [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="NAVENG") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="ccEvtMgr") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="NAV") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="NIS") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="NAVEX15") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVP") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVP15.0.0") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVP15.0.1") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="kl1") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="McComponentHostService") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="ekrn") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="egui") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="avgwd") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="BdfNdisf") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="avast! Antivirus") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="MsMpSvc") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="RsMgrSvc") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="fshoster") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVKProxy") returned 1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="MBAMService") returned -1 [0128.499] lstrcmpiW (lpString1="iScsiPrt", lpString2="GbpSv") returned 1 [0128.499] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="kbdclass", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.499] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\kbdclass") returned 42 [0128.499] SetLastError (dwErrCode=0x0) [0128.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\kbdclass", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.500] SetLastError (dwErrCode=0x0) [0128.500] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.500] RegCloseKey (hKey=0x264) returned 0x0 [0128.500] SetLastError (dwErrCode=0x0) [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="NAVENG") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="ccEvtMgr") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="NAV") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="NIS") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="NAVEX15") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="AVP") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="AVP15.0.0") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="AVP15.0.1") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="kl1") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="McComponentHostService") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="ekrn") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="egui") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="avgwd") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="BdfNdisf") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="avast! Antivirus") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="MsMpSvc") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="RsMgrSvc") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="fshoster") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="AVKProxy") returned 1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="MBAMService") returned -1 [0128.500] lstrcmpiW (lpString1="kbdclass", lpString2="GbpSv") returned 1 [0128.500] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xb9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="kbdhid", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.500] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\kbdhid") returned 40 [0128.501] SetLastError (dwErrCode=0x0) [0128.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\kbdhid", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.501] SetLastError (dwErrCode=0x0) [0128.501] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.501] RegCloseKey (hKey=0x264) returned 0x0 [0128.501] SetLastError (dwErrCode=0x0) [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="NAVENG") returned -1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="ccEvtMgr") returned 1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="NAV") returned -1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="NIS") returned -1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="NAVEX15") returned -1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="AVP") returned 1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="AVP15.0.0") returned 1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="AVP15.0.1") returned 1 [0128.501] lstrcmpiW (lpString1="kbdhid", lpString2="kl1") returned -1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="McComponentHostService") returned -1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="ekrn") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="egui") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="avgwd") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="BdfNdisf") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="avast! Antivirus") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="MsMpSvc") returned -1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="RsMgrSvc") returned -1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="fshoster") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="AVKProxy") returned 1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="MBAMService") returned -1 [0128.502] lstrcmpiW (lpString1="kbdhid", lpString2="GbpSv") returned 1 [0128.502] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xba, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="kdnic", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.502] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\kdnic") returned 39 [0128.502] SetLastError (dwErrCode=0x0) [0128.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\kdnic", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.502] SetLastError (dwErrCode=0x0) [0128.502] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.502] RegCloseKey (hKey=0x264) returned 0x0 [0128.502] SetLastError (dwErrCode=0x0) [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="NAVENG") returned -1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="ccEvtMgr") returned 1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="NAV") returned -1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="NIS") returned -1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="NAVEX15") returned -1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="AVP") returned 1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="AVP15.0.0") returned 1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="AVP15.0.1") returned 1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="kl1") returned -1 [0128.502] lstrcmpiW (lpString1="kdnic", lpString2="McComponentHostService") returned -1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="ekrn") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="egui") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="avgwd") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="BdfNdisf") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="avast! Antivirus") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="MsMpSvc") returned -1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="RsMgrSvc") returned -1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="fshoster") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="AVKProxy") returned 1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="MBAMService") returned -1 [0128.503] lstrcmpiW (lpString1="kdnic", lpString2="GbpSv") returned 1 [0128.503] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xbb, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KeyIso", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.503] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KeyIso") returned 40 [0128.503] SetLastError (dwErrCode=0x0) [0128.503] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KeyIso", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.503] SetLastError (dwErrCode=0x0) [0128.503] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.503] RegCloseKey (hKey=0x264) returned 0x0 [0128.503] SetLastError (dwErrCode=0x0) [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="NAVENG") returned -1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="ccEvtMgr") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="NAV") returned -1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="NIS") returned -1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="NAVEX15") returned -1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="AVP") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="AVP15.0.0") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="AVP15.0.1") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="kl1") returned -1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="McComponentHostService") returned -1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="ekrn") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="egui") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="avgwd") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="BdfNdisf") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="avast! Antivirus") returned 1 [0128.503] lstrcmpiW (lpString1="KeyIso", lpString2="MsMpSvc") returned -1 [0128.504] lstrcmpiW (lpString1="KeyIso", lpString2="RsMgrSvc") returned -1 [0128.504] lstrcmpiW (lpString1="KeyIso", lpString2="fshoster") returned 1 [0128.504] lstrcmpiW (lpString1="KeyIso", lpString2="AVKProxy") returned 1 [0128.504] lstrcmpiW (lpString1="KeyIso", lpString2="MBAMService") returned -1 [0128.504] lstrcmpiW (lpString1="KeyIso", lpString2="GbpSv") returned 1 [0128.504] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xbc, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KSecDD", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.504] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KSecDD") returned 40 [0128.504] SetLastError (dwErrCode=0x0) [0128.504] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KSecDD", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.504] SetLastError (dwErrCode=0x0) [0128.504] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.504] RegCloseKey (hKey=0x264) returned 0x0 [0128.504] SetLastError (dwErrCode=0x0) [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="NAVENG") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="ccEvtMgr") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="NAV") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="NIS") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="NAVEX15") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="AVP") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="AVP15.0.0") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="AVP15.0.1") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="kl1") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="McComponentHostService") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="ekrn") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="egui") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="avgwd") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="BdfNdisf") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="avast! Antivirus") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="MsMpSvc") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="RsMgrSvc") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="fshoster") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="AVKProxy") returned 1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="MBAMService") returned -1 [0128.504] lstrcmpiW (lpString1="KSecDD", lpString2="GbpSv") returned 1 [0128.504] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xbd, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KSecPkg", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.504] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KSecPkg") returned 41 [0128.504] SetLastError (dwErrCode=0x0) [0128.504] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KSecPkg", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.505] SetLastError (dwErrCode=0x0) [0128.505] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.505] RegCloseKey (hKey=0x264) returned 0x0 [0128.505] SetLastError (dwErrCode=0x0) [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="NAVENG") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="ccEvtMgr") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="NAV") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="NIS") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="NAVEX15") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="AVP") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="AVP15.0.0") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="AVP15.0.1") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="kl1") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="McComponentHostService") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="ekrn") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="egui") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="avgwd") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="BdfNdisf") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="avast! Antivirus") returned 1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="MsMpSvc") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="RsMgrSvc") returned -1 [0128.505] lstrcmpiW (lpString1="KSecPkg", lpString2="fshoster") returned 1 [0128.505] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xbe, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ksthunk", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.505] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ksthunk") returned 41 [0128.505] SetLastError (dwErrCode=0x0) [0128.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ksthunk", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.505] SetLastError (dwErrCode=0x0) [0128.505] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.505] RegCloseKey (hKey=0x264) returned 0x0 [0128.505] SetLastError (dwErrCode=0x0) [0128.505] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xbf, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KtmRm", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KtmRm") returned 39 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KtmRm", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] RegCloseKey (hKey=0x264) returned 0x0 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LanmanServer", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LanmanServer") returned 46 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LanmanServer", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] RegCloseKey (hKey=0x264) returned 0x0 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LanmanWorkstation", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LanmanWorkstation") returned 51 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LanmanWorkstation", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] RegCloseKey (hKey=0x264) returned 0x0 [0128.506] SetLastError (dwErrCode=0x0) [0128.506] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ldap", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.506] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ldap") returned 38 [0128.506] SetLastError (dwErrCode=0x0) [0128.507] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ldap", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.507] RegCloseKey (hKey=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lfsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.507] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lfsvc") returned 39 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lfsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.507] RegCloseKey (hKey=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LicenseManager", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.507] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LicenseManager") returned 48 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LicenseManager", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.507] RegCloseKey (hKey=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lltdio", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.507] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lltdio") returned 40 [0128.507] SetLastError (dwErrCode=0x0) [0128.507] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lltdio", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.507] SetLastError (dwErrCode=0x0) [0128.508] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] RegCloseKey (hKey=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lltdsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lltdsvc") returned 41 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lltdsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] RegCloseKey (hKey=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lmhosts", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lmhosts") returned 41 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lmhosts", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] RegCloseKey (hKey=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Lsa", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Lsa") returned 37 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Lsa", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.508] RegCloseKey (hKey=0x264) returned 0x0 [0128.508] SetLastError (dwErrCode=0x0) [0128.508] GetLastError () returned 0x0 [0128.509] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xc9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SAS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SAS") returned 41 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SAS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] RegCloseKey (hKey=0x264) returned 0x0 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xca, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SAS2i", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SAS2i") returned 43 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SAS2i", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] RegCloseKey (hKey=0x264) returned 0x0 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xcb, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SAS3i", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SAS3i") returned 43 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SAS3i", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] RegCloseKey (hKey=0x264) returned 0x0 [0128.509] SetLastError (dwErrCode=0x0) [0128.509] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xcc, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SSS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.509] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SSS") returned 41 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SSS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.510] RegCloseKey (hKey=0x264) returned 0x0 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xcd, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSM", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.510] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSM") returned 37 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSM", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.510] RegCloseKey (hKey=0x264) returned 0x0 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xce, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="luafv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.510] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\luafv") returned 39 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\luafv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.510] RegCloseKey (hKey=0x264) returned 0x0 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xcf, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MapsBroker", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.510] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MapsBroker") returned 44 [0128.510] SetLastError (dwErrCode=0x0) [0128.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MapsBroker", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.511] RegCloseKey (hKey=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="megasas", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.511] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\megasas") returned 41 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\megasas", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.511] RegCloseKey (hKey=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="megasr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.511] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\megasr") returned 40 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\megasr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.511] RegCloseKey (hKey=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mlx4_bus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.511] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mlx4_bus") returned 42 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mlx4_bus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.511] SetLastError (dwErrCode=0x0) [0128.511] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] RegCloseKey (hKey=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MMCSS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MMCSS") returned 39 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MMCSS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] RegCloseKey (hKey=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Modem", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Modem") returned 39 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Modem", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] RegCloseKey (hKey=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="monitor", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\monitor") returned 41 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\monitor", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.512] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.512] RegCloseKey (hKey=0x264) returned 0x0 [0128.512] SetLastError (dwErrCode=0x0) [0128.513] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mouclass", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.513] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mouclass") returned 42 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mouclass", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.513] RegCloseKey (hKey=0x264) returned 0x0 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mouhid", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.513] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mouhid") returned 40 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mouhid", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.513] RegCloseKey (hKey=0x264) returned 0x0 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mountmgr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.513] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mountmgr") returned 42 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mountmgr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.513] SetLastError (dwErrCode=0x0) [0128.513] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.513] RegCloseKey (hKey=0x264) returned 0x0 [0128.513] SetLastError (dwErrCode=0x0) [0128.514] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xd9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MozillaMaintenance", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.514] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MozillaMaintenance") returned 52 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MozillaMaintenance", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.514] RegCloseKey (hKey=0x264) returned 0x0 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xda, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mpsdrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.514] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mpsdrv") returned 40 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mpsdrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.514] RegCloseKey (hKey=0x264) returned 0x0 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xdb, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MpsSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.514] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MpsSvc") returned 40 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MpsSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.514] SetLastError (dwErrCode=0x0) [0128.514] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.514] RegCloseKey (hKey=0x264) returned 0x0 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xdc, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MRxDAV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.515] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MRxDAV") returned 40 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MRxDAV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.515] RegCloseKey (hKey=0x264) returned 0x0 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xdd, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mrxsmb", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.515] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mrxsmb") returned 40 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mrxsmb", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.515] RegCloseKey (hKey=0x264) returned 0x0 [0128.515] SetLastError (dwErrCode=0x0) [0128.515] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xde, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mrxsmb10", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.515] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mrxsmb10") returned 42 [0128.515] SetLastError (dwErrCode=0x0) [0128.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mrxsmb10", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.516] SetLastError (dwErrCode=0x0) [0128.516] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.516] RegCloseKey (hKey=0x264) returned 0x0 [0128.516] SetLastError (dwErrCode=0x0) [0128.516] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xdf, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mrxsmb20", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.516] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mrxsmb20") returned 42 [0128.516] SetLastError (dwErrCode=0x0) [0128.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mrxsmb20", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.516] SetLastError (dwErrCode=0x0) [0128.516] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.516] RegCloseKey (hKey=0x264) returned 0x0 [0128.516] SetLastError (dwErrCode=0x0) [0128.516] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MsBridge", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.516] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MsBridge") returned 42 [0128.516] SetLastError (dwErrCode=0x0) [0128.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MsBridge", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.516] SetLastError (dwErrCode=0x0) [0128.517] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.517] RegCloseKey (hKey=0x264) returned 0x0 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDTC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.517] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSDTC") returned 39 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSDTC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.517] RegCloseKey (hKey=0x264) returned 0x0 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDTC Bridge 3.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.517] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 3.0.0.0") returned 54 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.517] RegCloseKey (hKey=0x264) returned 0x0 [0128.517] SetLastError (dwErrCode=0x0) [0128.517] GetLastError () returned 0x0 [0128.518] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDTC Bridge 4.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.518] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 4.0.0.0") returned 54 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 4.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.518] RegCloseKey (hKey=0x264) returned 0x0 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] GetLastError () returned 0x0 [0128.518] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Msfs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.518] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Msfs") returned 38 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Msfs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.518] RegCloseKey (hKey=0x264) returned 0x0 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="msgpiowin32", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.518] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\msgpiowin32") returned 45 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\msgpiowin32", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.518] SetLastError (dwErrCode=0x0) [0128.518] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.518] RegCloseKey (hKey=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mshidkmdf", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mshidkmdf") returned 43 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mshidkmdf", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] RegCloseKey (hKey=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mshidumdf", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mshidumdf") returned 43 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mshidumdf", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] RegCloseKey (hKey=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="msisadrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\msisadrv") returned 42 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\msisadrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] RegCloseKey (hKey=0x264) returned 0x0 [0128.519] SetLastError (dwErrCode=0x0) [0128.519] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xe9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSiSCSI", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.519] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSiSCSI") returned 41 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSiSCSI", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xe, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.520] RegCloseKey (hKey=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xea, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="msiserver", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.520] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\msiserver") returned 43 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\msiserver", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.520] RegCloseKey (hKey=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xeb, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSKSSRV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.520] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSKSSRV") returned 41 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSKSSRV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.520] RegCloseKey (hKey=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xec, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MsLldp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.520] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MsLldp") returned 40 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MsLldp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.520] SetLastError (dwErrCode=0x0) [0128.520] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] RegCloseKey (hKey=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xed, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSPCLOCK", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSPCLOCK") returned 42 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSPCLOCK", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] RegCloseKey (hKey=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xee, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSPQM", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSPQM") returned 39 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSPQM", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] RegCloseKey (hKey=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xef, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MsRPC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MsRPC") returned 39 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MsRPC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] RegCloseKey (hKey=0x264) returned 0x0 [0128.521] SetLastError (dwErrCode=0x0) [0128.521] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSSCNTRS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.521] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSSCNTRS") returned 42 [0128.521] SetLastError (dwErrCode=0x0) [0128.522] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSSCNTRS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.522] RegCloseKey (hKey=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] GetLastError () returned 0x0 [0128.522] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mssmbios", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.522] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mssmbios") returned 42 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mssmbios", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.522] RegCloseKey (hKey=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSTEE", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.522] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSTEE") returned 39 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSTEE", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.522] RegCloseKey (hKey=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MTConfig", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.522] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MTConfig") returned 42 [0128.522] SetLastError (dwErrCode=0x0) [0128.522] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MTConfig", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.522] SetLastError (dwErrCode=0x0) [0128.523] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] RegCloseKey (hKey=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mup", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Mup") returned 37 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Mup", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] RegCloseKey (hKey=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mvumis", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mvumis") returned 40 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mvumis", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] RegCloseKey (hKey=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="napagent", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\napagent") returned 42 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\napagent", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.523] RegCloseKey (hKey=0x264) returned 0x0 [0128.523] SetLastError (dwErrCode=0x0) [0128.523] GetLastError () returned 0x0 [0128.523] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NativeWifiP", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NativeWifiP") returned 45 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NativeWifiP", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] RegCloseKey (hKey=0x264) returned 0x0 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NcaSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NcaSvc") returned 40 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NcaSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] RegCloseKey (hKey=0x264) returned 0x0 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xf9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NcbService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NcbService") returned 44 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NcbService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] RegCloseKey (hKey=0x264) returned 0x0 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xfa, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NcdAutoSetup", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.524] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NcdAutoSetup") returned 46 [0128.524] SetLastError (dwErrCode=0x0) [0128.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NcdAutoSetup", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.525] RegCloseKey (hKey=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xfb, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ndfltr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.525] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ndfltr") returned 40 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ndfltr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.525] RegCloseKey (hKey=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xfc, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NDIS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.525] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NDIS") returned 38 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NDIS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.525] RegCloseKey (hKey=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xfd, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisCap", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.525] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisCap") returned 41 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisCap", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.525] SetLastError (dwErrCode=0x0) [0128.525] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] RegCloseKey (hKey=0x264) returned 0x0 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xfe, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisImPlatform", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisImPlatform") returned 48 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisImPlatform", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] RegCloseKey (hKey=0x264) returned 0x0 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegEnumKeyExW (in: hKey=0x260, dwIndex=0xff, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisTapi", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisTapi") returned 42 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisTapi", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] RegCloseKey (hKey=0x264) returned 0x0 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x100, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Ndisuio", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Ndisuio") returned 41 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Ndisuio", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.526] SetLastError (dwErrCode=0x0) [0128.526] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.526] RegCloseKey (hKey=0x264) returned 0x0 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x101, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisVirtualBus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.527] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisVirtualBus") returned 48 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisVirtualBus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.527] RegCloseKey (hKey=0x264) returned 0x0 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x102, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisWan", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.527] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisWan") returned 41 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisWan", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.527] RegCloseKey (hKey=0x264) returned 0x0 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x103, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ndiswanlegacy", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.527] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ndiswanlegacy") returned 47 [0128.527] SetLastError (dwErrCode=0x0) [0128.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ndiswanlegacy", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.527] SetLastError (dwErrCode=0x0) [0128.528] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.528] RegCloseKey (hKey=0x264) returned 0x0 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x104, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ndproxy", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.528] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ndproxy") returned 41 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ndproxy", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.528] RegCloseKey (hKey=0x264) returned 0x0 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x105, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Ndu", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.528] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Ndu") returned 37 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Ndu", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.528] RegCloseKey (hKey=0x264) returned 0x0 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x106, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetBIOS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.528] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetBIOS") returned 41 [0128.528] SetLastError (dwErrCode=0x0) [0128.528] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetBIOS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] RegCloseKey (hKey=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x107, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetbiosSmb", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetbiosSmb") returned 44 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetbiosSmb", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] RegCloseKey (hKey=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] GetLastError () returned 0x0 [0128.529] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x108, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetBT", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetBT") returned 39 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetBT", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] RegCloseKey (hKey=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x109, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netlogon", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Netlogon") returned 42 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Netlogon", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.529] RegCloseKey (hKey=0x264) returned 0x0 [0128.529] SetLastError (dwErrCode=0x0) [0128.529] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netman", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Netman") returned 40 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Netman", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] RegCloseKey (hKey=0x264) returned 0x0 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="netprofm", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\netprofm") returned 42 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\netprofm", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] RegCloseKey (hKey=0x264) returned 0x0 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetSetupSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetSetupSvc") returned 45 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetSetupSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] RegCloseKey (hKey=0x264) returned 0x0 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetTcpPortSharing", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.530] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetTcpPortSharing") returned 51 [0128.530] SetLastError (dwErrCode=0x0) [0128.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetTcpPortSharing", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] RegCloseKey (hKey=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="netvsc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\netvsc") returned 40 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\netvsc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] RegCloseKey (hKey=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x10f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NETVSCVFPP", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NETVSCVFPP") returned 44 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NETVSCVFPP", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] RegCloseKey (hKey=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x110, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NgcCtnrSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NgcCtnrSvc") returned 44 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NgcCtnrSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.531] RegCloseKey (hKey=0x264) returned 0x0 [0128.531] SetLastError (dwErrCode=0x0) [0128.531] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x111, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NgcSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.532] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NgcSvc") returned 40 [0128.532] SetLastError (dwErrCode=0x0) [0128.532] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NgcSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.532] SetLastError (dwErrCode=0x0) [0128.532] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.532] RegCloseKey (hKey=0x264) returned 0x0 [0128.532] SetLastError (dwErrCode=0x0) [0128.532] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x112, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NlaSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.532] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NlaSvc") returned 40 [0128.532] SetLastError (dwErrCode=0x0) [0128.532] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NlaSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.532] SetLastError (dwErrCode=0x0) [0128.533] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.533] RegCloseKey (hKey=0x264) returned 0x0 [0128.533] SetLastError (dwErrCode=0x0) [0128.533] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x113, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Npfs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.533] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Npfs") returned 38 [0128.533] SetLastError (dwErrCode=0x0) [0128.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Npfs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.533] SetLastError (dwErrCode=0x0) [0128.533] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.533] RegCloseKey (hKey=0x264) returned 0x0 [0128.533] SetLastError (dwErrCode=0x0) [0128.533] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x114, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="npsvctrig", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.533] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\npsvctrig") returned 43 [0128.533] SetLastError (dwErrCode=0x0) [0128.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\npsvctrig", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] RegCloseKey (hKey=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x115, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nsi", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nsi") returned 37 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nsi", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] RegCloseKey (hKey=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x116, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nsiproxy", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nsiproxy") returned 42 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nsiproxy", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] RegCloseKey (hKey=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x117, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NTDS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NTDS") returned 38 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NTDS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.534] RegCloseKey (hKey=0x264) returned 0x0 [0128.534] SetLastError (dwErrCode=0x0) [0128.534] GetLastError () returned 0x0 [0128.535] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x118, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NTFS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NTFS") returned 38 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NTFS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] RegCloseKey (hKey=0x264) returned 0x0 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x119, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Null", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Null") returned 38 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Null", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] RegCloseKey (hKey=0x264) returned 0x0 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nvraid", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nvraid") returned 40 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nvraid", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] RegCloseKey (hKey=0x264) returned 0x0 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nvstor", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.535] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nvstor") returned 40 [0128.535] SetLastError (dwErrCode=0x0) [0128.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nvstor", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] RegCloseKey (hKey=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nv_agp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nv_agp") returned 40 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nv_agp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] RegCloseKey (hKey=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneSyncSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc") returned 44 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] RegCloseKey (hKey=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneSyncSvc_Session1", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc_Session1") returned 53 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc_Session1", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.536] RegCloseKey (hKey=0x264) returned 0x0 [0128.536] SetLastError (dwErrCode=0x0) [0128.536] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x11f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ose64", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ose64") returned 39 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ose64", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] RegCloseKey (hKey=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x120, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="p2pimsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\p2pimsvc") returned 42 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\p2pimsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] RegCloseKey (hKey=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x121, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="p2psvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\p2psvc") returned 40 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\p2psvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] RegCloseKey (hKey=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x122, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Parport", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.537] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Parport") returned 41 [0128.537] SetLastError (dwErrCode=0x0) [0128.537] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Parport", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.537] SetLastError (dwErrCode=0x0) [0128.538] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] RegCloseKey (hKey=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x123, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="partmgr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\partmgr") returned 41 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\partmgr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] RegCloseKey (hKey=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x124, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PcaSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PcaSvc") returned 40 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PcaSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] RegCloseKey (hKey=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x125, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pci", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pci") returned 37 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pci", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] RegCloseKey (hKey=0x264) returned 0x0 [0128.538] SetLastError (dwErrCode=0x0) [0128.538] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x126, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pciide", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.538] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pciide") returned 40 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pciide", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] RegCloseKey (hKey=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x127, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pcmcia", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pcmcia") returned 40 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pcmcia", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] RegCloseKey (hKey=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x128, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pcw", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pcw") returned 37 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pcw", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] RegCloseKey (hKey=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x129, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pdc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pdc") returned 37 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pdc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.539] SetLastError (dwErrCode=0x0) [0128.539] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.539] RegCloseKey (hKey=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PEAUTH", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PEAUTH") returned 40 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PEAUTH", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] RegCloseKey (hKey=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerDistSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PeerDistSvc") returned 45 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PeerDistSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] RegCloseKey (hKey=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="percsas2i", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\percsas2i") returned 43 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\percsas2i", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] RegCloseKey (hKey=0x264) returned 0x0 [0128.540] SetLastError (dwErrCode=0x0) [0128.540] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="percsas3i", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.540] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\percsas3i") returned 43 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\percsas3i", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] RegCloseKey (hKey=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfDisk", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfDisk") returned 42 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfDisk", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] RegCloseKey (hKey=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] GetLastError () returned 0x0 [0128.541] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x12f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfHost", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfHost") returned 42 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfHost", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] RegCloseKey (hKey=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x130, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfNet", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfNet") returned 41 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfNet", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.541] SetLastError (dwErrCode=0x0) [0128.541] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.541] RegCloseKey (hKey=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] GetLastError () returned 0x0 [0128.542] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x131, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfOS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfOS") returned 40 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfOS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] RegCloseKey (hKey=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] GetLastError () returned 0x0 [0128.542] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x132, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfProc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfProc") returned 42 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfProc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] RegCloseKey (hKey=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] GetLastError () returned 0x0 [0128.542] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x133, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PimIndexMaintenanceSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc") returned 56 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] RegCloseKey (hKey=0x264) returned 0x0 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x134, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PimIndexMaintenanceSvc_Session1", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.542] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc_Session1") returned 65 [0128.542] SetLastError (dwErrCode=0x0) [0128.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc_Session1", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] RegCloseKey (hKey=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x135, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pla", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pla") returned 37 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pla", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] RegCloseKey (hKey=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x136, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PlugPlay", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PlugPlay") returned 42 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PlugPlay", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] RegCloseKey (hKey=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x137, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PNRPAutoReg", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PNRPAutoReg") returned 45 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PNRPAutoReg", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.543] SetLastError (dwErrCode=0x0) [0128.543] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.543] RegCloseKey (hKey=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x138, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PNRPsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.544] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PNRPsvc") returned 41 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PNRPsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.544] RegCloseKey (hKey=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x139, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PolicyAgent", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.544] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PolicyAgent") returned 45 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PolicyAgent", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.544] RegCloseKey (hKey=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PortProxy", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.544] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PortProxy") returned 43 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PortProxy", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.544] RegCloseKey (hKey=0x264) returned 0x0 [0128.544] SetLastError (dwErrCode=0x0) [0128.544] GetLastError () returned 0x0 [0128.544] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Power", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Power") returned 39 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Power", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] RegCloseKey (hKey=0x264) returned 0x0 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PptpMiniport", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PptpMiniport") returned 46 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PptpMiniport", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] RegCloseKey (hKey=0x264) returned 0x0 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PrintNotify", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PrintNotify") returned 45 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PrintNotify", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] RegCloseKey (hKey=0x264) returned 0x0 [0128.545] SetLastError (dwErrCode=0x0) [0128.545] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Processor", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.545] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Processor") returned 43 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Processor", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.546] RegCloseKey (hKey=0x264) returned 0x0 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x13f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ProfSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.546] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ProfSvc") returned 41 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ProfSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.546] RegCloseKey (hKey=0x264) returned 0x0 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x140, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Psched", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.546] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Psched") returned 40 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Psched", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.546] RegCloseKey (hKey=0x264) returned 0x0 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x141, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="QWAVE", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.546] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\QWAVE") returned 39 [0128.546] SetLastError (dwErrCode=0x0) [0128.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\QWAVE", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.547] RegCloseKey (hKey=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x142, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="QWAVEdrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.547] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\QWAVEdrv") returned 42 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\QWAVEdrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.547] RegCloseKey (hKey=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x143, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasAcd", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.547] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasAcd") returned 40 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasAcd", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.547] RegCloseKey (hKey=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x144, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasAgileVpn", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.547] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasAgileVpn") returned 45 [0128.547] SetLastError (dwErrCode=0x0) [0128.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasAgileVpn", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.547] SetLastError (dwErrCode=0x0) [0128.548] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.548] RegCloseKey (hKey=0x264) returned 0x0 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x145, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasAuto", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.548] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasAuto") returned 41 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasAuto", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.548] RegCloseKey (hKey=0x264) returned 0x0 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x146, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Rasl2tp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.548] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Rasl2tp") returned 41 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Rasl2tp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.548] RegCloseKey (hKey=0x264) returned 0x0 [0128.548] SetLastError (dwErrCode=0x0) [0128.548] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x147, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasMan", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.548] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasMan") returned 40 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasMan", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.549] RegCloseKey (hKey=0x264) returned 0x0 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x148, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasPppoe", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.549] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasPppoe") returned 42 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasPppoe", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.549] RegCloseKey (hKey=0x264) returned 0x0 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x149, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasSstp", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.549] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasSstp") returned 41 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasSstp", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.549] RegCloseKey (hKey=0x264) returned 0x0 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Razerlow", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.549] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Razerlow") returned 42 [0128.549] SetLastError (dwErrCode=0x0) [0128.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Razerlow", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.550] RegCloseKey (hKey=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rdbss", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.550] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rdbss") returned 39 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rdbss", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.550] RegCloseKey (hKey=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDMANDK", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.550] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDMANDK") returned 41 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDMANDK", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.550] RegCloseKey (hKey=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] GetLastError () returned 0x0 [0128.550] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rdpbus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.550] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rdpbus") returned 40 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rdpbus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.550] SetLastError (dwErrCode=0x0) [0128.550] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] RegCloseKey (hKey=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDPDR", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDPDR") returned 39 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDPDR", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] RegCloseKey (hKey=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x14f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDPNP", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDPNP") returned 39 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDPNP", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] RegCloseKey (hKey=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x150, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDPUDD", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDPUDD") returned 40 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDPUDD", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.551] RegCloseKey (hKey=0x264) returned 0x0 [0128.551] SetLastError (dwErrCode=0x0) [0128.551] GetLastError () returned 0x0 [0128.552] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x151, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RdpVideoMiniport", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RdpVideoMiniport") returned 50 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RdpVideoMiniport", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] RegCloseKey (hKey=0x264) returned 0x0 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x152, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rdyboost", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rdyboost") returned 42 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rdyboost", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] RegCloseKey (hKey=0x264) returned 0x0 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x153, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ReFSv1", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ReFSv1") returned 40 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ReFSv1", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] RegCloseKey (hKey=0x264) returned 0x0 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x154, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RegFilter", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.552] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RegFilter") returned 43 [0128.552] SetLastError (dwErrCode=0x0) [0128.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RegFilter", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] RegCloseKey (hKey=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] GetLastError () returned 0x0 [0128.553] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x155, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RemoteAccess", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RemoteAccess") returned 46 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RemoteAccess", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] RegCloseKey (hKey=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x156, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RemoteRegistry", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RemoteRegistry") returned 48 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RemoteRegistry", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] RegCloseKey (hKey=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x157, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RetailDemo", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RetailDemo") returned 44 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RetailDemo", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.553] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.553] RegCloseKey (hKey=0x264) returned 0x0 [0128.553] SetLastError (dwErrCode=0x0) [0128.554] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x158, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RpcEptMapper", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RpcEptMapper") returned 46 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RpcEptMapper", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] RegCloseKey (hKey=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x159, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RpcLocator", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RpcLocator") returned 44 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RpcLocator", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] RegCloseKey (hKey=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RpcSs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RpcSs") returned 39 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RpcSs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] RegCloseKey (hKey=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rspndr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.554] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rspndr") returned 40 [0128.554] SetLastError (dwErrCode=0x0) [0128.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rspndr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.554] SetLastError (dwErrCode=0x0) [0128.555] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] RegCloseKey (hKey=0x264) returned 0x0 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="s3cap", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\s3cap") returned 39 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\s3cap", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] RegCloseKey (hKey=0x264) returned 0x0 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SamSs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SamSs") returned 39 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SamSs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] RegCloseKey (hKey=0x264) returned 0x0 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sbp2port", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sbp2port") returned 42 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sbp2port", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.555] SetLastError (dwErrCode=0x0) [0128.555] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.555] RegCloseKey (hKey=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x15f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SCardSvr", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SCardSvr") returned 42 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SCardSvr", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] RegCloseKey (hKey=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x160, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ScDeviceEnum", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ScDeviceEnum") returned 46 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ScDeviceEnum", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] RegCloseKey (hKey=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x161, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="scfilter", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\scfilter") returned 42 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\scfilter", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] RegCloseKey (hKey=0x264) returned 0x0 [0128.556] SetLastError (dwErrCode=0x0) [0128.556] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x162, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Schedule", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.556] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Schedule") returned 42 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Schedule", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.557] RegCloseKey (hKey=0x264) returned 0x0 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x163, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SCPolicySvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.557] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SCPolicySvc") returned 45 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SCPolicySvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.557] RegCloseKey (hKey=0x264) returned 0x0 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x164, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sdbus", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.557] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sdbus") returned 39 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sdbus", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.557] RegCloseKey (hKey=0x264) returned 0x0 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x165, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SDRSVC", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.557] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SDRSVC") returned 40 [0128.557] SetLastError (dwErrCode=0x0) [0128.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SDRSVC", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.558] RegCloseKey (hKey=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x166, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sdstor", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.558] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sdstor") returned 40 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sdstor", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.558] RegCloseKey (hKey=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x167, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="seclogon", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.558] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\seclogon") returned 42 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\seclogon", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.558] RegCloseKey (hKey=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x168, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SENS", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.558] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SENS") returned 38 [0128.558] SetLastError (dwErrCode=0x0) [0128.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SENS", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.558] SetLastError (dwErrCode=0x0) [0128.559] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.559] RegCloseKey (hKey=0x264) returned 0x0 [0128.559] SetLastError (dwErrCode=0x0) [0128.559] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x169, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SensorDataService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.559] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SensorDataService") returned 51 [0128.559] SetLastError (dwErrCode=0x0) [0128.559] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SensorDataService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.559] SetLastError (dwErrCode=0x0) [0128.559] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.559] RegCloseKey (hKey=0x264) returned 0x0 [0128.559] SetLastError (dwErrCode=0x0) [0128.559] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SensorService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.559] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SensorService") returned 47 [0128.559] SetLastError (dwErrCode=0x0) [0128.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SensorService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.560] RegCloseKey (hKey=0x264) returned 0x0 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SensrSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.560] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SensrSvc") returned 42 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SensrSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.560] RegCloseKey (hKey=0x264) returned 0x0 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SerCx", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.560] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SerCx") returned 39 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SerCx", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.560] RegCloseKey (hKey=0x264) returned 0x0 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SerCx2", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.560] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SerCx2") returned 40 [0128.560] SetLastError (dwErrCode=0x0) [0128.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SerCx2", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.561] RegCloseKey (hKey=0x264) returned 0x0 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Serenum", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.561] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Serenum") returned 41 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Serenum", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.561] RegCloseKey (hKey=0x264) returned 0x0 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x16f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Serial", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.561] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Serial") returned 40 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Serial", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.561] RegCloseKey (hKey=0x264) returned 0x0 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x170, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sermouse", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.561] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sermouse") returned 42 [0128.561] SetLastError (dwErrCode=0x0) [0128.561] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sermouse", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] RegCloseKey (hKey=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x171, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ServiceModelEndpoint 3.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ServiceModelEndpoint 3.0.0.0") returned 62 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ServiceModelEndpoint 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] RegCloseKey (hKey=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] GetLastError () returned 0x0 [0128.562] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x172, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ServiceModelOperation 3.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ServiceModelOperation 3.0.0.0") returned 63 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ServiceModelOperation 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] RegCloseKey (hKey=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] GetLastError () returned 0x0 [0128.562] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x173, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ServiceModelService 3.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ServiceModelService 3.0.0.0") returned 61 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ServiceModelService 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.562] SetLastError (dwErrCode=0x0) [0128.562] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.562] RegCloseKey (hKey=0x264) returned 0x0 [0128.563] SetLastError (dwErrCode=0x0) [0128.563] GetLastError () returned 0x0 [0128.563] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x174, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SessionEnv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.563] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SessionEnv") returned 44 [0128.563] SetLastError (dwErrCode=0x0) [0128.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SessionEnv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.563] SetLastError (dwErrCode=0x0) [0128.563] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.563] RegCloseKey (hKey=0x264) returned 0x0 [0128.563] SetLastError (dwErrCode=0x0) [0128.563] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x175, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sfloppy", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.563] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sfloppy") returned 41 [0128.563] SetLastError (dwErrCode=0x0) [0128.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sfloppy", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.563] SetLastError (dwErrCode=0x0) [0128.563] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.563] RegCloseKey (hKey=0x264) returned 0x0 [0128.563] SetLastError (dwErrCode=0x0) [0128.565] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x176, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SharedAccess", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.565] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SharedAccess") returned 46 [0128.565] SetLastError (dwErrCode=0x0) [0128.565] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SharedAccess", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.565] SetLastError (dwErrCode=0x0) [0128.565] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.565] RegCloseKey (hKey=0x264) returned 0x0 [0128.565] SetLastError (dwErrCode=0x0) [0128.565] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x177, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ShellHWDetection", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.565] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ShellHWDetection") returned 50 [0128.565] SetLastError (dwErrCode=0x0) [0128.565] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ShellHWDetection", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.565] SetLastError (dwErrCode=0x0) [0128.565] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.565] RegCloseKey (hKey=0x264) returned 0x0 [0128.565] SetLastError (dwErrCode=0x0) [0128.565] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x178, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SiSRaid2", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.565] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SiSRaid2") returned 42 [0128.565] SetLastError (dwErrCode=0x0) [0128.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SiSRaid2", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.566] RegCloseKey (hKey=0x264) returned 0x0 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x179, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SiSRaid4", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.566] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SiSRaid4") returned 42 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SiSRaid4", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.566] RegCloseKey (hKey=0x264) returned 0x0 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="smphost", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.566] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\smphost") returned 41 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\smphost", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.566] RegCloseKey (hKey=0x264) returned 0x0 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SmsRouter", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.566] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SmsRouter") returned 43 [0128.566] SetLastError (dwErrCode=0x0) [0128.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SmsRouter", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.567] RegCloseKey (hKey=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SMSvcHost 3.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.567] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 3.0.0.0") returned 51 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.567] RegCloseKey (hKey=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] GetLastError () returned 0x0 [0128.567] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SMSvcHost 4.0.0.0", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.567] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 4.0.0.0") returned 51 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 4.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.567] RegCloseKey (hKey=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] GetLastError () returned 0x0 [0128.567] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SNMPTRAP", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.567] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SNMPTRAP") returned 42 [0128.567] SetLastError (dwErrCode=0x0) [0128.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SNMPTRAP", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.567] SetLastError (dwErrCode=0x0) [0128.568] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] RegCloseKey (hKey=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x17f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="spaceport", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\spaceport") returned 43 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\spaceport", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] RegCloseKey (hKey=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x180, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SpbCx", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SpbCx") returned 39 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SpbCx", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] RegCloseKey (hKey=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x181, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Spooler", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Spooler") returned 41 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Spooler", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] RegCloseKey (hKey=0x264) returned 0x0 [0128.568] SetLastError (dwErrCode=0x0) [0128.568] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x182, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sppsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.568] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sppsvc") returned 40 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sppsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] RegCloseKey (hKey=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x183, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="srv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\srv") returned 37 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\srv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] RegCloseKey (hKey=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x184, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="srv2", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\srv2") returned 38 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\srv2", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] RegCloseKey (hKey=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x185, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="srvnet", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\srvnet") returned 40 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\srvnet", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.569] SetLastError (dwErrCode=0x0) [0128.569] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.569] RegCloseKey (hKey=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x186, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SSDPSRV", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.570] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SSDPSRV") returned 41 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SSDPSRV", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.570] RegCloseKey (hKey=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x187, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SstpSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.570] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SstpSvc") returned 41 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SstpSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.570] RegCloseKey (hKey=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x188, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="StateRepository", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.570] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\StateRepository") returned 49 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\StateRepository", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.570] RegCloseKey (hKey=0x264) returned 0x0 [0128.570] SetLastError (dwErrCode=0x0) [0128.570] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x189, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="stexstor", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.571] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\stexstor") returned 42 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\stexstor", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.571] RegCloseKey (hKey=0x264) returned 0x0 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="stisvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.571] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\stisvc") returned 40 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\stisvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.571] RegCloseKey (hKey=0x264) returned 0x0 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storahci", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.571] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storahci") returned 42 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storahci", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.571] RegCloseKey (hKey=0x264) returned 0x0 [0128.571] SetLastError (dwErrCode=0x0) [0128.571] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storflt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storflt") returned 41 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storflt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] RegCloseKey (hKey=0x264) returned 0x0 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="stornvme", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\stornvme") returned 42 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\stornvme", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] RegCloseKey (hKey=0x264) returned 0x0 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storqosflt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storqosflt") returned 44 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storqosflt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] RegCloseKey (hKey=0x264) returned 0x0 [0128.572] SetLastError (dwErrCode=0x0) [0128.572] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x18f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="StorSvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.572] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\StorSvc") returned 41 [0128.572] SetLastError (dwErrCode=0x0) [0128.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\StorSvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.573] RegCloseKey (hKey=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x190, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storufs", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.573] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storufs") returned 41 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storufs", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.573] RegCloseKey (hKey=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x191, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storvsc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.573] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storvsc") returned 41 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storvsc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.573] RegCloseKey (hKey=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x192, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="svsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.573] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\svsvc") returned 39 [0128.573] SetLastError (dwErrCode=0x0) [0128.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\svsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.573] SetLastError (dwErrCode=0x0) [0128.574] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] RegCloseKey (hKey=0x264) returned 0x0 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x193, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="swenum", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\swenum") returned 40 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\swenum", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] RegCloseKey (hKey=0x264) returned 0x0 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x194, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="swprv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\swprv") returned 39 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\swprv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] RegCloseKey (hKey=0x264) returned 0x0 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x195, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Synth3dVsc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Synth3dVsc") returned 44 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Synth3dVsc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.574] SetLastError (dwErrCode=0x0) [0128.574] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.574] RegCloseKey (hKey=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x196, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SysMain", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.575] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SysMain") returned 41 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SysMain", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.575] RegCloseKey (hKey=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x197, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemEventsBroker", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.575] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SystemEventsBroker") returned 52 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SystemEventsBroker", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.575] RegCloseKey (hKey=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x198, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TabletInputService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.575] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TabletInputService") returned 52 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TabletInputService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.575] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.575] RegCloseKey (hKey=0x264) returned 0x0 [0128.575] SetLastError (dwErrCode=0x0) [0128.576] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x199, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TapiSrv", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TapiSrv") returned 41 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TapiSrv", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] RegCloseKey (hKey=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19a, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Tcpip", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Tcpip") returned 39 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Tcpip", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] RegCloseKey (hKey=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19b, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Tcpip6", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Tcpip6") returned 40 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Tcpip6", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] RegCloseKey (hKey=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19c, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TCPIP6TUNNEL", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.576] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TCPIP6TUNNEL") returned 46 [0128.576] SetLastError (dwErrCode=0x0) [0128.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TCPIP6TUNNEL", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.576] SetLastError (dwErrCode=0x0) [0128.577] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] RegCloseKey (hKey=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19d, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tcpipreg", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tcpipreg") returned 42 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tcpipreg", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] RegCloseKey (hKey=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19e, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TCPIPTUNNEL", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TCPIPTUNNEL") returned 45 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TCPIPTUNNEL", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] RegCloseKey (hKey=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x19f, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tdx", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tdx") returned 37 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tdx", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] RegCloseKey (hKey=0x264) returned 0x0 [0128.577] SetLastError (dwErrCode=0x0) [0128.577] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a0, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="terminpt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.577] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\terminpt") returned 42 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\terminpt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] RegCloseKey (hKey=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a1, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TermService", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TermService") returned 45 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TermService", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] RegCloseKey (hKey=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a2, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Themes", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Themes") returned 40 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Themes", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] RegCloseKey (hKey=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a3, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tiledatamodelsvc", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tiledatamodelsvc") returned 50 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tiledatamodelsvc", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.578] SetLastError (dwErrCode=0x0) [0128.578] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.578] RegCloseKey (hKey=0x264) returned 0x0 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a4, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TimeBroker", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.579] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TimeBroker") returned 44 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TimeBroker", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.579] RegCloseKey (hKey=0x264) returned 0x0 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a5, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TPM", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.579] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TPM") returned 37 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TPM", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.579] RegCloseKey (hKey=0x264) returned 0x0 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a6, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TrkWks", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.579] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TrkWks") returned 40 [0128.579] SetLastError (dwErrCode=0x0) [0128.579] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TrkWks", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.579] SetLastError (dwErrCode=0x0) [0128.580] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.580] RegCloseKey (hKey=0x264) returned 0x0 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a7, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TrustedInstaller", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.580] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TrustedInstaller") returned 50 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TrustedInstaller", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.580] RegCloseKey (hKey=0x264) returned 0x0 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a8, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TSDDD", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.580] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TSDDD") returned 39 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TSDDD", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.580] RegCloseKey (hKey=0x264) returned 0x0 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] GetLastError () returned 0x0 [0128.580] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1a9, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TsUsbFlt", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.580] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TsUsbFlt") returned 42 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TsUsbFlt", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.580] SetLastError (dwErrCode=0x0) [0128.580] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.581] RegCloseKey (hKey=0x264) returned 0x0 [0128.581] SetLastError (dwErrCode=0x0) [0128.581] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1aa, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TsUsbGD", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.581] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TsUsbGD") returned 41 [0128.581] SetLastError (dwErrCode=0x0) [0128.581] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TsUsbGD", ulOptions=0x0, samDesired=0x101, phkResult=0x142ef5c | out: phkResult=0x142ef5c*=0x264) returned 0x0 [0128.581] SetLastError (dwErrCode=0x0) [0128.581] RegQueryInfoKeyW (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.581] RegCloseKey (hKey=0x264) returned 0x0 [0128.581] SetLastError (dwErrCode=0x0) [0128.581] RegEnumKeyExW (in: hKey=0x260, dwIndex=0x1ab, lpName=0x142f794, lpcchName=0x142f9ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tunnel", lpcchName=0x142f9ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.581] wvnsprintfW (in: pszDest=0x142f58c, cchDest=259, pszFmt="%s\\%s", arglist=0x142ef60 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tunnel") returned 40 [0128.581] SetLastError (dwErrCode=0x0) [0128.584] RegQueryInfoKeyA (in: hKey=0x260, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0xf, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.584] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.585] SetLastError (dwErrCode=0x0) [0128.585] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x98, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.586] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.586] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1194, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0xb, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x16, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.587] SetLastError (dwErrCode=0x0) [0128.587] RegQueryInfoKeyA (in: hKey=0x260, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0xf, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.588] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.588] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x98, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x1194, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.589] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0xb, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.589] SetLastError (dwErrCode=0x0) [0128.590] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.590] SetLastError (dwErrCode=0x0) [0128.590] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.590] SetLastError (dwErrCode=0x0) [0128.590] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x142ef58*=0x16, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.590] SetLastError (dwErrCode=0x0) [0128.590] RegQueryInfoKeyA (in: hKey=0x264, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x142ef58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x142ef58*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0128.590] SetLastError (dwErrCode=0x0) [0128.590] GetWindowsDirectoryW (in: lpBuffer=0x142f7c0, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0128.590] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"" [0128.590] CharLowerBuffW (in: lpsz="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"", cchLength=0x2a | out: lpsz="\"c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe\"") returned 0x2a [0128.590] CommandLineToArgvW (in: lpCmdLine="\"c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe\"", pNumArgs=0x142f9cc | out: pNumArgs=0x142f9cc) returned 0x164e400*="c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe" [0128.590] LocalFree (hMem=0x164e400) returned 0x0 [0128.590] StrStrIW (lpFirst="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe", lpSrch="_1.exe") returned 0x0 [0128.590] lstrcmpiW (lpString1="urkotu.exe", lpString2="setup.exe") returned 1 [0128.590] lstrcmpiW (lpString1="urkotu.exe", lpString2="update.exe") returned 1 [0128.590] GetTickCount () returned 0x2d22b [0128.590] GetCurrentThreadId () returned 0x744 [0128.590] RtlRandom (in: Seed=0x142f988 | out: Seed=0x142f988) returned 0xfb4c791c [0128.590] Sleep (dwMilliseconds=0x9c) [0128.892] wvnsprintfA (in: pszDest=0x142f9ac, cchDest=2147483647, pszFmt="%08x", arglist=0x142f990 | out: pszDest="11671243") returned 8 [0128.892] SetLastError (dwErrCode=0x0) [0128.893] wvnsprintfA (in: pszDest=0x142f758, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142f740 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_I:11671243_v1$") returned 60 [0128.893] SetLastError (dwErrCode=0x0) [0128.893] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_I:11671243_v1$") returned 0x0 [0128.893] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1657af0, dwRevision=0x1 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.893] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1657af0, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.893] GetLastError () returned 0x2 [0128.893] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1657af0, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1657af0) returned 1 [0128.893] GetLastError () returned 0x2 [0128.893] SetLastError (dwErrCode=0x2) [0128.893] CreateEventA (lpEventAttributes=0x142f854, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_I:11671243_v1$") returned 0x260 [0128.893] GetLastError () returned 0x0 [0128.893] SetLastError (dwErrCode=0x0) [0128.893] CsrGetProcessId () returned 0x1a0 [0128.893] wvnsprintfA (in: pszDest=0x142f580, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f468 | out: pszDest="CG1CG1_11980343") returned 15 [0128.893] SetLastError (dwErrCode=0x0) [0128.893] wvnsprintfA (in: pszDest=0x142f480, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f464 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0128.893] SetLastError (dwErrCode=0x0) [0128.893] wvnsprintfA (in: pszDest=0x142f824, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f700 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0128.893] SetLastError (dwErrCode=0x0) [0128.893] wvnsprintfA (in: pszDest=0x142f690, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f578 | out: pszDest="LSFLSF_11980343") returned 15 [0128.893] SetLastError (dwErrCode=0x0) [0128.893] wvnsprintfA (in: pszDest=0x142f590, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f574 | out: pszDest="cb7bbbee06636e535c7c377204c5eb13") returned 32 [0128.893] SetLastError (dwErrCode=0x0) [0128.894] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f824, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0128.894] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0x142f804 | out: phkResult=0x142f804*=0x0) returned 0x2 [0128.894] SetLastError (dwErrCode=0x2) [0128.894] SetLastError (dwErrCode=0x2) [0128.894] SetLastError (dwErrCode=0x2) [0128.894] GetLastError () returned 0x2 [0128.894] SetLastError (dwErrCode=0x2) [0128.894] wvnsprintfA (in: pszDest=0x142f580, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f468 | out: pszDest="CG1CG1_11980343") returned 15 [0128.894] SetLastError (dwErrCode=0x0) [0128.894] wvnsprintfA (in: pszDest=0x142f480, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f464 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0128.894] SetLastError (dwErrCode=0x0) [0128.894] wvnsprintfA (in: pszDest=0x142f824, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f700 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0128.894] SetLastError (dwErrCode=0x0) [0128.894] wvnsprintfA (in: pszDest=0x142f690, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f578 | out: pszDest="LMSFLMSF_11980343") returned 17 [0128.894] SetLastError (dwErrCode=0x0) [0128.894] wvnsprintfA (in: pszDest=0x142f590, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f574 | out: pszDest="ee74df35871eda7df7d8fe6f1c5f8ba5") returned 32 [0128.894] SetLastError (dwErrCode=0x0) [0128.894] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f824, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0128.894] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0x142f804 | out: phkResult=0x142f804*=0x0) returned 0x2 [0128.894] SetLastError (dwErrCode=0x2) [0128.894] SetLastError (dwErrCode=0x2) [0128.894] SetLastError (dwErrCode=0x2) [0128.894] GetLastError () returned 0x2 [0128.894] SetLastError (dwErrCode=0x2) [0128.894] wvnsprintfA (in: pszDest=0x142f588, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f470 | out: pszDest="CG1CG1_11980343") returned 15 [0128.894] SetLastError (dwErrCode=0x0) [0128.895] wvnsprintfA (in: pszDest=0x142f488, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f46c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0128.895] SetLastError (dwErrCode=0x0) [0128.895] wvnsprintfA (in: pszDest=0x142f82c, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142f708 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0128.895] SetLastError (dwErrCode=0x0) [0128.895] wvnsprintfA (in: pszDest=0x142f698, cchDest=255, pszFmt="%s%s_%p", arglist=0x142f580 | out: pszDest="LISFLISF_11980343") returned 17 [0128.895] SetLastError (dwErrCode=0x0) [0128.895] wvnsprintfA (in: pszDest=0x142f598, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142f57c | out: pszDest="41f5ddd483f58c61f8166d82114eead6") returned 32 [0128.895] SetLastError (dwErrCode=0x0) [0128.895] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142f82c, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0128.895] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0x142f80c | out: phkResult=0x142f80c*=0x0) returned 0x2 [0128.895] SetLastError (dwErrCode=0x2) [0128.895] SetLastError (dwErrCode=0x2) [0128.895] SetLastError (dwErrCode=0x2) [0128.895] GetLastError () returned 0x2 [0128.895] SetLastError (dwErrCode=0x2) [0128.895] GetShellWindow () returned 0x100c8 [0128.895] IsWindow (hWnd=0x100c8) returned 1 [0128.895] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0x142f764 | out: lpdwProcessId=0x142f764) returned 0x55c [0128.895] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x0, ProcessInformation=0x142f984, ProcessInformationLength=0x18, ReturnLength=0x142f99c | out: ProcessInformation=0x142f984, ReturnLength=0x142f99c) returned 0x0 [0128.896] NtOpenProcess (in: ProcessHandle=0x142f75c, DesiredAccess=0x400, ObjectAttributes=0x142f73c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x142f754*(UniqueProcess=0x858, UniqueThread=0x0) | out: ProcessHandle=0x142f75c*=0x0) returned 0xc000000b [0128.896] RtlNtStatusToDosError (Status=0xc000000b) returned 0x57 [0128.896] SetLastError (dwErrCode=0x57) [0128.896] SetLastError (dwErrCode=0x0) [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3100000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3100000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x66000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3100400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3100000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x66000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3100800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3100000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x66000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3100c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3100000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x66000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.896] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ac00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310bc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310cc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310dc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ec00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.897] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310fc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.898] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ac00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311bc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311cc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311dc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.899] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ec00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311fc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3120000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3120000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x46000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3120400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3120000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x46000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3120800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3120000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x46000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3120c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3120000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x46000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3121000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3121000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x45000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3121400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3121000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x45000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3121800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3121000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x45000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3121c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3121000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x45000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3122000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3122000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x44000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3122400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3122000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x44000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3122800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3122000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x44000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3122c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3122000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x44000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3123000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3123000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x43000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3123400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3123000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x43000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3123800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3123000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x43000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3123c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3123000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x43000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3124000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3124000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x42000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3124400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3124000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x42000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3124800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3124000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x42000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3124c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3124000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x42000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3125000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3125000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x41000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3125400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3125000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x41000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3125800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3125000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x41000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3125c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3125000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x41000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.900] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3126000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3126000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x40000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3126400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3126000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x40000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3126800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3126000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x40000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3126c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3126000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x40000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3127000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3127000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3127400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3127000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3127800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3127000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3127c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3127000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3128000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3128000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3128400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3128000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3128800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3128000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3128c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3128000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3129000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3129000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3129400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3129000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3129800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3129000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3129c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3129000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312a000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312a400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312a800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312ac00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312b000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312b400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312b800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312bc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312c000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312c400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312c800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312cc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x3a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312d000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x39000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312d400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x39000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.901] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312d800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x39000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312dc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x39000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312e000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x38000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312e400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x38000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312e800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x38000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312ec00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x38000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312f000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x37000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312f400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x37000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312f800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x37000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x312fc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x312f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x37000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3130000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3130000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x36000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3130400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3130000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x36000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3130800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3130000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x36000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3130c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3130000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x36000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3131000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3131000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x35000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3131400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3131000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x35000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3131800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3131000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x35000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3131c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3131000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x35000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3132000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3132000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x34000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3132400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3132000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x34000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3132800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3132000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x34000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3132c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3132000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x34000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3133000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3133000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x33000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3133400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3133000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x33000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3133800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3133000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x33000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3133c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3133000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x33000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3134000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3134000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x32000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3134400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3134000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x32000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3134800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3134000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x32000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3134c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3134000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x32000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3135000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3135000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x31000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3135400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3135000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x31000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3135800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3135000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x31000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.902] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3135c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3135000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x31000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3136000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3136000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x30000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3136400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3136000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x30000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3136800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3136000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x30000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3136c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3136000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x30000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3137000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3137000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3137400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3137000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3137800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3137000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3137c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3137000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3138000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3138000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3138400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3138000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3138800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3138000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3138c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3138000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3139000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3139000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3139400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3139000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3139800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3139000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3139c00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x3139000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313a000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313a400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313a800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313ac00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313b000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313b400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313b800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313bc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313c000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313c400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313c800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313cc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x2a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313d000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x29000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313d400, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x29000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313d800, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x29000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313dc00, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x29000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.903] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x313e000, lpBuffer=0x142f930, dwLength=0x1c | out: lpBuffer=0x142f930*(BaseAddress=0x313e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x28000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0128.904] GetTickCount () returned 0x2d363 [0128.904] GetCurrentThreadId () returned 0x744 [0128.904] RtlRandom (in: Seed=0x142e8a4 | out: Seed=0x142e8a4) returned 0x804c13c4 [0128.904] GetTickCount () returned 0x2d363 [0128.904] GetCurrentThreadId () returned 0x744 [0128.904] RtlRandom (in: Seed=0x142e880 | out: Seed=0x142e880) returned 0xa29fbbf [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x88bfc9d0 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x8e6962e0 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0xfb1f38ed [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0xcad66603 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0xf1529239 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x82fc01ab [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x9775ac67 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0xd29819b2 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x66704c05 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x4f225e18 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x41cc8836 [0128.904] RtlRandom (in: Seed=0x142e89c | out: Seed=0x142e89c) returned 0x40fcb6d8 [0128.904] SetFileAttributesW (lpFileName="C:\\ProgramData", dwFileAttributes=0x80) returned 1 [0128.905] PathAppendW (in: pszPath="C:\\ProgramData", pMore="Task Protect 2.3" | out: pszPath="C:\\ProgramData\\Task Protect 2.3") returned 1 [0128.905] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3" (normalized: "c:\\programdata\\task protect 2.3")) returned 0xffffffff [0128.905] CreateDirectoryW (lpPathName="C:\\ProgramData\\Task Protect 2.3" (normalized: "c:\\programdata\\task protect 2.3"), lpSecurityAttributes=0x0) returned 1 [0128.905] Sleep (dwMilliseconds=0x14) [0128.939] GetTickCount () returned 0x2d392 [0128.939] GetCurrentThreadId () returned 0x744 [0128.939] RtlRandom (in: Seed=0x142e5c0 | out: Seed=0x142e5c0) returned 0x727e93f [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0xa64df39c [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0x6571e5e9 [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0xdbc375e1 [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0xf5d771e [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0x16bdb4d4 [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0xb1803d5a [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0xbf32ecb7 [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0x6da331c5 [0128.939] RtlRandom (in: Seed=0x142e5dc | out: Seed=0x142e5dc) returned 0x90cd83b2 [0128.939] PathAppendW (in: pszPath="C:\\ProgramData\\Task Protect 2.3", pMore="kttkyovpa.txt" | out: pszPath="C:\\ProgramData\\Task Protect 2.3\\kttkyovpa.txt") returned 1 [0128.939] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3", dwFileAttributes=0x80) returned 1 [0128.939] CreateFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\kttkyovpa.txt" (normalized: "c:\\programdata\\task protect 2.3\\kttkyovpa.txt"), dwDesiredAccess=0x2, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0128.941] CloseHandle (hObject=0x264) returned 1 [0128.941] Sleep (dwMilliseconds=0x14) [0128.970] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\kttkyovpa.txt", dwFileAttributes=0x80) returned 1 [0128.970] DeleteFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\kttkyovpa.txt" (normalized: "c:\\programdata\\task protect 2.3\\kttkyovpa.txt")) returned 1 [0128.971] PathAppendW (in: pszPath="C:\\ProgramData", pMore="Task Protect 2.3" | out: pszPath="C:\\ProgramData\\Task Protect 2.3") returned 1 [0128.971] PathRemoveFileSpecW (in: pszPath="C:\\ProgramData\\Task Protect 2.3" | out: pszPath="C:\\ProgramData") returned 1 [0128.971] SetFileAttributesW (lpFileName="C:\\ProgramData", dwFileAttributes=0x2006) returned 1 [0128.971] PathAppendW (in: pszPath="C:\\ProgramData\\Task Protect 2.3", pMore="ws97995e1qms.exe" | out: pszPath="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0128.972] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3" (normalized: "c:\\programdata\\task protect 2.3")) returned 0x10 [0128.972] GetNamedSecurityInfoW () returned 0x0 [0128.972] GetAclInformation (in: pAcl=0x164d81c, pAclInformation=0x142e868, nAclInformationLength=0xc, dwAclInformationClass=0x2 | out: pAclInformation=0x142e868) returned 1 [0128.972] GetExplicitEntriesFromAclA () returned 0x0 [0128.992] LocalFree (hMem=0x164d808) returned 0x0 [0128.992] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3", dwFileAttributes=0x80) returned 1 [0128.993] Sleep (dwMilliseconds=0x64) [0129.095] MoveFileExW (lpExistingFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\urkotu.exe"), lpNewFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe"), dwFlags=0xb) returned 1 [0129.097] PathRemoveFileSpecW (in: pszPath="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" | out: pszPath="C:\\ProgramData\\Task Protect 2.3") returned 1 [0129.098] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3", dwFileAttributes=0x2006) returned 1 [0129.098] wvnsprintfW (in: pszDest=0x142e6a0, cchDest=259, pszFmt="%s:Zone.Identifier", arglist=0x142e69c | out: pszDest="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe:Zone.Identifier") returned 64 [0129.098] SetLastError (dwErrCode=0x0) [0129.098] DeleteFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe:Zone.Identifier" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe:zone.identifier")) returned 0 [0129.098] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", dwFileAttributes=0x2003) returned 1 [0129.099] wvnsprintfA (in: pszDest=0x142e254, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e13c | out: pszDest="CG1CG1_11980343") returned 15 [0129.099] SetLastError (dwErrCode=0x0) [0129.099] wvnsprintfA (in: pszDest=0x142e154, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e138 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.099] SetLastError (dwErrCode=0x0) [0129.099] wvnsprintfA (in: pszDest=0x142e708, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e3d4 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.099] SetLastError (dwErrCode=0x0) [0129.099] wvnsprintfA (in: pszDest=0x142e368, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e250 | out: pszDest="HALHAL_11980343") returned 15 [0129.099] SetLastError (dwErrCode=0x0) [0129.099] wvnsprintfA (in: pszDest=0x142e268, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e24c | out: pszDest="66dfeeb3f4c63abca14d7183f483c6ab") returned 32 [0129.099] SetLastError (dwErrCode=0x0) [0129.099] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e708, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.099] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x142e4d8, lpdwDisposition=0x0 | out: phkResult=0x142e4d8*=0x268, lpdwDisposition=0x0) returned 0x0 [0129.100] SetLastError (dwErrCode=0x0) [0129.100] SetLastError (dwErrCode=0x0) [0129.100] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e80c, cbMultiByte=19, lpWideCharStr=0x16410c0, cchWideChar=19 | out: lpWideCharStr="66dfeeb3f4c63abca14") returned 19 [0129.100] RtlInitUnicodeString (in: DestinationString=0x142e474, SourceString="66dfeeb3f4c63abca14" | out: DestinationString="66dfeeb3f4c63abca14") [0129.100] NtSetValueKey (in: KeyHandle=0x268, ValueName="66dfeeb3f4c63abca14", TitleIndex=0x0, Type=0x3, Data=0x142f9c4*, DataSize=0x4 | out: Data=0x142f9c4*) returned 0x0 [0129.100] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0129.100] SetLastError (dwErrCode=0x0) [0129.100] RegCloseKey (hKey=0x268) returned 0x0 [0129.100] SetLastError (dwErrCode=0x0) [0129.100] GetLastError () returned 0x0 [0129.100] SetLastError (dwErrCode=0x0) [0129.100] wvnsprintfW (in: pszDest=0x142ed50, cchDest=2147483647, pszFmt="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\%s", arglist=0x142e8ac | out: pszDest="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe") returned 90 [0129.100] SetLastError (dwErrCode=0x0) [0129.100] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x142e898, lpdwDisposition=0x0 | out: phkResult=0x142e898*=0x268, lpdwDisposition=0x0) returned 0x0 [0129.101] SetLastError (dwErrCode=0x0) [0129.101] RtlInitUnicodeString (in: DestinationString=0x142e864, SourceString="DisableExceptionChainValidation" | out: DestinationString="DisableExceptionChainValidation") [0129.101] NtSetValueKey (in: KeyHandle=0x268, ValueName="DisableExceptionChainValidation", TitleIndex=0x0, Type=0x1, Data="", DataSize=0x2 | out: Data="") returned 0x0 [0129.101] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0129.101] SetLastError (dwErrCode=0x0) [0129.101] RegCloseKey (hKey=0x268) returned 0x0 [0129.101] SetLastError (dwErrCode=0x0) [0129.101] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe", ulOptions=0x0, samDesired=0x40100, phkResult=0x142e898 | out: phkResult=0x142e898*=0x268) returned 0x0 [0129.101] SetLastError (dwErrCode=0x0) [0129.101] SetLastError (dwErrCode=0x0) [0129.101] GetSystemTime (in: lpSystemTime=0x142e898 | out: lpSystemTime=0x142e898*(wYear=0x7e3, wMonth=0x1, wDayOfWeek=0x2, wDay=0x8, wHour=0x9, wMinute=0x1a, wSecond=0x25, wMilliseconds=0x395)) [0129.101] GetLocalTime (in: lpSystemTime=0x142e888 | out: lpSystemTime=0x142e888*(wYear=0x7e3, wMonth=0x1, wDayOfWeek=0x2, wDay=0x8, wHour=0x14, wMinute=0x1a, wSecond=0x25, wMilliseconds=0x395)) [0129.101] wvnsprintfA (in: pszDest=0x142e330, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e218 | out: pszDest="CG1CG1_11980343") returned 15 [0129.101] SetLastError (dwErrCode=0x0) [0129.101] wvnsprintfA (in: pszDest=0x142e230, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e214 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.101] SetLastError (dwErrCode=0x0) [0129.102] wvnsprintfA (in: pszDest=0x142e6dc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4b0 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.102] SetLastError (dwErrCode=0x0) [0129.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6dc, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.102] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7e4, lpdwDisposition=0x0 | out: phkResult=0x142e7e4*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.102] SetLastError (dwErrCode=0x0) [0129.102] SetLastError (dwErrCode=0x0) [0129.102] wvnsprintfA (in: pszDest=0x142e670, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e558 | out: pszDest="BIDBID_11980343") returned 15 [0129.102] SetLastError (dwErrCode=0x0) [0129.102] wvnsprintfA (in: pszDest=0x142e570, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e554 | out: pszDest="9b98592ad9d152f816c9ebcc2161c827") returned 32 [0129.102] SetLastError (dwErrCode=0x0) [0129.102] RegQueryValueExA (in: hKey=0x264, lpValueName="9b98592ad9d1", lpReserved=0x0, lpType=0x142e88c, lpData=0x0, lpcbData=0x142e888*=0x0 | out: lpType=0x142e88c*=0x0, lpData=0x0, lpcbData=0x142e888*=0x0) returned 0x2 [0129.102] RegSetValueExA (in: hKey=0x264, lpValueName="9b98592ad9d1", Reserved=0x0, dwType=0x3, lpData=0x142f980*, cbData=0x12 | out: lpData=0x142f980*) returned 0x0 [0129.102] RegCloseKey (hKey=0x264) returned 0x0 [0129.102] wvnsprintfW (in: pszDest=0x142eac8, cchDest=2147483647, pszFmt="/%s ", arglist=0x142e8ac | out: pszDest="/ins ") returned 5 [0129.102] SetLastError (dwErrCode=0x0) [0129.102] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x142f9c0, nSize=0x3 | out: lpFilename="C:" (normalized: "c:")) returned 0x3 [0129.102] GetDriveTypeW (lpRootPathName="C:") returned 0x3 [0129.102] wvnsprintfA (in: pszDest=0x142e330, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e218 | out: pszDest="CG1CG1_11980343") returned 15 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] wvnsprintfA (in: pszDest=0x142e230, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e214 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] wvnsprintfA (in: pszDest=0x142e6dc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4b0 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6dc, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.103] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7e4, lpdwDisposition=0x0 | out: phkResult=0x142e7e4*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] SetLastError (dwErrCode=0x0) [0129.103] wvnsprintfA (in: pszDest=0x142e670, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e558 | out: pszDest="WAVKWAVK_11980343") returned 17 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] wvnsprintfA (in: pszDest=0x142e570, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e554 | out: pszDest="af65e3d3b62960f52a5774ed0ba2491f") returned 32 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] RegQueryValueExA (in: hKey=0x264, lpValueName="af65e3d3b62960", lpReserved=0x0, lpType=0x142e88c, lpData=0x0, lpcbData=0x142e888*=0x0 | out: lpType=0x142e88c*=0x0, lpData=0x0, lpcbData=0x142e888*=0x0) returned 0x2 [0129.103] RegSetValueExA (in: hKey=0x264, lpValueName="af65e3d3b62960", Reserved=0x0, dwType=0x3, lpData=0x142e890*, cbData=0x4 | out: lpData=0x142e890*) returned 0x0 [0129.103] RegCloseKey (hKey=0x264) returned 0x0 [0129.103] wvnsprintfA (in: pszDest=0x142e328, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e210 | out: pszDest="CG1CG1_11980343") returned 15 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] wvnsprintfA (in: pszDest=0x142e228, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e20c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] wvnsprintfA (in: pszDest=0x142e6d4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4a8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.103] SetLastError (dwErrCode=0x0) [0129.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6d4, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.104] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7dc, lpdwDisposition=0x0 | out: phkResult=0x142e7dc*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] SetLastError (dwErrCode=0x0) [0129.104] wvnsprintfA (in: pszDest=0x142e668, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e550 | out: pszDest="IOBPLIOBPL_11980343") returned 19 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] wvnsprintfA (in: pszDest=0x142e568, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e54c | out: pszDest="5615404c6cc999b57da844d60e7e9f1f") returned 32 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] RegQueryValueExA (in: hKey=0x264, lpValueName="5615404c6cc999b", lpReserved=0x0, lpType=0x142e884, lpData=0x0, lpcbData=0x142e880*=0x0 | out: lpType=0x142e884*=0x0, lpData=0x0, lpcbData=0x142e880*=0x0) returned 0x2 [0129.104] RegSetValueExA (in: hKey=0x264, lpValueName="5615404c6cc999b", Reserved=0x0, dwType=0x3, lpData=0x142e888*, cbData=0x4 | out: lpData=0x142e888*) returned 0x0 [0129.104] RegCloseKey (hKey=0x264) returned 0x0 [0129.104] wvnsprintfA (in: pszDest=0x142e328, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e210 | out: pszDest="CG1CG1_11980343") returned 15 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] wvnsprintfA (in: pszDest=0x142e228, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e20c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] wvnsprintfA (in: pszDest=0x142e6d4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4a8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6d4, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.104] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7dc, lpdwDisposition=0x0 | out: phkResult=0x142e7dc*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] SetLastError (dwErrCode=0x0) [0129.104] wvnsprintfA (in: pszDest=0x142e668, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e550 | out: pszDest="IOBSLIOBSL_11980343") returned 19 [0129.104] SetLastError (dwErrCode=0x0) [0129.104] wvnsprintfA (in: pszDest=0x142e568, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e54c | out: pszDest="0d12757fbbf31f79cb88af9b5bae91e5") returned 32 [0129.104] SetLastError (dwErrCode=0x0) [0129.105] RegQueryValueExA (in: hKey=0x264, lpValueName="0d12757fbbf3", lpReserved=0x0, lpType=0x142e884, lpData=0x0, lpcbData=0x142e880*=0x0 | out: lpType=0x142e884*=0x0, lpData=0x0, lpcbData=0x142e880*=0x0) returned 0x2 [0129.105] RegSetValueExA (in: hKey=0x264, lpValueName="0d12757fbbf3", Reserved=0x0, dwType=0x3, lpData=0x142e888*, cbData=0x4 | out: lpData=0x142e888*) returned 0x0 [0129.105] RegCloseKey (hKey=0x264) returned 0x0 [0129.105] wvnsprintfA (in: pszDest=0x142e328, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e210 | out: pszDest="CG1CG1_11980343") returned 15 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] wvnsprintfA (in: pszDest=0x142e228, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e20c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] wvnsprintfA (in: pszDest=0x142e6d4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4a8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6d4, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.105] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7dc, lpdwDisposition=0x0 | out: phkResult=0x142e7dc*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] SetLastError (dwErrCode=0x0) [0129.105] wvnsprintfA (in: pszDest=0x142e668, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e550 | out: pszDest="IOBALIOBAL_11980343") returned 19 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] wvnsprintfA (in: pszDest=0x142e568, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e54c | out: pszDest="0c5af5e4d3752d27c0fb5135196199ad") returned 32 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] RegQueryValueExA (in: hKey=0x264, lpValueName="0c5af5e4d37", lpReserved=0x0, lpType=0x142e884, lpData=0x0, lpcbData=0x142e880*=0x0 | out: lpType=0x142e884*=0x0, lpData=0x0, lpcbData=0x142e880*=0x0) returned 0x2 [0129.105] RegSetValueExA (in: hKey=0x264, lpValueName="0c5af5e4d37", Reserved=0x0, dwType=0x3, lpData=0x142e888*, cbData=0x4 | out: lpData=0x142e888*) returned 0x0 [0129.105] RegCloseKey (hKey=0x264) returned 0x0 [0129.105] wvnsprintfA (in: pszDest=0x142e328, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e210 | out: pszDest="CG1CG1_11980343") returned 15 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] wvnsprintfA (in: pszDest=0x142e228, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e20c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.105] SetLastError (dwErrCode=0x0) [0129.105] wvnsprintfA (in: pszDest=0x142e6d4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4a8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6d4, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.106] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7dc, lpdwDisposition=0x0 | out: phkResult=0x142e7dc*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] SetLastError (dwErrCode=0x0) [0129.106] wvnsprintfA (in: pszDest=0x142e668, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e550 | out: pszDest="IOBGLIOBGL_11980343") returned 19 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] wvnsprintfA (in: pszDest=0x142e568, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e54c | out: pszDest="5ffd897d923eb841d13b4bbeb91772f1") returned 32 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] RegQueryValueExA (in: hKey=0x264, lpValueName="5ffd897d923e", lpReserved=0x0, lpType=0x142e884, lpData=0x0, lpcbData=0x142e880*=0x0 | out: lpType=0x142e884*=0x0, lpData=0x0, lpcbData=0x142e880*=0x0) returned 0x2 [0129.106] RegSetValueExA (in: hKey=0x264, lpValueName="5ffd897d923e", Reserved=0x0, dwType=0x3, lpData=0x142e888*, cbData=0x4 | out: lpData=0x142e888*) returned 0x0 [0129.106] RegCloseKey (hKey=0x264) returned 0x0 [0129.106] wvnsprintfA (in: pszDest=0x142e328, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e210 | out: pszDest="CG1CG1_11980343") returned 15 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] wvnsprintfA (in: pszDest=0x142e228, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e20c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] wvnsprintfA (in: pszDest=0x142e6d4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e4a8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6d4, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.106] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x142e7dc, lpdwDisposition=0x0 | out: phkResult=0x142e7dc*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] SetLastError (dwErrCode=0x0) [0129.106] wvnsprintfA (in: pszDest=0x142e668, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e550 | out: pszDest="IOBDLIOBDL_11980343") returned 19 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] wvnsprintfA (in: pszDest=0x142e568, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e54c | out: pszDest="820ee8cfcabdd7fb18cdda79d0970b2f") returned 32 [0129.106] SetLastError (dwErrCode=0x0) [0129.106] RegQueryValueExA (in: hKey=0x264, lpValueName="820ee8cfcabdd7fb1", lpReserved=0x0, lpType=0x142e884, lpData=0x0, lpcbData=0x142e880*=0x0 | out: lpType=0x142e884*=0x0, lpData=0x0, lpcbData=0x142e880*=0x0) returned 0x2 [0129.107] RegSetValueExA (in: hKey=0x264, lpValueName="820ee8cfcabdd7fb1", Reserved=0x0, dwType=0x3, lpData=0x142e888*, cbData=0x4 | out: lpData=0x142e888*) returned 0x0 [0129.107] RegCloseKey (hKey=0x264) returned 0x0 [0129.107] CreateFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x264 [0129.107] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15a2d8 [0129.107] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x15b2d8, flAllocationType=0x3000, flProtect=0x4) returned 0x3a80000 [0129.107] ReadFile (in: hFile=0x264, lpBuffer=0x3a80000, nNumberOfBytesToRead=0x15a2d8, lpNumberOfBytesRead=0x142e89c, lpOverlapped=0x0 | out: lpBuffer=0x3a80000*, lpNumberOfBytesRead=0x142e89c*=0x15a2d8, lpOverlapped=0x0) returned 1 [0129.143] CloseHandle (hObject=0x264) returned 1 [0129.152] VirtualFreeEx (hProcess=0xffffffff, lpAddress=0x3a80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.159] wvnsprintfA (in: pszDest=0x142e248, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e130 | out: pszDest="CG1CG1_11980343") returned 15 [0129.159] SetLastError (dwErrCode=0x0) [0129.159] wvnsprintfA (in: pszDest=0x142e148, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e12c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.159] SetLastError (dwErrCode=0x0) [0129.159] wvnsprintfA (in: pszDest=0x142e6fc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e3c8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.159] SetLastError (dwErrCode=0x0) [0129.160] wvnsprintfA (in: pszDest=0x142e35c, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e244 | out: pszDest="LUHLUH_11980343") returned 15 [0129.160] SetLastError (dwErrCode=0x0) [0129.160] wvnsprintfA (in: pszDest=0x142e25c, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e240 | out: pszDest="dca28b911cac64c429bda96112716516") returned 32 [0129.160] SetLastError (dwErrCode=0x0) [0129.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e6fc, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.160] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x142e4cc, lpdwDisposition=0x0 | out: phkResult=0x142e4cc*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.160] SetLastError (dwErrCode=0x0) [0129.160] SetLastError (dwErrCode=0x0) [0129.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e800, cbMultiByte=10, lpWideCharStr=0x164cdb8, cchWideChar=10 | out: lpWideCharStr="dca28b911c") returned 10 [0129.160] RtlInitUnicodeString (in: DestinationString=0x142e468, SourceString="dca28b911c" | out: DestinationString="dca28b911c") [0129.160] NtSetValueKey (in: KeyHandle=0x264, ValueName="dca28b911c", TitleIndex=0x0, Type=0x3, Data=0x142f994*, DataSize=0x14 | out: Data=0x142f994*) returned 0x0 [0129.160] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0129.160] SetLastError (dwErrCode=0x0) [0129.160] RegCloseKey (hKey=0x264) returned 0x0 [0129.160] SetLastError (dwErrCode=0x0) [0129.160] GetLastError () returned 0x0 [0129.160] SetLastError (dwErrCode=0x0) [0129.161] wvnsprintfA (in: pszDest=0x142e03c, cchDest=255, pszFmt="%s%s_%p", arglist=0x142df24 | out: pszDest="CG1CG1_11980343") returned 15 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] wvnsprintfA (in: pszDest=0x142df3c, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142df20 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] wvnsprintfA (in: pszDest=0x142e4f0, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x142e1bc | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] wvnsprintfA (in: pszDest=0x142e150, cchDest=255, pszFmt="%s%s_%p", arglist=0x142e038 | out: pszDest="BIPBIP_11980343") returned 15 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] wvnsprintfA (in: pszDest=0x142e050, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x142e034 | out: pszDest="8014f07ffab8a0f65703b046d678e2d9") returned 32 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e4f0, cbMultiByte=95, lpWideCharStr=0x164c3b0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0129.161] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x142e2c0, lpdwDisposition=0x0 | out: phkResult=0x142e2c0*=0x264, lpdwDisposition=0x0) returned 0x0 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] SetLastError (dwErrCode=0x0) [0129.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x142e5f4, cbMultiByte=18, lpWideCharStr=0x16410c0, cchWideChar=18 | out: lpWideCharStr="8014f07ffab8a0f657") returned 18 [0129.161] RtlInitUnicodeString (in: DestinationString=0x142e25c, SourceString="8014f07ffab8a0f657" | out: DestinationString="8014f07ffab8a0f657") [0129.161] NtSetValueKey (in: KeyHandle=0x264, ValueName="8014f07ffab8a0f657", TitleIndex=0x0, Type=0x3, Data=0x142e6a0*, DataSize=0x208 | out: Data=0x142e6a0*) returned 0x0 [0129.161] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0129.161] SetLastError (dwErrCode=0x0) [0129.161] RegCloseKey (hKey=0x264) returned 0x0 [0129.161] SetLastError (dwErrCode=0x0) [0129.162] GetLastError () returned 0x0 [0129.162] SetLastError (dwErrCode=0x0) [0129.162] CreateFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe"), dwDesiredAccess=0x80, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0129.162] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15a2d8 [0129.162] CloseHandle (hObject=0x264) returned 1 [0129.162] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe")) returned 0x2003 [0129.162] PathFindFileNameW (pszPath="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned="ws97995e1qms.exe" [0129.162] PathRemoveFileSpecW (in: pszPath="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" | out: pszPath="C:\\ProgramData\\Task Protect 2.3") returned 1 [0129.162] SfcIsFileProtected () returned 0x0 [0129.940] CreateFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000080, hTemplateFile=0x0) returned 0x28c [0129.940] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15a2d8 [0129.940] GetLastError () returned 0x0 [0129.940] VirtualAlloc (lpAddress=0x0, dwSize=0x15a2dc, flAllocationType=0x3000, flProtect=0x4) returned 0x3a80000 [0129.940] ReadFile (in: hFile=0x28c, lpBuffer=0x3a80000, nNumberOfBytesToRead=0x15a2d8, lpNumberOfBytesRead=0x142f9c8, lpOverlapped=0x0 | out: lpBuffer=0x3a80000*, lpNumberOfBytesRead=0x142f9c8*=0x15a2d8, lpOverlapped=0x0) returned 1 [0129.963] GetTickCount () returned 0x2d78a [0129.963] GetCurrentThreadId () returned 0x744 [0129.963] RtlRandom (in: Seed=0x142f9b0 | out: Seed=0x142f9b0) returned 0x1b6fa274 [0129.963] CloseHandle (hObject=0x28c) returned 1 [0129.963] SetEnvironmentVariableA (lpName="__compat_layer", lpValue="RunAsInvoker") returned 1 [0129.963] GetSystemWow64DirectoryW (in: lpBuffer=0x142f150, uSize=0x103 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0129.963] PathAppendW (in: pszPath="C:\\Windows\\SysWOW64", pMore="explorer.exe" | out: pszPath="C:\\Windows\\SysWOW64\\explorer.exe") returned 1 [0129.963] GetFileAttributesW (lpFileName="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20 [0129.963] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0129.964] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3db190 [0129.964] ReadFile (in: hFile=0x28c, lpBuffer=0x142edf8, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0x142f130, lpOverlapped=0x0 | out: lpBuffer=0x142edf8*, lpNumberOfBytesRead=0x142f130*=0x338, lpOverlapped=0x0) returned 1 [0129.964] CloseHandle (hObject=0x28c) returned 1 [0129.964] wvnsprintfW (in: pszDest=0x142f4f4, cchDest=2147483647, pszFmt="/%s", arglist=0x142f4ec | out: pszDest="/exc") returned 4 [0129.964] SetLastError (dwErrCode=0x0) [0129.964] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"" [0129.964] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe\"", pNumArgs=0x142f578 | out: pNumArgs=0x142f578) returned 0x164cf30*="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\urkotu.exe" [0129.964] LocalFree (hMem=0x164cf30) returned 0x0 [0129.964] CreateProcessW (in: lpApplicationName="C:\\Windows\\SysWOW64\\explorer.exe", lpCommandLine="C:\\Windows\\SysWOW64\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x2c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x142f478*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x142f54c | out: lpCommandLine="C:\\Windows\\SysWOW64\\explorer.exe", lpProcessInformation=0x142f54c*(hProcess=0x290, hThread=0x28c, dwProcessId=0xbcc, dwThreadId=0x7a0)) returned 1 [0132.057] GetProcessId (Process=0x290) returned 0xbcc [0132.057] OpenProcessToken (in: ProcessHandle=0x290, DesiredAccess=0x8, TokenHandle=0x142ee58 | out: TokenHandle=0x142ee58*=0x298) returned 1 [0132.057] GetTokenInformation (in: TokenHandle=0x298, TokenInformationClass=0xc, TokenInformation=0x142eeb8, TokenInformationLength=0x4, ReturnLength=0x142ee5c | out: TokenInformation=0x142eeb8, ReturnLength=0x142ee5c) returned 1 [0132.057] CloseHandle (hObject=0x298) returned 1 [0132.057] wvnsprintfA (in: pszDest=0x142ee24, cchDest=63, pszFmt="0x%08X", arglist=0x142ee1c | out: pszDest="0x00000BCC") returned 10 [0132.057] SetLastError (dwErrCode=0x0) [0132.057] wvnsprintfA (in: pszDest=0x142ebe4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142ebcc | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BCC_v1$") returned 62 [0132.057] SetLastError (dwErrCode=0x0) [0132.057] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BCC_v1$") returned 0x0 [0132.057] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x1659118, dwRevision=0x1 | out: pSecurityDescriptor=0x1659118) returned 1 [0132.057] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x1659118, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x1659118) returned 1 [0132.057] GetLastError () returned 0x2 [0132.057] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0x1659118, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0x1659118) returned 1 [0132.057] GetLastError () returned 0x2 [0132.057] SetLastError (dwErrCode=0x2) [0132.057] CreateEventA (lpEventAttributes=0x142ece0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BCC_v1$") returned 0x298 [0132.057] GetLastError () returned 0x0 [0132.057] SetLastError (dwErrCode=0x0) [0132.058] NtCreateSection (in: SectionHandle=0x142ee60, DesiredAccess=0xf001f, ObjectAttributes=0x142ee1c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x142ee34, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x142ee60*=0x294) returned 0x0 [0132.058] NtMapViewOfSection (in: SectionHandle=0x294, ProcessHandle=0x290, BaseAddress=0x142ee5c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x142ee4c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x142ee5c*=0x5100000, SectionOffset=0x0, ViewSize=0x142ee4c*=0x1c4000) returned 0x0 [0132.059] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0132.059] SetLastError (dwErrCode=0x0) [0132.059] NtMapViewOfSection (in: SectionHandle=0x294, ProcessHandle=0xffffffff, BaseAddress=0x142ee58*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x142ee54*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x142ee58*=0x3be0000, SectionOffset=0x0, ViewSize=0x142ee54*=0x1c4000) returned 0x0 [0132.059] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0132.059] SetLastError (dwErrCode=0x0) [0132.059] SetLastError (dwErrCode=0x0) [0132.067] wvnsprintfA (in: pszDest=0x142ee24, cchDest=63, pszFmt="SB:0x%08X", arglist=0x142ee14 | out: pszDest="SB:0x00000BCC") returned 13 [0132.067] SetLastError (dwErrCode=0x0) [0132.067] wvnsprintfA (in: pszDest=0x142ebe8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x142ebd0 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000BCC_v1$") returned 65 [0132.067] SetLastError (dwErrCode=0x0) [0132.067] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000BCC_v1$") returned 0x0 [0132.067] GetLastError () returned 0x2 [0132.067] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x298, hTargetProcessHandle=0x290, lpTargetHandle=0x142ee64, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x142ee64*=0x4) returned 1 [0132.067] CloseHandle (hObject=0x298) returned 1 [0132.261] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3be0000) returned 0x0 [0132.280] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0132.280] SetLastError (dwErrCode=0x0) [0132.280] CloseHandle (hObject=0x294) returned 1 [0132.280] NtGetContextThread (in: ThreadHandle=0x28c, Context=0x142f1a8 | out: Context=0x142f1a8*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7ef4e000, Edx=0x0, Ecx=0x0, Eax=0xdbdea0, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0xb2f858, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0132.281] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0132.281] SetLastError (dwErrCode=0x0) [0132.281] VirtualQueryEx (in: hProcess=0x290, lpAddress=0xdbdea0, lpBuffer=0x142f4c4, dwLength=0x1c | out: lpBuffer=0x142f4c4*(BaseAddress=0xdbd000, AllocationBase=0xd20000, AllocationProtect=0x80, RegionSize=0x12a000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0132.281] ReadProcessMemory (in: hProcess=0x290, lpBaseAddress=0xd20000, lpBuffer=0x1659118, nSize=0x200, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x1659118*, lpNumberOfBytesRead=0x0) returned 1 [0132.387] ReadProcessMemory (in: hProcess=0x290, lpBaseAddress=0xd20000, lpBuffer=0x3be0020, nSize=0x3d7000, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x3be0020*, lpNumberOfBytesRead=0x0) returned 1 [0134.354] NtUnmapViewOfSection (ProcessHandle=0x290, BaseAddress=0xd20000) returned 0x0 [0134.393] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0134.393] SetLastError (dwErrCode=0x0) [0134.393] NtCreateSection (in: SectionHandle=0x142f184, DesiredAccess=0xf001f, ObjectAttributes=0x142f140*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x142f158, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x142f184*=0x294) returned 0x0 [0134.394] NtMapViewOfSection (in: SectionHandle=0x294, ProcessHandle=0x290, BaseAddress=0x142f180*=0xd20000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x142f170*=0x3d7100, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x142f180*=0xd20000, SectionOffset=0x0, ViewSize=0x142f170*=0x3d8000) returned 0x0 [0134.396] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0134.396] SetLastError (dwErrCode=0x0) [0134.396] NtMapViewOfSection (in: SectionHandle=0x294, ProcessHandle=0xffffffff, BaseAddress=0x142f17c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x142f178*=0x3d7100, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x142f17c*=0x3fc0000, SectionOffset=0x0, ViewSize=0x142f178*=0x3d8000) returned 0x0 [0134.396] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0134.396] SetLastError (dwErrCode=0x0) [0134.396] SetLastError (dwErrCode=0x0) [0134.444] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3fc0000) returned 0x0 [0134.484] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0134.484] SetLastError (dwErrCode=0x0) [0134.484] CloseHandle (hObject=0x294) returned 1 [0134.484] SetLastError (dwErrCode=0x0) [0134.484] GetLastError () returned 0x0 [0134.484] CloseHandle (hObject=0x260) returned 1 [0134.484] NtResumeProcess (ProcessHandle=0x290) returned 0x0 [0134.552] NtResumeThread (in: ThreadHandle=0x28c, SuspendCount=0x142f560 | out: SuspendCount=0x142f560*=0x0) returned 0x0 [0134.552] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0134.552] SetLastError (dwErrCode=0x0) [0134.552] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xffffffff, hTargetProcessHandle=0x290, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x0) returned 1 [0134.552] Sleep (dwMilliseconds=0x1f4) [0135.332] GetExitCodeProcess (in: hProcess=0x290, lpExitCode=0x142f9b0 | out: lpExitCode=0x142f9b0*=0x103) returned 1 [0135.332] CloseHandle (hObject=0x290) returned 1 [0135.332] CloseHandle (hObject=0x28c) returned 1 [0135.332] ExitProcess (uExitCode=0x0) Thread: id = 5 os_tid = 0x40 Thread: id = 6 os_tid = 0x920 Thread: id = 7 os_tid = 0xb90 [0127.467] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0127.467] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x38efbe0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38efbe0*=0x1c8) returned 1 [0127.467] GetCurrentThreadId () returned 0xb90 [0127.467] SetEvent (hEvent=0x1c0) returned 1 [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101000, lpBuffer=0x38efbbc, dwLength=0x1c | out: lpBuffer=0x38efbbc*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3101e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3101000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x65000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3102e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3102000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x64000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.697] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3103e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3103000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x63000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3104e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3104000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x62000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3105e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3105000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x61000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.698] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3106e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3106000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x60000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3107e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3107000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3108e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3108000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.699] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3109e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3109000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310a800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310aa00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ac00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ae00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310b800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ba00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310bc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310be00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.700] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310c800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ca00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310cc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ce00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x5a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310d800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310da00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310dc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310de00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x59000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.701] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310e800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ea00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ec00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310ee00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x58000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310f800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310fa00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310fc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x310fe00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x310f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x57000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.702] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3110e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3110000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x56000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3111e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3111000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x55000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.703] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3112e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3112000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x54000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3113e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3113000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x53000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.704] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3114e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3114000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3115e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3115000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x51000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.705] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3116e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3116000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x50000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3117e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3117000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4f000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.706] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3118e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3118000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4e000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119a00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119c00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x3119e00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x3119000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4d000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.707] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311a800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311aa00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ac00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ae00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311a000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4c000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311b800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ba00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311bc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311be00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311b000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4b000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311c800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ca00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.708] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311cc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ce00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311c000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x4a000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311d800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311da00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311dc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311de00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311d000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x49000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.709] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311e800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ea00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ec00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311ee00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311e000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x48000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f000, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f200, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f400, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f600, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311f800, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311fa00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311fc00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.711] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x311fe00, lpBuffer=0x38efb7c, dwLength=0x1c | out: lpBuffer=0x38efb7c*(BaseAddress=0x311f000, AllocationBase=0x3100000, AllocationProtect=0x40, RegionSize=0x47000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c [0127.718] SleepEx (dwMilliseconds=0xdac, bAlertable=0) returned 0x0 [0131.500] SleepEx (dwMilliseconds=0xdac, bAlertable=0) returned 0x0 [0135.011] SleepEx (dwMilliseconds=0xdac, bAlertable=0) Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\syswow64\\explorer.exe" page_root = "0x2fe05000" os_pid = "0xbcc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x73c" cmd_line = "C:\\Windows\\SysWOW64\\explorer.exe" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 353 start_va = 0xa60000 end_va = 0xa7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 354 start_va = 0xa80000 end_va = 0xa81fff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 355 start_va = 0xa90000 end_va = 0xaa3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 356 start_va = 0xab0000 end_va = 0xaeffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 357 start_va = 0xaf0000 end_va = 0xb2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 358 start_va = 0xd20000 end_va = 0x10f6fff entry_point = 0xd20000 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe") Region: id = 359 start_va = 0x1100000 end_va = 0x50fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 360 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 361 start_va = 0x7ef20000 end_va = 0x7ef42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ef20000" filename = "" Region: id = 362 start_va = 0x7ef4b000 end_va = 0x7ef4dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef4b000" filename = "" Region: id = 363 start_va = 0x7ef4e000 end_va = 0x7ef4efff entry_point = 0x0 region_type = private name = "private_0x000000007ef4e000" filename = "" Region: id = 364 start_va = 0x7ef4f000 end_va = 0x7ef4ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef4f000" filename = "" Region: id = 365 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 366 start_va = 0x7fff0000 end_va = 0x7df8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 367 start_va = 0x7df8ee380000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df8ee380000" filename = "" Region: id = 368 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 369 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 372 start_va = 0xb30000 end_va = 0xb33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 373 start_va = 0xb40000 end_va = 0xb42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 374 start_va = 0xb50000 end_va = 0xb51fff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 375 start_va = 0x5100000 end_va = 0x52c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005100000" filename = "" Region: id = 378 start_va = 0xd20000 end_va = 0x10f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 380 start_va = 0xd10000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 381 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 382 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 383 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 384 start_va = 0xa60000 end_va = 0xa6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 385 start_va = 0xbc0000 end_va = 0xcbffff entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 386 start_va = 0x52d0000 end_va = 0x538dfff entry_point = 0x52d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 387 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 388 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 389 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 390 start_va = 0x7ee20000 end_va = 0x7ef1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee20000" filename = "" Region: id = 391 start_va = 0xa70000 end_va = 0xa73fff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 392 start_va = 0xb60000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 393 start_va = 0xcc0000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 394 start_va = 0x5390000 end_va = 0x53cffff entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 395 start_va = 0x53d0000 end_va = 0x540ffff entry_point = 0x0 region_type = private name = "private_0x00000000053d0000" filename = "" Region: id = 396 start_va = 0x5410000 end_va = 0x544ffff entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 397 start_va = 0x5450000 end_va = 0x548ffff entry_point = 0x0 region_type = private name = "private_0x0000000005450000" filename = "" Region: id = 398 start_va = 0x73e40000 end_va = 0x73e5cfff entry_point = 0x73e40000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 399 start_va = 0x73e60000 end_va = 0x73eddfff entry_point = 0x73e60000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 400 start_va = 0x73ee0000 end_va = 0x73f00fff entry_point = 0x73ee0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 401 start_va = 0x73f10000 end_va = 0x73f28fff entry_point = 0x73f10000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 402 start_va = 0x73f30000 end_va = 0x73fcbfff entry_point = 0x73f30000 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 403 start_va = 0x73fd0000 end_va = 0x741e2fff entry_point = 0x73fd0000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 404 start_va = 0x741f0000 end_va = 0x74331fff entry_point = 0x741f0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 405 start_va = 0x74620000 end_va = 0x746b8fff entry_point = 0x74620000 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll") Region: id = 406 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 407 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 408 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 409 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 410 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 411 start_va = 0x753b0000 end_va = 0x753f3fff entry_point = 0x753b0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 412 start_va = 0x75430000 end_va = 0x767eefff entry_point = 0x75430000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 413 start_va = 0x76810000 end_va = 0x7681efff entry_point = 0x76810000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 414 start_va = 0x76a10000 end_va = 0x76a8afff entry_point = 0x76a10000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 415 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 416 start_va = 0x76c90000 end_va = 0x76d21fff entry_point = 0x76c90000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 417 start_va = 0x76d30000 end_va = 0x76d3dfff entry_point = 0x76d30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 418 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 419 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 420 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 421 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 422 start_va = 0x77290000 end_va = 0x772d3fff entry_point = 0x77290000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 423 start_va = 0x77340000 end_va = 0x773ccfff entry_point = 0x77340000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 424 start_va = 0x773f0000 end_va = 0x778ccfff entry_point = 0x773f0000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 425 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 426 start_va = 0x77ab0000 end_va = 0x77c24fff entry_point = 0x77ab0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 427 start_va = 0x77c30000 end_va = 0x77c3bfff entry_point = 0x77c30000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 428 start_va = 0x7ee1d000 end_va = 0x7ee1ffff entry_point = 0x0 region_type = private name = "private_0x000000007ee1d000" filename = "" Region: id = 429 start_va = 0x7ef45000 end_va = 0x7ef47fff entry_point = 0x0 region_type = private name = "private_0x000000007ef45000" filename = "" Region: id = 430 start_va = 0x7ef48000 end_va = 0x7ef4afff entry_point = 0x0 region_type = private name = "private_0x000000007ef48000" filename = "" Region: id = 431 start_va = 0xa80000 end_va = 0xa87fff entry_point = 0xa80000 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\explorer.exe.mui") Region: id = 432 start_va = 0xba0000 end_va = 0xba0fff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 433 start_va = 0xbb0000 end_va = 0xbb0fff entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 434 start_va = 0xd00000 end_va = 0xd03fff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 435 start_va = 0x54d0000 end_va = 0x54dffff entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 436 start_va = 0x55f0000 end_va = 0x55fffff entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 437 start_va = 0x5600000 end_va = 0x5787fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005600000" filename = "" Region: id = 438 start_va = 0x5790000 end_va = 0x5910fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005790000" filename = "" Region: id = 439 start_va = 0x5920000 end_va = 0x6d1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005920000" filename = "" Region: id = 440 start_va = 0x6d20000 end_va = 0x7056fff entry_point = 0x6d20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 441 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 442 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 443 start_va = 0x74bf0000 end_va = 0x74bf9fff entry_point = 0x74bf0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 444 start_va = 0x749c0000 end_va = 0x74be3fff entry_point = 0x749c0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 445 start_va = 0x768b0000 end_va = 0x76999fff entry_point = 0x768b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 446 start_va = 0x749b0000 end_va = 0x749b7fff entry_point = 0x749b0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 447 start_va = 0x74920000 end_va = 0x749a3fff entry_point = 0x74920000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 448 start_va = 0x769b0000 end_va = 0x76a0bfff entry_point = 0x769b0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 449 start_va = 0x773e0000 end_va = 0x773e6fff entry_point = 0x773e0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 450 start_va = 0x5490000 end_va = 0x5490fff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 451 start_va = 0x747c0000 end_va = 0x7491ffff entry_point = 0x747c0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 452 start_va = 0x74350000 end_va = 0x74610fff entry_point = 0x74350000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 453 start_va = 0x747a0000 end_va = 0x747b2fff entry_point = 0x747a0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 454 start_va = 0x74790000 end_va = 0x7479ffff entry_point = 0x74790000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 455 start_va = 0x74770000 end_va = 0x7478bfff entry_point = 0x74770000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 456 start_va = 0x74760000 end_va = 0x74769fff entry_point = 0x74760000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 457 start_va = 0x74740000 end_va = 0x7475afff entry_point = 0x74740000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 458 start_va = 0x74720000 end_va = 0x74733fff entry_point = 0x74720000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 459 start_va = 0x74710000 end_va = 0x7471efff entry_point = 0x74710000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll") Region: id = 460 start_va = 0x54a0000 end_va = 0x54acfff entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 461 start_va = 0x5490000 end_va = 0x5495fff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 462 start_va = 0x54e0000 end_va = 0x551ffff entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 463 start_va = 0x5520000 end_va = 0x555ffff entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 464 start_va = 0x746e0000 end_va = 0x74707fff entry_point = 0x746e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 465 start_va = 0x7ee1a000 end_va = 0x7ee1cfff entry_point = 0x0 region_type = private name = "private_0x000000007ee1a000" filename = "" Region: id = 466 start_va = 0x54b0000 end_va = 0x54b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054b0000" filename = "" Region: id = 467 start_va = 0x54c0000 end_va = 0x54c0fff entry_point = 0x0 region_type = private name = "private_0x00000000054c0000" filename = "" Region: id = 468 start_va = 0x5560000 end_va = 0x5560fff entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 469 start_va = 0x746c0000 end_va = 0x746d2fff entry_point = 0x746c0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 470 start_va = 0x5570000 end_va = 0x5570fff entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 471 start_va = 0x5580000 end_va = 0x5580fff entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 472 start_va = 0x5590000 end_va = 0x5590fff entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 473 start_va = 0x55a0000 end_va = 0x55abfff entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 474 start_va = 0x55b0000 end_va = 0x55effff entry_point = 0x0 region_type = private name = "private_0x00000000055b0000" filename = "" Region: id = 475 start_va = 0x7060000 end_va = 0x709ffff entry_point = 0x0 region_type = private name = "private_0x0000000007060000" filename = "" Region: id = 476 start_va = 0x7ee17000 end_va = 0x7ee19fff entry_point = 0x0 region_type = private name = "private_0x000000007ee17000" filename = "" Region: id = 477 start_va = 0x70a0000 end_va = 0x70dffff entry_point = 0x0 region_type = private name = "private_0x00000000070a0000" filename = "" Region: id = 478 start_va = 0x70e0000 end_va = 0x711ffff entry_point = 0x0 region_type = private name = "private_0x00000000070e0000" filename = "" Region: id = 479 start_va = 0x7ee14000 end_va = 0x7ee16fff entry_point = 0x0 region_type = private name = "private_0x000000007ee14000" filename = "" Region: id = 480 start_va = 0x73c30000 end_va = 0x73e38fff entry_point = 0x73c30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll") Region: id = 481 start_va = 0x7120000 end_va = 0x7120fff entry_point = 0x7120000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 482 start_va = 0x7130000 end_va = 0x7131fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007130000" filename = "" Region: id = 483 start_va = 0x7120000 end_va = 0x7120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007120000" filename = "" Region: id = 484 start_va = 0x7140000 end_va = 0x71f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007140000" filename = "" Region: id = 485 start_va = 0x7120000 end_va = 0x7123fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007120000" filename = "" Region: id = 486 start_va = 0x7200000 end_va = 0x7203fff entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 487 start_va = 0x7210000 end_va = 0x721ffff entry_point = 0x0 region_type = private name = "private_0x0000000007210000" filename = "" Region: id = 488 start_va = 0x7220000 end_va = 0x731ffff entry_point = 0x0 region_type = private name = "private_0x0000000007220000" filename = "" Region: id = 489 start_va = 0x7320000 end_va = 0x7333fff entry_point = 0x0 region_type = private name = "private_0x0000000007320000" filename = "" Region: id = 490 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 491 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 492 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 493 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 494 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 495 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 496 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 497 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 498 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 499 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 500 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 501 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 502 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 503 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 504 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 505 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 506 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 507 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 508 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 509 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 510 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 511 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 512 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 513 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 514 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 515 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 516 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 517 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 518 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 519 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 520 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 521 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 522 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 523 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 524 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 525 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 526 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 527 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 528 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 529 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 530 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 531 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 532 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 533 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 534 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 535 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 536 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 537 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 538 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 539 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 540 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 541 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 542 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 543 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 544 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 545 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 546 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 547 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 548 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 549 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 550 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 551 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 552 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 553 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 554 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 555 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 556 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 557 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 558 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 559 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 560 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 561 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 562 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 563 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 564 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 565 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 566 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 567 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 568 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 569 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 570 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 571 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 572 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 573 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 574 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 575 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 576 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 577 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 578 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 579 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 580 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 581 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 582 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 583 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 584 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 585 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 586 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 587 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 588 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 589 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 590 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 591 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 592 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 593 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 594 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 595 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 596 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 597 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 598 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 599 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 600 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 601 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 602 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 603 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 604 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 605 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 606 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 607 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 608 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 609 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 610 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 611 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 612 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 613 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 614 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 615 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 616 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 617 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 618 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 619 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 620 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 621 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 622 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 623 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 624 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 625 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 626 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 627 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 628 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 629 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 630 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 631 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 632 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 633 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 634 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 635 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 636 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 637 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 638 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 639 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 640 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 641 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 642 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 643 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 644 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 645 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 646 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 647 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 648 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 649 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 650 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 651 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 652 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 653 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 654 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 655 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 656 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 657 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 658 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 659 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 660 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 661 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 662 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 663 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 664 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 665 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 666 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 667 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 668 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 669 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 670 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 671 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 672 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 673 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 674 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 675 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 676 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 677 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 678 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 679 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 680 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 681 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 682 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 683 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 684 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 685 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 686 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 687 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 688 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 689 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 690 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 691 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 692 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 693 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 694 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 695 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 696 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 697 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 698 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 699 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 700 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 701 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 702 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 703 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 704 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 705 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 706 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 707 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 708 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 709 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 710 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 711 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 712 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 713 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 714 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 715 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 716 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 717 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 718 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 719 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 720 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 721 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 722 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 723 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 724 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 725 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 726 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 727 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 728 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 729 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 730 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 731 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 732 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 733 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 734 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 735 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 736 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 737 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 738 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 739 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 740 start_va = 0x7210000 end_va = 0x7214fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 741 start_va = 0x7320000 end_va = 0x735ffff entry_point = 0x0 region_type = private name = "private_0x0000000007320000" filename = "" Region: id = 742 start_va = 0x7360000 end_va = 0x739ffff entry_point = 0x0 region_type = private name = "private_0x0000000007360000" filename = "" Region: id = 743 start_va = 0x73a0000 end_va = 0x7891fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000073a0000" filename = "" Region: id = 744 start_va = 0x7ee11000 end_va = 0x7ee13fff entry_point = 0x0 region_type = private name = "private_0x000000007ee11000" filename = "" Region: id = 745 start_va = 0x78a0000 end_va = 0x88dffff entry_point = 0x78a0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 746 start_va = 0x7210000 end_va = 0x721ffff entry_point = 0x0 region_type = private name = "private_0x0000000007210000" filename = "" Region: id = 747 start_va = 0x88e0000 end_va = 0x891ffff entry_point = 0x0 region_type = private name = "private_0x00000000088e0000" filename = "" Region: id = 748 start_va = 0x8920000 end_va = 0x895ffff entry_point = 0x0 region_type = private name = "private_0x0000000008920000" filename = "" Region: id = 749 start_va = 0x7ee0e000 end_va = 0x7ee10fff entry_point = 0x0 region_type = private name = "private_0x000000007ee0e000" filename = "" Region: id = 750 start_va = 0x8960000 end_va = 0x8973fff entry_point = 0x0 region_type = private name = "private_0x0000000008960000" filename = "" Region: id = 751 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 752 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 753 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 754 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 755 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 756 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 757 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 758 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 759 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 760 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 761 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 762 start_va = 0x8960000 end_va = 0x899ffff entry_point = 0x0 region_type = private name = "private_0x0000000008960000" filename = "" Region: id = 763 start_va = 0x89a0000 end_va = 0x89dffff entry_point = 0x0 region_type = private name = "private_0x00000000089a0000" filename = "" Region: id = 764 start_va = 0x7ee0b000 end_va = 0x7ee0dfff entry_point = 0x0 region_type = private name = "private_0x000000007ee0b000" filename = "" Region: id = 765 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 766 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 767 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 768 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 769 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 770 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 771 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 772 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 773 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 774 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 775 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 776 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 777 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 778 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 779 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 780 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 781 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 782 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 783 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 784 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 839 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 840 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 895 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 896 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 951 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 952 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1007 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1008 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1063 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1064 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1119 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1120 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1121 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1176 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1177 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1232 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1233 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1288 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1289 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1344 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1345 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1400 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1401 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1456 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1457 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1512 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1513 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1568 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1569 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1624 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1625 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1680 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1681 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1736 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1737 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1792 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1793 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1850 start_va = 0x89e0000 end_va = 0x8ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000089e0000" filename = "" Region: id = 1851 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1852 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1853 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1854 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1855 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1856 start_va = 0x7210000 end_va = 0x7217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007210000" filename = "" Region: id = 1857 start_va = 0x7210000 end_va = 0x7211fff entry_point = 0x0 region_type = private name = "private_0x0000000007210000" filename = "" Region: id = 1858 start_va = 0x73be0000 end_va = 0x73c2dfff entry_point = 0x73be0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Thread: id = 8 os_tid = 0x7a0 [0137.195] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77cff090) returned 0x0 [0137.196] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77cf9920) returned 0x0 [0137.196] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77ce5e80) returned 0x0 [0137.196] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="ExitThread", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77d02570) returned 0x0 [0137.197] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77cdda90) returned 0x0 [0137.197] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77cdbae0) returned 0x0 [0137.197] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="HeapSize", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77cf4f40) returned 0x0 [0137.198] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77ce5e00) returned 0x0 [0137.198] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="TryEnterCriticalSection", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x77cf9070) returned 0x0 [0137.198] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5153590, cbMultiByte=11, lpWideCharStr=0xbc9fa0, cchWideChar=11 | out: lpWideCharStr="secur32.dll") returned 11 [0137.198] LoadLibraryW (lpLibFileName="secur32.dll") returned 0x74bf0000 [0137.201] LdrGetProcedureAddress (in: BaseAddress=0x74bf0000, Name="GetUserNameExW", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x74dbc5f0) returned 0x0 [0137.201] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51535b8, cbMultiByte=11, lpWideCharStr=0xbc9fa0, cchWideChar=11 | out: lpWideCharStr="crypt32.dll") returned 11 [0137.201] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x77ab0000 [0137.202] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51535e0, cbMultiByte=10, lpWideCharStr=0xbc9fa0, cchWideChar=10 | out: lpWideCharStr="user32.dll") returned 10 [0137.202] LoadLibraryW (lpLibFileName="user32.dll") returned 0x77150000 [0137.203] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5153608, cbMultiByte=12, lpWideCharStr=0xbc9fa0, cchWideChar=12 | out: lpWideCharStr="advapi32.dll") returned 12 [0137.203] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76a10000 [0137.204] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5153630, cbMultiByte=11, lpWideCharStr=0xbc9fa0, cchWideChar=11 | out: lpWideCharStr="wininet.dll") returned 11 [0137.204] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x749c0000 [0137.216] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5153658, cbMultiByte=11, lpWideCharStr=0xbc9fa0, cchWideChar=11 | out: lpWideCharStr="shell32.dll") returned 11 [0137.216] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x75430000 [0137.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5153680, cbMultiByte=11, lpWideCharStr=0xbc9fa0, cchWideChar=11 | out: lpWideCharStr="shlwapi.dll") returned 11 [0137.217] LoadLibraryW (lpLibFileName="shlwapi.dll") returned 0x77290000 [0137.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51536a8, cbMultiByte=9, lpWideCharStr=0xbc9fa0, cchWideChar=9 | out: lpWideCharStr="ole32.dll") returned 9 [0137.217] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x768b0000 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CLSIDFromProgID", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76f0c1c0) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CLSIDFromString", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76ef1390) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoCreateGuid", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76e89f30) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76ee8200) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76eacd50) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoTaskMemAlloc", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76ecd200) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoTaskMemFree", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76eccf40) returned 0x0 [0137.221] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoTaskMemRealloc", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76f0a970) returned 0x0 [0137.222] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76eadca0) returned 0x0 [0137.222] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="IIDFromString", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76ef25d0) returned 0x0 [0137.222] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="ProgIDFromCLSID", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76f0c060) returned 0x0 [0137.222] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="StringFromGUID2", Ordinal=0x0, ProcedureAddress=0xb2f314 | out: ProcedureAddress=0xb2f314*=0x76ef0600) returned 0x0 [0137.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51536d0, cbMultiByte=11, lpWideCharStr=0xbd5d40, cchWideChar=11 | out: lpWideCharStr="version.dll") returned 11 [0137.222] LoadLibraryW (lpLibFileName="version.dll") returned 0x749b0000 [0137.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51536f8, cbMultiByte=10, lpWideCharStr=0xbd5ce0, cchWideChar=10 | out: lpWideCharStr="dnsapi.dll") returned 10 [0137.225] LoadLibraryW (lpLibFileName="dnsapi.dll") returned 0x74920000 [0137.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5153720, cbMultiByte=10, lpWideCharStr=0xbd5f20, cchWideChar=10 | out: lpWideCharStr="ws2_32.dll") returned 10 [0137.233] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x769b0000 [0137.234] VirtualAlloc (lpAddress=0x0, dwSize=0x2b, flAllocationType=0x3000, flProtect=0x40) returned 0x5490000 [0137.234] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="NtOpenKeyEx" | out: DestinationString="NtOpenKeyEx") [0137.234] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.234] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="NtOpenKeyEx", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d09ca0) returned 0x0 [0137.234] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="NtCreateThreadEx" | out: DestinationString="NtCreateThreadEx") [0137.234] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.235] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="NtCreateThreadEx", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d09710) returned 0x0 [0137.235] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="NtRemoveProcessDebug" | out: DestinationString="NtRemoveProcessDebug") [0137.235] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.235] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="NtRemoveProcessDebug", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d0a150) returned 0x0 [0137.235] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="KiFastSystemCall" | out: DestinationString="KiFastSystemCall") [0137.235] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.235] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="KiFastSystemCall", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d0af00) returned 0x0 [0137.235] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="KiIntSystemCall" | out: DestinationString="KiIntSystemCall") [0137.235] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.235] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="KiIntSystemCall", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d0af20) returned 0x0 [0137.235] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="CsrGetProcessId" | out: DestinationString="CsrGetProcessId") [0137.235] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.236] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="CsrGetProcessId", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d4ec80) returned 0x0 [0137.236] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="RtlQueryEnvironmentVariable" | out: DestinationString="RtlQueryEnvironmentVariable") [0137.236] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.236] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlQueryEnvironmentVariable", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77ce8000) returned 0x0 [0137.236] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="RtlSetEnvironmentVar" | out: DestinationString="RtlSetEnvironmentVar") [0137.236] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.236] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlSetEnvironmentVar", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77cf4920) returned 0x0 [0137.236] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="RtlQueryEnvironmentVariable_U" | out: DestinationString="RtlQueryEnvironmentVariable_U") [0137.236] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.236] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlQueryEnvironmentVariable_U", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77cf4870) returned 0x0 [0137.236] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="RtlSetEnvironmentVariable" | out: DestinationString="RtlSetEnvironmentVariable") [0137.236] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.236] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlSetEnvironmentVariable", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77cf48e0) returned 0x0 [0137.236] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="DbgBreakPoint" | out: DestinationString="DbgBreakPoint") [0137.237] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.237] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgBreakPoint", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d0ad10) returned 0x0 [0137.237] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="DbgUiConnectToDbg" | out: DestinationString="DbgUiConnectToDbg") [0137.237] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.237] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgUiConnectToDbg", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d40f90) returned 0x0 [0137.237] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="DbgUiGetThreadDebugObject" | out: DestinationString="DbgUiGetThreadDebugObject") [0137.237] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.237] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgUiGetThreadDebugObject", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d41290) returned 0x0 [0137.237] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="DbgUiStopDebugging" | out: DestinationString="DbgUiStopDebugging") [0137.237] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.237] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="DbgUiStopDebugging", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d41380) returned 0x0 [0137.237] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="memset" | out: DestinationString="memset") [0137.237] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.238] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="memset", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d0ee50) returned 0x0 [0137.238] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="memcpy" | out: DestinationString="memcpy") [0137.238] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.238] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d0e7b0) returned 0x0 [0137.238] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="wcsstr" | out: DestinationString="wcsstr") [0137.238] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.238] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="wcsstr", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77d109b0) returned 0x0 [0137.238] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="RtlRandomEx" | out: DestinationString="RtlRandomEx") [0137.238] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.238] LdrGetProcedureAddress (in: BaseAddress=0x77ca0000, Name="RtlRandomEx", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x77cd75a0) returned 0x0 [0137.238] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="GetProductInfo" | out: DestinationString="GetProductInfo") [0137.238] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.238] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="GetProductInfo", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x75284c80) returned 0x0 [0137.238] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="GetMappedFileNameW" | out: DestinationString="GetMappedFileNameW") [0137.239] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.239] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="GetMappedFileNameW", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x0) returned 0xc0000139 [0137.239] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="GetThreadId" | out: DestinationString="GetThreadId") [0137.239] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.239] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="GetThreadId", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x752a1430) returned 0x0 [0137.239] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="InitializeProcThreadAttributeList" | out: DestinationString="InitializeProcThreadAttributeList") [0137.239] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.239] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="InitializeProcThreadAttributeList", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x74f280b0) returned 0x0 [0137.239] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="UpdateProcThreadAttribute" | out: DestinationString="UpdateProcThreadAttribute") [0137.239] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.239] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="UpdateProcThreadAttribute", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x74f27f50) returned 0x0 [0137.239] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="CreateProcessInternalW" | out: DestinationString="CreateProcessInternalW") [0137.239] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.240] LdrGetProcedureAddress (in: BaseAddress=0x75260000, Name="CreateProcessInternalW", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x752a09e0) returned 0x0 [0137.240] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="ChangeWindowMessageFilter" | out: DestinationString="ChangeWindowMessageFilter") [0137.240] GetModuleHandleA (lpModuleName="user32.dll") returned 0x77150000 [0137.240] LdrGetProcedureAddress (in: BaseAddress=0x77150000, Name="ChangeWindowMessageFilter", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x7716df00) returned 0x0 [0137.240] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="CreateProcessWithTokenW" | out: DestinationString="CreateProcessWithTokenW") [0137.240] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76a10000 [0137.240] LdrGetProcedureAddress (in: BaseAddress=0x76a10000, Name="CreateProcessWithTokenW", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x76a31340) returned 0x0 [0137.240] LoadLibraryA (lpLibFileName="Urlmon.dll") returned 0x747c0000 [0137.258] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="ObtainUserAgentString" | out: DestinationString="ObtainUserAgentString") [0137.258] GetModuleHandleA (lpModuleName="urlmon.dll") returned 0x747c0000 [0137.258] LdrGetProcedureAddress (in: BaseAddress=0x747c0000, Name="ObtainUserAgentString", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x7487fe70) returned 0x0 [0137.258] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="URLDownloadToFileW" | out: DestinationString="URLDownloadToFileW") [0137.258] GetModuleHandleA (lpModuleName="urlmon.dll") returned 0x747c0000 [0137.258] LdrGetProcedureAddress (in: BaseAddress=0x747c0000, Name="URLDownloadToFileW", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x7488be80) returned 0x0 [0137.258] LoadLibraryA (lpLibFileName="Netapi32.dll") returned 0x747a0000 [0137.271] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="NetUserGetInfo" | out: DestinationString="NetUserGetInfo") [0137.272] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x747a0000 [0137.272] LdrGetProcedureAddress (in: BaseAddress=0x747a0000, Name="NetUserGetInfo", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x74722130) returned 0x0 [0137.274] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="SHCreateItemFromParsingName" | out: DestinationString="SHCreateItemFromParsingName") [0137.274] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x768b0000 [0137.275] LdrGetProcedureAddress (in: BaseAddress=0x768b0000, Name="SHCreateItemFromParsingName", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x0) returned 0xc0000139 [0137.275] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="GetAddrInfoW" | out: DestinationString="GetAddrInfoW") [0137.275] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x769b0000 [0137.275] LdrGetProcedureAddress (in: BaseAddress=0x769b0000, Name="GetAddrInfoW", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x769b9d90) returned 0x0 [0137.276] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="GetAddrInfoExW" | out: DestinationString="GetAddrInfoExW") [0137.276] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x769b0000 [0137.276] LdrGetProcedureAddress (in: BaseAddress=0x769b0000, Name="GetAddrInfoExW", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x769b6210) returned 0x0 [0137.276] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="EncryptMessage" | out: DestinationString="EncryptMessage") [0137.276] GetModuleHandleA (lpModuleName="secur32.dll") returned 0x74bf0000 [0137.276] LdrGetProcedureAddress (in: BaseAddress=0x74bf0000, Name="EncryptMessage", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x74dc4550) returned 0x0 [0137.276] LoadLibraryA (lpLibFileName="sfc_os.dll") returned 0x74710000 [0137.279] RtlInitAnsiString (in: DestinationString=0xb2f1b8, SourceString="SfcIsFileProtected" | out: DestinationString="SfcIsFileProtected") [0137.279] GetModuleHandleA (lpModuleName="sfc_os.dll") returned 0x74710000 [0137.279] LdrGetProcedureAddress (in: BaseAddress=0x74710000, Name="SfcIsFileProtected", Ordinal=0x0, ProcedureAddress=0xb2f2dc | out: ProcedureAddress=0xb2f2dc*=0x74714880) returned 0x0 [0137.279] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xb2f58c, nSize=0x103 | out: lpFilename="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20 [0137.279] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\explorer.exe") returned="explorer.exe" [0137.279] lstrcmpiW (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0137.280] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f31c*=0x0, ZeroBits=0x0, RegionSize=0xb2f324*=0xcdf0, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xb2f31c*=0x54a0000, RegionSize=0xb2f324*=0xd000) returned 0x0 [0137.285] VirtualFreeEx (hProcess=0xffffffff, lpAddress=0x5490000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0137.285] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0 [0137.286] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0xb2f78c, lpdwDisposition=0x0 | out: phkResult=0xb2f78c*=0x254, lpdwDisposition=0x0) returned 0x0 [0137.286] RegCloseKey (hKey=0x254) returned 0x0 [0137.286] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\MyMailClient", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x3, lpSecurityAttributes=0x0, phkResult=0xb2f79c, lpdwDisposition=0x0 | out: phkResult=0xb2f79c*=0x254, lpdwDisposition=0x0) returned 0x0 [0137.286] RegCloseKey (hKey=0x254) returned 0x0 [0137.286] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x51212c4) returned 0x0 [0137.287] GetModuleHandleW (lpModuleName="avcuf32.dll") returned 0x0 [0137.287] GetCurrentProcessId () returned 0xbcc [0137.287] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xb2f70c | out: TokenHandle=0xb2f70c*=0x254) returned 1 [0137.287] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0xc, TokenInformation=0xb2f758, TokenInformationLength=0x4, ReturnLength=0xb2f710 | out: TokenInformation=0xb2f758, ReturnLength=0xb2f710) returned 1 [0137.287] CloseHandle (hObject=0x254) returned 1 [0137.287] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xb2f6d4 | out: TokenHandle=0xb2f6d4*=0x254) returned 1 [0137.287] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xb2f6d8 | out: TokenInformation=0x0, ReturnLength=0xb2f6d8) returned 0 [0137.287] GetLastError () returned 0x7a [0137.287] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x19, TokenInformation=0xbd5ce0, TokenInformationLength=0x14, ReturnLength=0xb2f6d8 | out: TokenInformation=0xbd5ce0, ReturnLength=0xb2f6d8) returned 1 [0137.287] GetSidSubAuthorityCount (pSid=0xbd5ce8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0xbd5ce9 [0137.287] GetSidSubAuthority (pSid=0xbd5ce8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0xbd5cf0 [0137.287] CloseHandle (hObject=0x254) returned 1 [0137.287] VirtualAlloc (lpAddress=0x0, dwSize=0x5bc6, flAllocationType=0x3000, flProtect=0x40) returned 0x5490000 [0137.288] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xb2f514, nSize=0x103 | out: lpFilename="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20 [0137.288] GetLongPathNameW (in: lpszShortPath="C:\\Windows\\SysWOW64\\explorer.exe", lpszLongPath=0xb2f304, cchBuffer=0x103 | out: lpszLongPath="C:\\Windows\\SysWOW64\\explorer.exe") returned 0x20 [0137.288] PathFindFileNameW (pszPath="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned="ws97995e1qms.exe" [0137.288] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x0, ProcessInformation=0xb2f2cc, ProcessInformationLength=0x18, ReturnLength=0xb2f2e4 | out: ProcessInformation=0xb2f2cc, ReturnLength=0xb2f2e4) returned 0x0 [0137.289] NtOpenProcess (in: ProcessHandle=0xb2f0a0, DesiredAccess=0x400, ObjectAttributes=0xb2f080*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xb2f098*(UniqueProcess=0x73c, UniqueThread=0x0) | out: ProcessHandle=0xb2f0a0*=0x254) returned 0x0 [0137.289] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.289] SetLastError (dwErrCode=0x0) [0137.289] NtQueryInformationProcess (in: ProcessHandle=0x254, ProcessInformationClass=0x2b, ProcessInformation=0xbe5910, ProcessInformationLength=0x826, ReturnLength=0xb2f0a0 | out: ProcessInformation=0xbe5910, ReturnLength=0xb2f0a0) returned 0xc0000001 [0137.289] RtlNtStatusToDosError (Status=0xc0000001) returned 0x1f [0137.289] SetLastError (dwErrCode=0x1f) [0137.289] NtClose (Handle=0x254) returned 0x0 [0137.289] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0xb2f768, ProcessInformationLength=0x4, ReturnLength=0xb2f764 | out: ProcessInformation=0xb2f768, ReturnLength=0xb2f764) returned 0x0 [0137.289] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77ca0000 [0137.289] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75260000 [0137.289] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76a10000 [0137.289] GetModuleHandleA (lpModuleName="user32.dll") returned 0x77150000 [0137.289] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x769b0000 [0137.290] GetModuleHandleA (lpModuleName="wininet.dll") returned 0x749c0000 [0137.290] GetSystemDirectoryW (in: lpBuffer=0xb2f514, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0137.290] GetVolumeInformationW (in: lpRootPathName=0x0, lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0xb2f71c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xb2f71c*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0137.290] GetTickCount () returned 0x2f42a [0137.290] GetCurrentThreadId () returned 0x7a0 [0137.290] RtlRandom (in: Seed=0xb2f6d8 | out: Seed=0xb2f6d8) returned 0x3dda27a1 [0137.290] GetTickCount () returned 0x2f42a [0137.290] GetCurrentThreadId () returned 0x7a0 [0137.290] RtlRandom (in: Seed=0xb2f6d8 | out: Seed=0xb2f6d8) returned 0x292da7db [0137.290] GetTickCount () returned 0x2f42a [0137.290] GetCurrentThreadId () returned 0x7a0 [0137.290] RtlRandom (in: Seed=0xb2f6d8 | out: Seed=0xb2f6d8) returned 0x7ed1d331 [0137.290] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x254 [0137.290] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77d50241, lpParameter=0xbcfdb0, dwCreationFlags=0x4, lpThreadId=0xb2f6fc | out: lpThreadId=0xb2f6fc*=0xa9c) returned 0x258 [0137.291] NtGetContextThread (in: ThreadHandle=0x258, Context=0xb2f40c | out: Context=0xb2f40c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xbcfdb0, Edx=0x0, Ecx=0x0, Eax=0x77d50241, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x555fa74, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.292] NtSetContextThread (ThreadHandle=0x258, Context=0xb2f40c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xbcfdb0, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x555fa74, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.292] NtResumeThread (in: ThreadHandle=0x258, SuspendCount=0xb2f6f0 | out: SuspendCount=0xb2f6f0*=0x1) returned 0x0 [0137.292] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x7d0) returned 0x0 [0137.292] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0xa9c) returned 0x260 [0137.292] BuildExplicitAccessWithNameA () returned 0x0 [0137.292] SetEntriesInAclA () returned 0x0 [0137.298] SetSecurityInfo () returned 0x0 [0137.298] LocalFree (hMem=0xbe5cd0) returned 0x0 [0137.298] CloseHandle (hObject=0x254) returned 1 [0137.299] CloseHandle (hObject=0x258) returned 1 [0137.299] GetSystemTime (in: lpSystemTime=0x5492d83 | out: lpSystemTime=0x5492d83*(wYear=0x7e3, wMonth=0x1, wDayOfWeek=0x2, wDay=0x8, wHour=0x9, wMinute=0x1a, wSecond=0x2e, wMilliseconds=0x71)) [0137.299] GetNativeSystemInfo (in: lpSystemInfo=0xb2f65c | out: lpSystemInfo=0xb2f65c*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0137.299] GetVersionExA (in: lpVersionInformation=0xb2f680*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xb2f680*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0137.299] GetProductInfo (in: dwOSMajorVersion=0xa, dwOSMinorVersion=0x0, dwSpMajorVersion=0x0, dwSpMinorVersion=0x0, pdwReturnedProductType=0xb2f71c | out: pdwReturnedProductType=0xb2f71c) returned 1 [0137.299] GetLocaleInfoA (in: Locale=0x800, LCType=0x5a, lpLCData=0xb2f718, cchData=7 | out: lpLCData="US") returned 3 [0137.299] CharUpperBuffA (in: lpsz="US", cchLength=0x2 | out: lpsz="US") returned 0x2 [0137.299] SHGetFolderPathW (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x54904d7 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x0 [0137.302] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming")) returned 0x10 [0137.302] SHGetFolderPathW (in: hwnd=0x0, csidl=32808, hToken=0x0, dwFlags=0x0, pszPath=0x54902cf | out: pszPath="C:\\Users\\CIiHmnxMn6Ps") returned 0x0 [0137.303] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps" (normalized: "c:\\users\\ciihmnxmn6ps")) returned 0x10 [0137.303] SHGetFolderPathW (in: hwnd=0x0, csidl=32803, hToken=0x0, dwFlags=0x0, pszPath=0x54906df | out: pszPath="C:\\ProgramData") returned 0x0 [0137.303] GetFileAttributesW (lpFileName="C:\\ProgramData" (normalized: "c:\\programdata")) returned 0x2016 [0137.303] SHGetFolderPathW (in: hwnd=0x0, csidl=32775, hToken=0x0, dwFlags=0x0, pszPath=0x5491107 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0137.305] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup")) returned 0x11 [0137.305] SHGetFolderPathW (in: hwnd=0x0, csidl=32792, hToken=0x0, dwFlags=0x0, pszPath=0x549130f | out: pszPath="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0137.335] GetFileAttributesW (lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup")) returned 0x11 [0137.336] SHGetFolderPathW (in: hwnd=0x0, csidl=32773, hToken=0x0, dwFlags=0x0, pszPath=0x54908e7 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Documents") returned 0x0 [0137.336] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Documents" (normalized: "c:\\users\\ciihmnxmn6ps\\documents")) returned 0x11 [0137.336] SHGetFolderPathW (in: hwnd=0x0, csidl=32781, hToken=0x0, dwFlags=0x0, pszPath=0x5490cf7 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Music") returned 0x0 [0137.337] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Music" (normalized: "c:\\users\\ciihmnxmn6ps\\music")) returned 0x11 [0137.337] SHGetFolderPathW (in: hwnd=0x0, csidl=32782, hToken=0x0, dwFlags=0x0, pszPath=0x5490eff | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Videos") returned 0x0 [0137.488] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Videos" (normalized: "c:\\users\\ciihmnxmn6ps\\videos")) returned 0x11 [0137.488] SHGetFolderPathW (in: hwnd=0x0, csidl=32807, hToken=0x0, dwFlags=0x0, pszPath=0x5490aef | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\Pictures") returned 0x0 [0137.489] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures")) returned 0x11 [0137.489] SHGetFolderPathW (in: hwnd=0x0, csidl=32806, hToken=0x0, dwFlags=0x0, pszPath=0x5491517 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0137.490] GetFileAttributesW (lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)")) returned 0x11 [0137.490] SHGetFolderPathW (in: hwnd=0x0, csidl=32810, hToken=0x0, dwFlags=0x0, pszPath=0x549171f | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0137.490] GetFileAttributesW (lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)")) returned 0x11 [0137.490] GetModuleHandleA (lpModuleName="firefox.exe") returned 0x0 [0137.490] GetModuleHandleA (lpModuleName="tbb-firefox.exe") returned 0x0 [0137.491] GetModuleHandleA (lpModuleName="iexplore.exe") returned 0x0 [0137.491] GetModuleHandleW (lpModuleName="chrome.exe") returned 0x0 [0137.491] GetModuleHandleW (lpModuleName="chrome.dll") returned 0x0 [0137.491] GetSystemPowerStatus (in: lpSystemPowerStatus=0xb2f710 | out: lpSystemPowerStatus=0xb2f710) returned 1 [0137.491] GetSystemMetrics (nIndex=67) returned 0 [0137.496] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlQueryElevationFlags") returned 0x77d04fe0 [0137.497] RtlQueryElevationFlags () returned 0x0 [0137.497] wvnsprintfA (in: pszDest=0xb2f24c, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="2F") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f24e, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="91") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f250, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="70") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f252, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="68") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f254, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="DC") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f256, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="0D") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f258, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="AD") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f25a, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="E9") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f25c, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="C5") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f25e, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="64") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f260, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="77") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f262, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="CB") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f264, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="D6") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f266, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="7F") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f268, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="E7") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f26a, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f240 | out: pszDest="B8") returned 2 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f158, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f040 | out: pszDest="CG1CG1_11980343") returned 15 [0137.497] SetLastError (dwErrCode=0x0) [0137.497] wvnsprintfA (in: pszDest=0xb2f058, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f03c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0137.497] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f3fc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f2d8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f268, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f150 | out: pszDest="BISBIS_11980343") returned 15 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f168, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f14c | out: pszDest="eb57aba56f84861f1c11d2fcde048a2c") returned 32 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f3fc, cbMultiByte=95, lpWideCharStr=0xbead10, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.498] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f3dc | out: phkResult=0xb2f3dc*=0x2bc) returned 0x0 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] SetLastError (dwErrCode=0x0) [0137.498] RegQueryValueExA (in: hKey=0x2bc, lpValueName="eb57aba56f848", lpReserved=0x0, lpType=0xb2f3d4, lpData=0xb2f598, lpcbData=0xb2f3d8*=0x4 | out: lpType=0xb2f3d4*=0x0, lpData=0xb2f598*=0x0, lpcbData=0xb2f3d8*=0x4) returned 0x2 [0137.498] RegCloseKey (hKey=0x2bc) returned 0x0 [0137.498] SetLastError (dwErrCode=0x2) [0137.498] GetLastError () returned 0x2 [0137.498] SetLastError (dwErrCode=0x2) [0137.498] wvnsprintfA (in: pszDest=0xb2f158, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f040 | out: pszDest="CG1CG1_11980343") returned 15 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f058, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f03c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f3fc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f2d8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f268, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f150 | out: pszDest="UTWUTW_11980343") returned 15 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] wvnsprintfA (in: pszDest=0xb2f168, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f14c | out: pszDest="053351c4408b7c813fd8cd74d9140b97") returned 32 [0137.498] SetLastError (dwErrCode=0x0) [0137.498] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f3fc, cbMultiByte=95, lpWideCharStr=0xbead10, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.498] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f3dc | out: phkResult=0xb2f3dc*=0x2bc) returned 0x0 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] SetLastError (dwErrCode=0x0) [0137.499] RegQueryValueExA (in: hKey=0x2bc, lpValueName="053351c4408b7c813", lpReserved=0x0, lpType=0xb2f3d4, lpData=0xb2f598, lpcbData=0xb2f3d8*=0x4 | out: lpType=0xb2f3d4*=0x0, lpData=0xb2f598*=0x0, lpcbData=0xb2f3d8*=0x4) returned 0x2 [0137.499] RegCloseKey (hKey=0x2bc) returned 0x0 [0137.499] SetLastError (dwErrCode=0x2) [0137.499] GetLastError () returned 0x2 [0137.499] SetLastError (dwErrCode=0x2) [0137.499] wvnsprintfA (in: pszDest=0xb2f158, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f040 | out: pszDest="CG1CG1_11980343") returned 15 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] wvnsprintfA (in: pszDest=0xb2f058, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f03c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] wvnsprintfA (in: pszDest=0xb2f3fc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f2d8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] wvnsprintfA (in: pszDest=0xb2f268, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f150 | out: pszDest="UTWSUTWS_11980343") returned 17 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] wvnsprintfA (in: pszDest=0xb2f168, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f14c | out: pszDest="7f9ca0f406c3b226fe65080b2c4727be") returned 32 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f3fc, cbMultiByte=95, lpWideCharStr=0xbead10, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.499] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f3dc | out: phkResult=0xb2f3dc*=0x2bc) returned 0x0 [0137.499] SetLastError (dwErrCode=0x0) [0137.499] SetLastError (dwErrCode=0x0) [0137.499] RegQueryValueExA (in: hKey=0x2bc, lpValueName="7f9ca0f406c3b226", lpReserved=0x0, lpType=0xb2f3d4, lpData=0xb2f598, lpcbData=0xb2f3d8*=0x4 | out: lpType=0xb2f3d4*=0x0, lpData=0xb2f598*=0x0, lpcbData=0xb2f3d8*=0x4) returned 0x2 [0137.499] RegCloseKey (hKey=0x2bc) returned 0x0 [0137.499] SetLastError (dwErrCode=0x2) [0137.499] GetLastError () returned 0x2 [0137.499] SetLastError (dwErrCode=0x2) [0137.499] GetSystemMetrics (nIndex=1) returned 900 [0137.499] GetSystemMetrics (nIndex=0) returned 1440 [0137.500] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x14, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x12, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x11, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0xa, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0xf, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x13, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x9, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x17, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x2, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0xc0000061 [0137.500] RtlAdjustPrivilege (in: Privilege=0x6, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0xc0000061 [0137.500] RtlAdjustPrivilege (in: Privilege=0x8, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x3, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0xc0000061 [0137.500] RtlAdjustPrivilege (in: Privilege=0x1e, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.500] RtlAdjustPrivilege (in: Privilege=0x21, NewValue=1, ForThread=0, OldValue=0xb2f71f | out: OldValue=0xb2f71f) returned 0x0 [0137.501] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5159a10, nSize=0xb2f71c | out: lpNameBuffer="LHNIWSJ\\CIiHmnxMn6Ps", nSize=0xb2f71c) returned 0x1 [0137.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f66c | out: phkResult=0xb2f66c*=0x2c0) returned 0x0 [0137.502] SetLastError (dwErrCode=0x0) [0137.502] RegQueryValueExW (in: hKey=0x2c0, lpValueName="ProcessorNameString", lpReserved=0x0, lpType=0xb2f664, lpData=0x5159c18, lpcbData=0xb2f668*=0xfe | out: lpType=0xb2f664*=0x1, lpData="Intel (R) Core(TM) i5-7500 CPU @ 3.40GHz", lpcbData=0xb2f668*=0x52) returned 0x0 [0137.502] RegCloseKey (hKey=0x2c0) returned 0x0 [0137.502] SetLastError (dwErrCode=0x0) [0137.502] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x0, lpDisplayDevice=0xb2f340, dwFlags=0x0 | out: lpDisplayDevice=0xb2f340) returned 1 [0137.502] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0137.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148f78, cbMultiByte=44, lpWideCharStr=0xbeaf20, cchWideChar=44 | out: lpWideCharStr="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion") returned 44 [0137.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f678 | out: phkResult=0xb2f678*=0x2c0) returned 0x0 [0137.502] SetLastError (dwErrCode=0x0) [0137.502] SetLastError (dwErrCode=0x0) [0137.502] RegQueryValueExA (in: hKey=0x2c0, lpValueName="ProductId", lpReserved=0x0, lpType=0xb2f670, lpData=0xb2f698, lpcbData=0xb2f674*=0x7f | out: lpType=0xb2f670*=0x1, lpData="00330-80107-01105-AA992", lpcbData=0xb2f674*=0x18) returned 0x0 [0137.502] RegCloseKey (hKey=0x2c0) returned 0x0 [0137.502] SetLastError (dwErrCode=0x0) [0137.503] GetProcAddress (hModule=0x75260000, lpProcName="K32GetMappedFileNameW") returned 0x752a18b0 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="jp2launcher.exe") returned 1 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="origin.exe") returned 1 [0137.503] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="origin.exe") returned -1 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="steam.exe") returned -1 [0137.503] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="steam.exe") returned -1 [0137.503] lstrcmpiW (lpString1="origin.exe", lpString2="steam.exe") returned -1 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="winlogon.exe") returned -1 [0137.503] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="winlogon.exe") returned -1 [0137.503] lstrcmpiW (lpString1="origin.exe", lpString2="winlogon.exe") returned -1 [0137.503] lstrcmpiW (lpString1="steam.exe", lpString2="winlogon.exe") returned -1 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="csrss.exe") returned 1 [0137.503] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="csrss.exe") returned 1 [0137.503] lstrcmpiW (lpString1="origin.exe", lpString2="csrss.exe") returned 1 [0137.503] lstrcmpiW (lpString1="steam.exe", lpString2="csrss.exe") returned 1 [0137.503] lstrcmpiW (lpString1="winlogon.exe", lpString2="csrss.exe") returned 1 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="services.exe") returned 1 [0137.503] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="services.exe") returned -1 [0137.503] lstrcmpiW (lpString1="origin.exe", lpString2="services.exe") returned -1 [0137.503] lstrcmpiW (lpString1="steam.exe", lpString2="services.exe") returned 1 [0137.503] lstrcmpiW (lpString1="winlogon.exe", lpString2="services.exe") returned 1 [0137.503] lstrcmpiW (lpString1="csrss.exe", lpString2="services.exe") returned -1 [0137.503] lstrcmpiW (lpString1="skype.exe", lpString2="lsass.exe") returned 1 [0137.504] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="lsass.exe") returned -1 [0137.504] lstrcmpiW (lpString1="origin.exe", lpString2="lsass.exe") returned 1 [0137.504] lstrcmpiW (lpString1="steam.exe", lpString2="lsass.exe") returned 1 [0137.504] lstrcmpiW (lpString1="winlogon.exe", lpString2="lsass.exe") returned 1 [0137.504] lstrcmpiW (lpString1="csrss.exe", lpString2="lsass.exe") returned -1 [0137.504] lstrcmpiW (lpString1="services.exe", lpString2="lsass.exe") returned 1 [0137.504] lstrcmpiW (lpString1="skype.exe", lpString2="spoolsv.exe") returned -1 [0137.504] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="spoolsv.exe") returned -1 [0137.504] lstrcmpiW (lpString1="origin.exe", lpString2="spoolsv.exe") returned -1 [0137.504] lstrcmpiW (lpString1="steam.exe", lpString2="spoolsv.exe") returned 1 [0137.504] lstrcmpiW (lpString1="winlogon.exe", lpString2="spoolsv.exe") returned 1 [0137.504] lstrcmpiW (lpString1="csrss.exe", lpString2="spoolsv.exe") returned -1 [0137.504] lstrcmpiW (lpString1="services.exe", lpString2="spoolsv.exe") returned -1 [0137.504] lstrcmpiW (lpString1="lsass.exe", lpString2="spoolsv.exe") returned -1 [0137.504] lstrcmpiW (lpString1="skype.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="origin.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="steam.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="winlogon.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="csrss.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="services.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="lsass.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="spoolsv.exe", lpString2="conhost.exe") returned 1 [0137.504] lstrcmpiW (lpString1="skype.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="origin.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="steam.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="winlogon.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="csrss.exe", lpString2="DsmUserTask.exe") returned -1 [0137.504] lstrcmpiW (lpString1="services.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="lsass.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="spoolsv.exe", lpString2="DsmUserTask.exe") returned 1 [0137.504] lstrcmpiW (lpString1="conhost.exe", lpString2="DsmUserTask.exe") returned -1 [0137.504] lstrcmpiW (lpString1="skype.exe", lpString2="dwm.exe") returned 1 [0137.504] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="dwm.exe") returned 1 [0137.504] lstrcmpiW (lpString1="origin.exe", lpString2="dwm.exe") returned 1 [0137.504] lstrcmpiW (lpString1="steam.exe", lpString2="dwm.exe") returned 1 [0137.505] lstrcmpiW (lpString1="winlogon.exe", lpString2="dwm.exe") returned 1 [0137.505] lstrcmpiW (lpString1="csrss.exe", lpString2="dwm.exe") returned -1 [0137.505] lstrcmpiW (lpString1="services.exe", lpString2="dwm.exe") returned 1 [0137.505] lstrcmpiW (lpString1="lsass.exe", lpString2="dwm.exe") returned 1 [0137.505] lstrcmpiW (lpString1="spoolsv.exe", lpString2="dwm.exe") returned 1 [0137.505] lstrcmpiW (lpString1="conhost.exe", lpString2="dwm.exe") returned -1 [0137.505] lstrcmpiW (lpString1="DsmUserTask.exe", lpString2="dwm.exe") returned -1 [0137.505] lstrcmpiW (lpString1="skype.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="jp2launcher.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="origin.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="steam.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="winlogon.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="csrss.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="services.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="lsass.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="spoolsv.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="conhost.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="DsmUserTask.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] lstrcmpiW (lpString1="dwm.exe", lpString2="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 1 [0137.505] GetTickCount () returned 0x2f504 [0137.505] GetCurrentThreadId () returned 0x7a0 [0137.505] RtlRandom (in: Seed=0xb2f714 | out: Seed=0xb2f714) returned 0xd3b0d2e3 [0137.505] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x77d0ad10, dwSize=0x10, flNewProtect=0x40, lpflOldProtect=0xb2f71c | out: lpflOldProtect=0xb2f71c*=0x20) returned 1 [0137.505] wvnsprintfA (in: pszDest=0xb2f68c, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="2F") returned 2 [0137.505] SetLastError (dwErrCode=0x0) [0137.505] wvnsprintfA (in: pszDest=0xb2f68e, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="91") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f690, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="70") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f692, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="68") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f694, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="DC") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f696, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="0D") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f698, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="AD") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f69a, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="E9") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f69c, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="C5") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f69e, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="64") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f6a0, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="77") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f6a2, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="CB") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f6a4, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="D6") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f6a6, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="7F") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f6a8, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="E7") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfA (in: pszDest=0xb2f6aa, cchDest=2147483647, pszFmt="%02X", arglist=0xb2f680 | out: pszDest="B8") returned 2 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] wvnsprintfW (in: pszDest=0xb2f554, cchDest=260, pszFmt="/%s", arglist=0xb2f548 | out: pszDest="/ro") returned 3 [0137.506] SetLastError (dwErrCode=0x0) [0137.506] GetCommandLineW () returned="C:\\Windows\\SysWOW64\\explorer.exe" [0137.506] CommandLineToArgvW (in: lpCmdLine="C:\\Windows\\SysWOW64\\explorer.exe", pNumArgs=0xb2f75c | out: pNumArgs=0xb2f75c) returned 0xbeaf20*="C:\\Windows\\SysWOW64\\explorer.exe" [0137.507] LocalFree (hMem=0xbeaf20) returned 0x0 [0137.507] GetCommandLineW () returned="C:\\Windows\\SysWOW64\\explorer.exe" [0137.507] CharLowerBuffW (in: lpsz="C:\\Windows\\SysWOW64\\explorer.exe", cchLength=0x20 | out: lpsz="c:\\windows\\syswow64\\explorer.exe") returned 0x20 [0137.507] CommandLineToArgvW (in: lpCmdLine="c:\\windows\\syswow64\\explorer.exe", pNumArgs=0xb2f76c | out: pNumArgs=0xb2f76c) returned 0xbeaf20*="c:\\windows\\syswow64\\explorer.exe" [0137.507] LocalFree (hMem=0xbeaf20) returned 0x0 [0137.507] ReadProcessMemory (in: hProcess=0xffffffff, lpBaseAddress=0x5145098, lpBuffer=0xbef790, nSize=0x400, lpNumberOfBytesRead=0xb2f754 | out: lpBuffer=0xbef790*, lpNumberOfBytesRead=0xb2f754*=0x400) returned 1 [0137.507] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x900, flAllocationType=0x3000, flProtect=0x4) returned 0x54c0000 [0137.507] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x900, flAllocationType=0x3000, flProtect=0x4) returned 0x5560000 [0137.507] BuildExplicitAccessWithNameA () returned 0x0 [0137.507] SetEntriesInAclA () returned 0x0 [0137.508] SetSecurityInfo () returned 0x0 [0137.508] LocalFree (hMem=0xbe5a28) returned 0x0 [0137.508] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xb2f5e0 | out: lpWSAData=0xb2f5e0) returned 0 [0137.511] GetDesktopWindow () returned 0x10010 [0137.511] GetTopWindow (hWnd=0x10010) returned 0x100d6 [0137.511] GetProcAddress (hModule=0x77ca0000, lpProcName="wine_get_version") returned 0x0 [0137.511] GetProcAddress (hModule=0x75260000, lpProcName="wine_get_unix_file_name") returned 0x0 [0137.511] GetModuleHandleW (lpModuleName="avcuf32.dll") returned 0x0 [0137.511] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb2f560, nSize=0xb2f768 | out: lpNameBuffer="LHNIWSJ\\CIiHmnxMn6Ps", nSize=0xb2f768) returned 0x1 [0137.512] NetUserGetInfo (in: servername=0x0, username="CIiHmnxMn6Ps", level=0x2, bufptr=0xb2f76c | out: bufptr=0xbf6fe8*(usri2_name="CIiHmnxMn6Ps", usri2_password=0x0, usri2_password_age=0x1db4358, usri2_priv=0x2, usri2_home_dir="", usri2_comment="", usri2_flags=0x10201, usri2_script_path="", usri2_auth_flags=0x0, usri2_full_name="", usri2_usr_comment="", usri2_parms="", usri2_workstations="", usri2_last_logon=0x5bc7e4c1, usri2_last_logoff=0x0, usri2_acct_expires=0xffffffff, usri2_max_storage=0xffffffff, usri2_units_per_week=0xa8, usri2_logon_hours=0xbf7073, usri2_bad_pw_count=0x0, usri2_num_logons=0x28, usri2_logon_server="\\\\*", usri2_country_code=0x1, usri2_code_page=0x4e4)) returned 0x0 [0137.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xb2f548 | out: lpSystemTimeAsFileTime=0xb2f548*(dwLowDateTime=0x467d112d, dwHighDateTime=0x1d4a734)) [0137.518] RtlTimeToSecondsSince1970 (in: Time=0xb2f548, ElapsedSeconds=0xb2f550 | out: ElapsedSeconds=0xb2f550) returned 1 [0137.518] GetTickCount () returned 0x2f514 [0137.518] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f6f4*=0x0, ZeroBits=0x0, RegionSize=0xb2f704*=0x19d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xb2f6f4*=0x5570000, RegionSize=0xb2f704*=0x1000) returned 0x0 [0137.518] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.518] SetLastError (dwErrCode=0x0) [0137.518] QueueUserAPC (pfnAPC=0x5570000, hThread=0xfffffffe, dwData=0xbf7098) returned 0x1 [0137.518] SleepEx (dwMilliseconds=0xa, bAlertable=1) returned 0xc0 [0137.519] wvnsprintfA (in: pszDest=0xb2f320, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f208 | out: pszDest="CG1CG1_11980343") returned 15 [0137.519] SetLastError (dwErrCode=0x0) [0137.519] wvnsprintfA (in: pszDest=0xb2f220, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f204 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0137.519] SetLastError (dwErrCode=0x0) [0137.519] wvnsprintfA (in: pszDest=0xb2f5c4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f4a0 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.519] SetLastError (dwErrCode=0x0) [0137.519] wvnsprintfA (in: pszDest=0xb2f430, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f318 | out: pszDest="LSFLSF_11980343") returned 15 [0137.519] SetLastError (dwErrCode=0x0) [0137.519] wvnsprintfA (in: pszDest=0xb2f330, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f314 | out: pszDest="cb7bbbee06636e535c7c377204c5eb13") returned 32 [0137.519] SetLastError (dwErrCode=0x0) [0137.519] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f5c4, cbMultiByte=95, lpWideCharStr=0xbf7098, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.519] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f5a4 | out: phkResult=0xb2f5a4*=0x2d8) returned 0x0 [0137.519] SetLastError (dwErrCode=0x0) [0137.519] SetLastError (dwErrCode=0x0) [0137.519] RegQueryValueExA (in: hKey=0x2d8, lpValueName="cb7bbbee06636e5", lpReserved=0x0, lpType=0xb2f59c, lpData=0xb2f760, lpcbData=0xb2f5a0*=0x4 | out: lpType=0xb2f59c*=0x0, lpData=0xb2f760*=0x0, lpcbData=0xb2f5a0*=0x4) returned 0x2 [0137.519] RegCloseKey (hKey=0x2d8) returned 0x0 [0137.519] SetLastError (dwErrCode=0x2) [0137.519] GetLastError () returned 0x2 [0137.519] SetLastError (dwErrCode=0x2) [0137.519] GetProcAddress (hModule=0x769b0000, lpProcName="GetAddrInfoW") returned 0x769b9d90 [0137.520] GetProcAddress (hModule=0x769b0000, lpProcName="GetAddrInfoExW") returned 0x769b6210 [0137.520] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x5580000 [0137.520] VirtualAlloc (lpAddress=0x0, dwSize=0xd5c, flAllocationType=0x3000, flProtect=0x40) returned 0x5590000 [0137.520] VirtualAlloc (lpAddress=0x0, dwSize=0xb822, flAllocationType=0x3000, flProtect=0x40) returned 0x55a0000 [0137.521] VirtualQuery (in: lpAddress=0x64ae1e60, lpBuffer=0xb2f60c, dwLength=0x1c | out: lpBuffer=0xb2f60c*(BaseAddress=0x64ae1000, AllocationBase=0x64ae0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0137.521] wvnsprintfA (in: pszDest=0xb2f1e0, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f0c8 | out: pszDest="CG1CG1_11980343") returned 15 [0137.521] SetLastError (dwErrCode=0x0) [0137.521] wvnsprintfA (in: pszDest=0xb2f0e0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f0c4 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0137.521] SetLastError (dwErrCode=0x0) [0137.521] wvnsprintfA (in: pszDest=0xb2f484, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f360 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.521] SetLastError (dwErrCode=0x0) [0137.521] wvnsprintfA (in: pszDest=0xb2f2f0, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f1d8 | out: pszDest="NUKNUK_11980343") returned 15 [0137.521] SetLastError (dwErrCode=0x0) [0137.522] wvnsprintfA (in: pszDest=0xb2f1f0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f1d4 | out: pszDest="02693813c9e94deda8ce7fd43e65215b") returned 32 [0137.522] SetLastError (dwErrCode=0x0) [0137.522] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f484, cbMultiByte=95, lpWideCharStr=0xbf7098, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0137.522] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f464 | out: phkResult=0xb2f464*=0x2d8) returned 0x0 [0137.522] SetLastError (dwErrCode=0x0) [0137.522] SetLastError (dwErrCode=0x0) [0137.522] RegQueryValueExA (in: hKey=0x2d8, lpValueName="02693813c9e94ded", lpReserved=0x0, lpType=0xb2f45c, lpData=0xb2f620, lpcbData=0xb2f460*=0x4 | out: lpType=0xb2f45c*=0x0, lpData=0xb2f620*=0x0, lpcbData=0xb2f460*=0x4) returned 0x2 [0137.522] RegCloseKey (hKey=0x2d8) returned 0x0 [0137.522] SetLastError (dwErrCode=0x2) [0137.522] GetLastError () returned 0x2 [0137.522] SetLastError (dwErrCode=0x2) [0137.522] GetModuleHandleA (lpModuleName="ssleay32.dll") returned 0x0 [0137.522] GetModuleHandleA (lpModuleName="secur32.dll") returned 0x74bf0000 [0137.522] GetModuleFileNameW (in: hModule=0x77ca0000, lpFilename=0xbf7098, nSize=0x103 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0137.523] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0137.523] CreateFileMappingW (hFile=0x2d8, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2dc [0137.523] MapViewOfFile (hFileMappingObject=0x2dc, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x7060000 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.525] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] lstrcmpiW (lpString1="C:\\Windows\\SYSTEM32\\ntdll.dll", lpString2="C:\\Windows\\SYSTEM32\\ntdll.dll") returned 0 [0137.526] UnmapViewOfFile (lpBaseAddress=0x7060000) returned 1 [0137.526] CloseHandle (hObject=0x2dc) returned 1 [0137.526] CloseHandle (hObject=0x2d8) returned 1 [0137.527] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0xb2efdc | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0137.527] CharLowerBuffW (in: lpsz="C:\\ProgramData\\Task Protect 2.3", cchLength=0x20 | out: lpsz="c:\\programdata\\task protect 2.3") returned 0x20 [0137.527] CharLowerBuffW (in: lpsz="Windows\\CurrentVersion\\Run", cchLength=0x1b | out: lpsz="windows\\currentversion\\run") returned 0x1b [0137.527] CharLowerBuffW (in: lpsz="Task Protect 2.3", cchLength=0x11 | out: lpsz="task protect 2.3") returned 0x11 [0137.527] wvnsprintfW (in: pszDest=0xb2f408, cchDest=2147483647, pszFmt="Windows NT\\CurrentVersion\\Image File Execution Options\\%s", arglist=0xb2f1f0 | out: pszDest="Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe") returned 71 [0137.527] SetLastError (dwErrCode=0x0) [0137.527] CharLowerBuffW (in: lpsz="Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe", cchLength=0x48 | out: lpsz="windows nt\\currentversion\\image file execution options\\ws97995e1qms.exe") returned 0x48 [0137.527] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f1e8*=0x513ab24, NumberOfBytesToProtect=0xb2f1d8, NewAccessProtection=0x40, OldAccessProtection=0xb2f61c | out: BaseAddress=0xb2f1e8*=0x513a000, NumberOfBytesToProtect=0xb2f1d8, OldAccessProtection=0xb2f61c*=0x40) returned 0x0 [0137.527] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.527] SetLastError (dwErrCode=0x0) [0137.527] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f1e8*=0x513ab7d, NumberOfBytesToProtect=0xb2f1d8, NewAccessProtection=0x40, OldAccessProtection=0xb2f61c | out: BaseAddress=0xb2f1e8*=0x513a000, NumberOfBytesToProtect=0xb2f1d8, OldAccessProtection=0xb2f61c*=0x40) returned 0x0 [0137.527] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.527] SetLastError (dwErrCode=0x0) [0137.527] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x779f0000 [0137.527] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x779f0000 [0137.527] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x779f0000 [0137.527] GetPriorityClass (hProcess=0xffffffff) returned 0x20 [0137.528] SetPriorityClass (hProcess=0xffffffff, dwPriorityClass=0x4000) returned 1 [0137.537] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f534*=0x77a2552a, NumberOfBytesToProtect=0xb2f524, NewAccessProtection=0x40, OldAccessProtection=0xb2f574 | out: BaseAddress=0xb2f534*=0x77a25000, NumberOfBytesToProtect=0xb2f524, OldAccessProtection=0xb2f574*=0x20) returned 0x0 [0137.537] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.537] SetLastError (dwErrCode=0x0) [0137.537] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f534*=0x77a25630, NumberOfBytesToProtect=0xb2f524, NewAccessProtection=0x40, OldAccessProtection=0xb2f578 | out: BaseAddress=0xb2f534*=0x77a25000, NumberOfBytesToProtect=0xb2f524, OldAccessProtection=0xb2f578*=0x80) returned 0x0 [0137.537] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.537] SetLastError (dwErrCode=0x0) [0137.538] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f534*=0x77a25630, NumberOfBytesToProtect=0xb2f524, NewAccessProtection=0x80, OldAccessProtection=0xb2f578 | out: BaseAddress=0xb2f534*=0x77a25000, NumberOfBytesToProtect=0xb2f524, OldAccessProtection=0xb2f578*=0x40) returned 0x0 [0137.538] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.538] SetLastError (dwErrCode=0x0) [0137.538] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xb2f534*=0x77a2552a, NumberOfBytesToProtect=0xb2f524, NewAccessProtection=0x20, OldAccessProtection=0xb2f578 | out: BaseAddress=0xb2f534*=0x77a25000, NumberOfBytesToProtect=0xb2f524, OldAccessProtection=0xb2f578*=0x40) returned 0x0 [0137.538] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0137.538] SetLastError (dwErrCode=0x0) [0137.538] SetPriorityClass (hProcess=0xffffffff, dwPriorityClass=0x20) returned 1 [0137.538] Sleep (dwMilliseconds=0x3c) [0137.604] GetModuleHandleW (lpModuleName=0x0) returned 0xd20000 [0137.604] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x5) returned 0xbe5b68 [0137.604] OpenServiceW (hSCManager=0xbe5b68, lpServiceName="SSDPSRV", dwDesiredAccess=0x16) returned 0xbe5c08 [0137.605] QueryServiceStatus (in: hService=0xbe5c08, lpServiceStatus=0xb2f520 | out: lpServiceStatus=0xb2f520*(dwServiceType=0x20, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0137.605] ChangeServiceConfigW (in: hService=0xbe5c08, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0137.605] CloseServiceHandle (hSCObject=0xbe5c08) returned 1 [0137.605] CloseServiceHandle (hSCObject=0xbe5b68) returned 1 [0137.606] GetSystemWow64DirectoryW (in: lpBuffer=0xb2f110, uSize=0x103 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0137.606] PathAppendW (in: pszPath="C:\\Windows\\SysWOW64", pMore="explorer.exe" | out: pszPath="C:\\Windows\\SysWOW64\\explorer.exe") returned 1 [0137.606] GetFileAttributesW (lpFileName="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20 [0137.606] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2dc [0137.606] GetFileSize (in: hFile=0x2dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3db190 [0137.606] ReadFile (in: hFile=0x2dc, lpBuffer=0xb2edb8, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0xb2f0f0, lpOverlapped=0x0 | out: lpBuffer=0xb2edb8*, lpNumberOfBytesRead=0xb2f0f0*=0x338, lpOverlapped=0x0) returned 1 [0137.607] CloseHandle (hObject=0x2dc) returned 1 [0137.607] wvnsprintfW (in: pszDest=0xb2ec8c, cchDest=260, pszFmt="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\%s", arglist=0xb2ec7c | out: pszDest="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile") returned 88 [0137.607] SetLastError (dwErrCode=0x0) [0137.607] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2ec6c, lpdwDisposition=0x0 | out: phkResult=0xb2ec6c*=0x2dc, lpdwDisposition=0x0) returned 0x0 [0137.607] SetLastError (dwErrCode=0x0) [0137.607] RegSetValueExW (in: hKey=0x2dc, lpValueName="EnableFirewall", Reserved=0x0, dwType=0x4, lpData=0xb2ec68*=0x0, cbData=0x4 | out: lpData=0xb2ec68*=0x0) returned 0x0 [0137.607] RegCloseKey (hKey=0x2dc) returned 0x0 [0137.607] SetLastError (dwErrCode=0x0) [0137.607] wvnsprintfW (in: pszDest=0xb2ec8c, cchDest=260, pszFmt="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\%s", arglist=0xb2ec7c | out: pszDest="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile") returned 86 [0137.607] SetLastError (dwErrCode=0x0) [0137.607] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2ec6c, lpdwDisposition=0x0 | out: phkResult=0xb2ec6c*=0x2dc, lpdwDisposition=0x0) returned 0x0 [0137.608] SetLastError (dwErrCode=0x0) [0137.608] RegSetValueExW (in: hKey=0x2dc, lpValueName="EnableFirewall", Reserved=0x0, dwType=0x4, lpData=0xb2ec68*=0x0, cbData=0x4 | out: lpData=0xb2ec68*=0x0) returned 0x0 [0137.608] RegCloseKey (hKey=0x2dc) returned 0x0 [0137.608] SetLastError (dwErrCode=0x0) [0137.608] SetLastError (dwErrCode=0x57) [0137.608] wvnsprintfA (in: pszDest=0xb2f51c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f504 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:PS_v1$") returned 54 [0137.608] SetLastError (dwErrCode=0x0) [0137.608] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc00580, dwRevision=0x1 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.608] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc00580, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.608] GetLastError () returned 0x0 [0137.608] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc00580, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.608] GetLastError () returned 0x0 [0137.608] SetLastError (dwErrCode=0x0) [0137.608] CreateEventA (lpEventAttributes=0xb2f618, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:PS_v1$") returned 0x2dc [0137.608] SetLastError (dwErrCode=0x0) [0137.608] wvnsprintfA (in: pszDest=0xb2f51c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f504 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:IP_v1$") returned 54 [0137.608] SetLastError (dwErrCode=0x0) [0137.608] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc00580, dwRevision=0x1 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.608] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc00580, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.608] GetLastError () returned 0x0 [0137.608] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc00580, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.608] GetLastError () returned 0x0 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] CreateEventA (lpEventAttributes=0xb2f618, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:IP_v1$") returned 0x2e0 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] wvnsprintfA (in: pszDest=0xb2f51c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f504 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:AR_v1$") returned 54 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc00580, dwRevision=0x1 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.609] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc00580, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.609] GetLastError () returned 0x0 [0137.609] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc00580, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.609] GetLastError () returned 0x0 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] CreateEventA (lpEventAttributes=0xb2f618, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:AR_v1$") returned 0x2e4 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] wvnsprintfA (in: pszDest=0xb2f51c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f504 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:DS_v1$") returned 54 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc00580, dwRevision=0x1 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.609] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc00580, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.609] GetLastError () returned 0x0 [0137.609] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc00580, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.609] GetLastError () returned 0x0 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] CreateEventA (lpEventAttributes=0xb2f618, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:DS_v1$") returned 0x2e8 [0137.609] SetLastError (dwErrCode=0x0) [0137.609] wvnsprintfA (in: pszDest=0xb2f51c, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f504 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULI_v1$") returned 55 [0137.609] SetLastError (dwErrCode=0x0) [0137.610] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc00580, dwRevision=0x1 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.610] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc00580, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.610] GetLastError () returned 0x0 [0137.610] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc00580, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0137.610] GetLastError () returned 0x0 [0137.610] SetLastError (dwErrCode=0x0) [0137.610] CreateEventA (lpEventAttributes=0xb2f618, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULI_v1$") returned 0x2ec [0137.610] SetLastError (dwErrCode=0x0) [0137.610] ResetEvent (hEvent=0x2ec) returned 1 [0137.610] ResetEvent (hEvent=0x2dc) returned 1 [0137.610] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0xb2f78c, ProcessInformationLength=0x4, ReturnLength=0xb2f788 | out: ProcessInformation=0xb2f78c, ReturnLength=0xb2f788) returned 0x0 [0137.610] wvnsprintfA (in: pszDest=0xb2f728, cchDest=63, pszFmt="0x%08X", arglist=0xb2f720 | out: pszDest="0x00000BCC") returned 10 [0137.610] SetLastError (dwErrCode=0x0) [0137.610] wvnsprintfA (in: pszDest=0xb2f4e8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f4d0 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BCC_v1$") returned 62 [0137.610] SetLastError (dwErrCode=0x0) [0137.610] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BCC_v1$") returned 0x2f0 [0137.610] CloseHandle (hObject=0x2f0) returned 1 [0137.610] SetLastError (dwErrCode=0x0) [0137.615] CreateFileA (lpFileName="\\\\.\\HGFS" (normalized: "hgfs"), dwDesiredAccess=0x1, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0137.619] CreateFileA (lpFileName="\\\\.\\VBoxGuest" (normalized: "vboxguest"), dwDesiredAccess=0x1, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0137.620] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148da4, cbMultiByte=32, lpWideCharStr=0xbf35d8, cchWideChar=32 | out: lpWideCharStr="HARDWARE\\DESCRIPTION\\System\\BIOS") returned 32 [0137.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DESCRIPTION\\System\\BIOS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f3e8 | out: phkResult=0xb2f3e8*=0x2f0) returned 0x0 [0137.620] SetLastError (dwErrCode=0x0) [0137.620] SetLastError (dwErrCode=0x0) [0137.620] RegQueryValueExA (in: hKey=0x2f0, lpValueName="SystemManufacturer", lpReserved=0x0, lpType=0xb2f3e0, lpData=0xb2f408, lpcbData=0xb2f3e4*=0x104 | out: lpType=0xb2f3e0*=0x1, lpData="\"ECS\"", lpcbData=0xb2f3e4*=0x6) returned 0x0 [0137.620] RegCloseKey (hKey=0x2f0) returned 0x0 [0137.620] SetLastError (dwErrCode=0x0) [0137.620] StrStrIA (lpFirst="\"ECS\"", lpSrch="vMwAR") returned 0x0 [0137.620] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148de4, cbMultiByte=27, lpWideCharStr=0xbe7fe8, cchWideChar=27 | out: lpWideCharStr="HARDWARE\\DESCRIPTION\\System") returned 27 [0137.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DESCRIPTION\\System", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f3e8 | out: phkResult=0xb2f3e8*=0x2f0) returned 0x0 [0137.620] SetLastError (dwErrCode=0x0) [0137.620] SetLastError (dwErrCode=0x0) [0137.620] RegQueryValueExA (in: hKey=0x2f0, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0xb2f3e0, lpData=0xb2f408, lpcbData=0xb2f3e4*=0x104 | out: lpType=0xb2f3e0*=0x7, lpData=0xb2f408*, lpcbData=0xb2f3e4*=0x4a) returned 0x0 [0137.620] RegCloseKey (hKey=0x2f0) returned 0x0 [0137.620] SetLastError (dwErrCode=0x0) [0137.620] StrStrIA (lpFirst="LENOVO - 1160", lpSrch="vBoX") returned 0x0 [0137.621] GetSystemDirectoryW (in: lpBuffer=0xb2f50c, uSize=0xec | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0137.621] PathAppendW (in: pszPath="C:\\Windows\\system32", pMore="drivers" | out: pszPath="C:\\Windows\\system32\\drivers") returned 1 [0137.621] PathAppendW (in: pszPath="C:\\Windows\\system32\\drivers", pMore="vboxvideo.sys" | out: pszPath="C:\\Windows\\system32\\drivers\\vboxvideo.sys") returned 1 [0137.621] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\drivers\\vboxvideo.sys" (normalized: "c:\\windows\\system32\\drivers\\vboxvideo.sys")) returned 0xffffffff [0137.621] GetLastError () returned 0x2 [0137.621] PathRemoveFileSpecW (in: pszPath="C:\\Windows\\system32\\drivers\\vboxvideo.sys" | out: pszPath="C:\\Windows\\system32\\drivers") returned 1 [0137.621] PathAppendW (in: pszPath="C:\\Windows\\system32\\drivers", pMore="vboxguest.sys" | out: pszPath="C:\\Windows\\system32\\drivers\\vboxguest.sys") returned 1 [0137.621] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\drivers\\vboxguest.sys" (normalized: "c:\\windows\\system32\\drivers\\vboxguest.sys")) returned 0xffffffff [0137.621] GetLastError () returned 0x2 [0137.621] PathRemoveFileSpecW (in: pszPath="C:\\Windows\\system32\\drivers\\vboxguest.sys" | out: pszPath="C:\\Windows\\system32\\drivers") returned 1 [0137.621] PathAppendW (in: pszPath="C:\\Windows\\system32\\drivers", pMore="vmhgfs.sys" | out: pszPath="C:\\Windows\\system32\\drivers\\vmhgfs.sys") returned 1 [0137.621] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\drivers\\vmhgfs.sys" (normalized: "c:\\windows\\system32\\drivers\\vmhgfs.sys")) returned 0xffffffff [0137.621] GetLastError () returned 0x2 [0137.621] PathRemoveFileSpecW (in: pszPath="C:\\Windows\\system32\\drivers\\vmhgfs.sys" | out: pszPath="C:\\Windows\\system32\\drivers") returned 1 [0137.621] PathAppendW (in: pszPath="C:\\Windows\\system32\\drivers", pMore="prl_boot.sys" | out: pszPath="C:\\Windows\\system32\\drivers\\prl_boot.sys") returned 1 [0137.621] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\drivers\\prl_boot.sys" (normalized: "c:\\windows\\system32\\drivers\\prl_boot.sys")) returned 0xffffffff [0137.621] GetLastError () returned 0x2 [0137.621] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x200, samDesired=0x1, phkResult=0xb2f76c | out: phkResult=0xb2f76c*=0x2f0) returned 0x0 [0137.621] SetLastError (dwErrCode=0x0) [0137.621] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x0, lpValueName=0xb2ef1c, lpcchValueName=0xb2f744, lpReserved=0x0, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740 | out: lpValueName="SunJavaUpdateSched", lpcchValueName=0xb2f744, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740) returned 0x0 [0137.621] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVP") returned 1 [0137.621] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcui_exe") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcpltui_exe") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="McAfeeUpdaterUI") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bdagent") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Titanium") returned -1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Client Framework") returned -1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AvastUI.exe") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="avast") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="MSC") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVG_UI") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="BullGuard") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Sophos AutoUpdate Monitor") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="SpIDerAgent") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="APVXDWIN") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="PSUAMain") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="WRSVC") returned -1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="emsisoft anti-malware") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ISTray") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="G Data AntiVirus Tray") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ZoneAlarm") returned -1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bkav") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="V3 Application") returned -1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Baidu Antivirus") returned 1 [0137.622] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x1, lpValueName=0xb2ef1c, lpcchValueName=0xb2f744, lpReserved=0x0, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740 | out: lpValueName="", lpcchValueName=0xb2f744, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740) returned 0x103 [0137.622] RegCloseKey (hKey=0x2f0) returned 0x0 [0137.622] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x100, samDesired=0x1, phkResult=0xb2f76c | out: phkResult=0xb2f76c*=0x2f0) returned 0x0 [0137.622] SetLastError (dwErrCode=0x0) [0137.622] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x0, lpValueName=0xb2ef1c, lpcchValueName=0xb2f744, lpReserved=0x0, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740 | out: lpValueName="SunJavaUpdateSched", lpcchValueName=0xb2f744, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740) returned 0x0 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVP") returned 1 [0137.622] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcui_exe") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="mcpltui_exe") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="McAfeeUpdaterUI") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bdagent") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Titanium") returned -1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Trend Micro Client Framework") returned -1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AvastUI.exe") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="avast") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="MSC") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="AVG_UI") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="BullGuard") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Sophos AutoUpdate Monitor") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="SpIDerAgent") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="APVXDWIN") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="PSUAMain") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="WRSVC") returned -1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="emsisoft anti-malware") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ISTray") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="G Data AntiVirus Tray") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="ZoneAlarm") returned -1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Bkav") returned 1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="V3 Application") returned -1 [0137.623] lstrcmpiW (lpString1="SunJavaUpdateSched", lpString2="Baidu Antivirus") returned 1 [0137.623] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x1, lpValueName=0xb2ef1c, lpcchValueName=0xb2f744, lpReserved=0x0, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740 | out: lpValueName="", lpcchValueName=0xb2f744, lpType=0x0, lpData=0xc00580, lpcbData=0xb2f740) returned 0x103 [0137.623] RegCloseKey (hKey=0x2f0) returned 0x0 [0137.623] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services", ulOptions=0x0, samDesired=0x9, phkResult=0xb2f76c | out: phkResult=0xb2f76c*=0x2f0) returned 0x0 [0137.623] SetLastError (dwErrCode=0x0) [0137.623] RegQueryInfoKeyA (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x231, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET CLR Data", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.624] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET CLR Data") returned 47 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET CLR Data", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.624] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] GetLastError () returned 0x0 [0137.624] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET CLR Networking", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.624] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking") returned 53 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.624] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] GetLastError () returned 0x0 [0137.624] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET CLR Networking 4.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.624] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking 4.0.0.0") returned 61 [0137.624] SetLastError (dwErrCode=0x0) [0137.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET CLR Networking 4.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.625] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] GetLastError () returned 0x0 [0137.625] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET Data Provider for Oracle", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.625] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for Oracle") returned 63 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for Oracle", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.625] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] GetLastError () returned 0x0 [0137.625] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET Data Provider for SqlServer", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.625] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for SqlServer") returned 66 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET Data Provider for SqlServer", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.625] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.625] SetLastError (dwErrCode=0x0) [0137.625] GetLastError () returned 0x0 [0137.625] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NET Memory Cache 4.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.625] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NET Memory Cache 4.0") returned 55 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NET Memory Cache 4.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.626] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] GetLastError () returned 0x0 [0137.626] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".NETFramework", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.626] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\.NETFramework") returned 47 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\.NETFramework", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.626] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] GetLastError () returned 0x0 [0137.626] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="1394ohci", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.626] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\1394ohci") returned 42 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\1394ohci", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.626] SetLastError (dwErrCode=0x0) [0137.626] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.626] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.626] SetLastError (dwErrCode=0x0) [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="NAVENG") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="ccEvtMgr") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="NAV") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="NIS") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="NAVEX15") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="AVP") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="AVP15.0.0") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="AVP15.0.1") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="kl1") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="McComponentHostService") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="ekrn") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="egui") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="avgwd") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="BdfNdisf") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="avast! Antivirus") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="MsMpSvc") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="RsMgrSvc") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="fshoster") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="AVKProxy") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="MBAMService") returned -1 [0137.627] lstrcmpiW (lpString1="1394ohci", lpString2="GbpSv") returned -1 [0137.627] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="3ware", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.627] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\3ware") returned 39 [0137.627] SetLastError (dwErrCode=0x0) [0137.627] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\3ware", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.627] SetLastError (dwErrCode=0x0) [0137.627] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.627] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.627] SetLastError (dwErrCode=0x0) [0137.628] lstrcmpiW (lpString1="3ware", lpString2="NAVENG") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="ccEvtMgr") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="NAV") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="NIS") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="NAVEX15") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="AVP") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="AVP15.0.0") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="AVP15.0.1") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="kl1") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="McComponentHostService") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="ekrn") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="egui") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="avgwd") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="BdfNdisf") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="avast! Antivirus") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="MsMpSvc") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="RsMgrSvc") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="fshoster") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="AVKProxy") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="MBAMService") returned -1 [0137.628] lstrcmpiW (lpString1="3ware", lpString2="GbpSv") returned -1 [0137.628] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ACPI", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.628] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ACPI") returned 38 [0137.628] SetLastError (dwErrCode=0x0) [0137.628] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ACPI", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.628] SetLastError (dwErrCode=0x0) [0137.628] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.628] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.628] SetLastError (dwErrCode=0x0) [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="NAVENG") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="ccEvtMgr") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="NAV") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="NIS") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="NAVEX15") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="AVP") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="AVP15.0.0") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="AVP15.0.1") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="kl1") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="McComponentHostService") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="ekrn") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="egui") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="avgwd") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="BdfNdisf") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="avast! Antivirus") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="MsMpSvc") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="RsMgrSvc") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="fshoster") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="AVKProxy") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="MBAMService") returned -1 [0137.629] lstrcmpiW (lpString1="ACPI", lpString2="GbpSv") returned -1 [0137.629] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="acpiex", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.629] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\acpiex") returned 40 [0137.629] SetLastError (dwErrCode=0x0) [0137.629] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\acpiex", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.629] SetLastError (dwErrCode=0x0) [0137.629] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.629] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.629] SetLastError (dwErrCode=0x0) [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="NAVENG") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="ccEvtMgr") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="NAV") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="NIS") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="NAVEX15") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="AVP") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="AVP15.0.0") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="AVP15.0.1") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="kl1") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="McComponentHostService") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="ekrn") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="egui") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="avgwd") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="BdfNdisf") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="avast! Antivirus") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="MsMpSvc") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="RsMgrSvc") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="fshoster") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="AVKProxy") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="MBAMService") returned -1 [0137.630] lstrcmpiW (lpString1="acpiex", lpString2="GbpSv") returned -1 [0137.630] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="acpipagr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.630] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\acpipagr") returned 42 [0137.630] SetLastError (dwErrCode=0x0) [0137.630] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\acpipagr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.630] SetLastError (dwErrCode=0x0) [0137.630] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.630] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.630] SetLastError (dwErrCode=0x0) [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="NAVENG") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="ccEvtMgr") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="NAV") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="NIS") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="NAVEX15") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="AVP") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="AVP15.0.0") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="AVP15.0.1") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="kl1") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="McComponentHostService") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="ekrn") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="egui") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="avgwd") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="BdfNdisf") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="avast! Antivirus") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="MsMpSvc") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="RsMgrSvc") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="fshoster") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="AVKProxy") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="MBAMService") returned -1 [0137.631] lstrcmpiW (lpString1="acpipagr", lpString2="GbpSv") returned -1 [0137.631] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AcpiPmi", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.631] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AcpiPmi") returned 41 [0137.631] SetLastError (dwErrCode=0x0) [0137.631] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AcpiPmi", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.631] SetLastError (dwErrCode=0x0) [0137.631] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.631] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.631] SetLastError (dwErrCode=0x0) [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="NAVENG") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="ccEvtMgr") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="NAV") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="NIS") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="NAVEX15") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVP") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVP15.0.0") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVP15.0.1") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="kl1") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="McComponentHostService") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="ekrn") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="egui") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="avgwd") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="BdfNdisf") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="avast! Antivirus") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="MsMpSvc") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="RsMgrSvc") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="fshoster") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="AVKProxy") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="MBAMService") returned -1 [0137.632] lstrcmpiW (lpString1="AcpiPmi", lpString2="GbpSv") returned -1 [0137.632] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="acpitime", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.632] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\acpitime") returned 42 [0137.632] SetLastError (dwErrCode=0x0) [0137.632] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\acpitime", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.632] SetLastError (dwErrCode=0x0) [0137.632] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.632] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.632] SetLastError (dwErrCode=0x0) [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="NAVENG") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="ccEvtMgr") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="NAV") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="NIS") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="NAVEX15") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="AVP") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="AVP15.0.0") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="AVP15.0.1") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="kl1") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="McComponentHostService") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="ekrn") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="egui") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="avgwd") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="BdfNdisf") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="avast! Antivirus") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="MsMpSvc") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="RsMgrSvc") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="fshoster") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="AVKProxy") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="MBAMService") returned -1 [0137.633] lstrcmpiW (lpString1="acpitime", lpString2="GbpSv") returned -1 [0137.633] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AdobeARMservice", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.633] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AdobeARMservice") returned 49 [0137.633] SetLastError (dwErrCode=0x0) [0137.633] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AdobeARMservice", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.633] SetLastError (dwErrCode=0x0) [0137.633] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.633] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.633] SetLastError (dwErrCode=0x0) [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NAVENG") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="ccEvtMgr") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NAV") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NIS") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="NAVEX15") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVP") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVP15.0.0") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVP15.0.1") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="kl1") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="McComponentHostService") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="ekrn") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="egui") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="avgwd") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="BdfNdisf") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="avast! Antivirus") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="MsMpSvc") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="RsMgrSvc") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="fshoster") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="AVKProxy") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="MBAMService") returned -1 [0137.634] lstrcmpiW (lpString1="AdobeARMservice", lpString2="GbpSv") returned -1 [0137.634] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ADOVMPPackage", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.635] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ADOVMPPackage") returned 47 [0137.635] SetLastError (dwErrCode=0x0) [0137.635] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ADOVMPPackage", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.635] SetLastError (dwErrCode=0x0) [0137.635] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.635] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.635] SetLastError (dwErrCode=0x0) [0137.635] GetLastError () returned 0x0 [0137.635] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ADP80XX", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.635] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ADP80XX") returned 41 [0137.635] SetLastError (dwErrCode=0x0) [0137.635] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ADP80XX", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.635] SetLastError (dwErrCode=0x0) [0137.635] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.635] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.635] SetLastError (dwErrCode=0x0) [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="NAVENG") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="ccEvtMgr") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="NAV") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="NIS") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="NAVEX15") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="AVP") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="AVP15.0.0") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="AVP15.0.1") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="kl1") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="McComponentHostService") returned -1 [0137.635] lstrcmpiW (lpString1="ADP80XX", lpString2="ekrn") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="egui") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="avgwd") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="BdfNdisf") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="avast! Antivirus") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="MsMpSvc") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="RsMgrSvc") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="fshoster") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="AVKProxy") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="MBAMService") returned -1 [0137.636] lstrcmpiW (lpString1="ADP80XX", lpString2="GbpSv") returned -1 [0137.636] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="adsi", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.636] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\adsi") returned 38 [0137.636] SetLastError (dwErrCode=0x0) [0137.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\adsi", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.636] SetLastError (dwErrCode=0x0) [0137.636] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.636] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.636] SetLastError (dwErrCode=0x0) [0137.636] GetLastError () returned 0x0 [0137.636] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AFD", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.636] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AFD") returned 37 [0137.636] SetLastError (dwErrCode=0x0) [0137.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AFD", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.636] SetLastError (dwErrCode=0x0) [0137.636] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.636] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.636] SetLastError (dwErrCode=0x0) [0137.636] lstrcmpiW (lpString1="AFD", lpString2="NAVENG") returned -1 [0137.636] lstrcmpiW (lpString1="AFD", lpString2="ccEvtMgr") returned -1 [0137.636] lstrcmpiW (lpString1="AFD", lpString2="NAV") returned -1 [0137.636] lstrcmpiW (lpString1="AFD", lpString2="NIS") returned -1 [0137.636] lstrcmpiW (lpString1="AFD", lpString2="NAVEX15") returned -1 [0137.636] lstrcmpiW (lpString1="AFD", lpString2="AVP") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="AVP15.0.0") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="AVP15.0.1") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="kl1") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="McComponentHostService") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="ekrn") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="egui") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="avgwd") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="BdfNdisf") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="avast! Antivirus") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="MsMpSvc") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="RsMgrSvc") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="fshoster") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="AVKProxy") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="MBAMService") returned -1 [0137.637] lstrcmpiW (lpString1="AFD", lpString2="GbpSv") returned -1 [0137.637] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="agp440", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.637] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\agp440") returned 40 [0137.637] SetLastError (dwErrCode=0x0) [0137.637] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\agp440", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.637] SetLastError (dwErrCode=0x0) [0137.637] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.637] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.637] SetLastError (dwErrCode=0x0) [0137.637] lstrcmpiW (lpString1="agp440", lpString2="NAVENG") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="ccEvtMgr") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="NAV") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="NIS") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="NAVEX15") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="AVP") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="AVP15.0.0") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="AVP15.0.1") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="kl1") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="McComponentHostService") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="ekrn") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="egui") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="avgwd") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="BdfNdisf") returned -1 [0137.637] lstrcmpiW (lpString1="agp440", lpString2="avast! Antivirus") returned -1 [0137.638] lstrcmpiW (lpString1="agp440", lpString2="MsMpSvc") returned -1 [0137.638] lstrcmpiW (lpString1="agp440", lpString2="RsMgrSvc") returned -1 [0137.638] lstrcmpiW (lpString1="agp440", lpString2="fshoster") returned -1 [0137.638] lstrcmpiW (lpString1="agp440", lpString2="AVKProxy") returned -1 [0137.638] lstrcmpiW (lpString1="agp440", lpString2="MBAMService") returned -1 [0137.638] lstrcmpiW (lpString1="agp440", lpString2="GbpSv") returned -1 [0137.638] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ahcache", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.638] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ahcache") returned 41 [0137.638] SetLastError (dwErrCode=0x0) [0137.638] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ahcache", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.638] SetLastError (dwErrCode=0x0) [0137.638] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.638] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.638] SetLastError (dwErrCode=0x0) [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="NAVENG") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="ccEvtMgr") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="NAV") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="NIS") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="NAVEX15") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="AVP") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="AVP15.0.0") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="AVP15.0.1") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="kl1") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="McComponentHostService") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="ekrn") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="egui") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="avgwd") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="BdfNdisf") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="avast! Antivirus") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="MsMpSvc") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="RsMgrSvc") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="fshoster") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="AVKProxy") returned -1 [0137.638] lstrcmpiW (lpString1="ahcache", lpString2="MBAMService") returned -1 [0137.639] lstrcmpiW (lpString1="ahcache", lpString2="GbpSv") returned -1 [0137.639] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AJRouter", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.639] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AJRouter") returned 42 [0137.639] SetLastError (dwErrCode=0x0) [0137.639] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AJRouter", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.639] SetLastError (dwErrCode=0x0) [0137.639] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.639] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.639] SetLastError (dwErrCode=0x0) [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="NAVENG") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="ccEvtMgr") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="NAV") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="NIS") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="NAVEX15") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="AVP") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="AVP15.0.0") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="AVP15.0.1") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="kl1") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="McComponentHostService") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="ekrn") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="egui") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="avgwd") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="BdfNdisf") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="avast! Antivirus") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="MsMpSvc") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="RsMgrSvc") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="fshoster") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="AVKProxy") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="MBAMService") returned -1 [0137.639] lstrcmpiW (lpString1="AJRouter", lpString2="GbpSv") returned -1 [0137.639] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ALG", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.639] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ALG") returned 37 [0137.639] SetLastError (dwErrCode=0x0) [0137.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ALG", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.640] SetLastError (dwErrCode=0x0) [0137.640] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.640] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.640] SetLastError (dwErrCode=0x0) [0137.640] lstrcmpiW (lpString1="ALG", lpString2="NAVENG") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="ccEvtMgr") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="NAV") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="NIS") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="NAVEX15") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="AVP") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="AVP15.0.0") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="AVP15.0.1") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="kl1") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="McComponentHostService") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="ekrn") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="egui") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="avgwd") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="BdfNdisf") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="avast! Antivirus") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="MsMpSvc") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="RsMgrSvc") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="fshoster") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="AVKProxy") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="MBAMService") returned -1 [0137.640] lstrcmpiW (lpString1="ALG", lpString2="GbpSv") returned -1 [0137.640] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AmdK8", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.640] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AmdK8") returned 39 [0137.640] SetLastError (dwErrCode=0x0) [0137.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AmdK8", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.640] SetLastError (dwErrCode=0x0) [0137.640] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.640] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.641] SetLastError (dwErrCode=0x0) [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="NAVENG") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="ccEvtMgr") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="NAV") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="NIS") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="NAVEX15") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="AVP") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="AVP15.0.0") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="AVP15.0.1") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="kl1") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="McComponentHostService") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="ekrn") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="egui") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="avgwd") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="BdfNdisf") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="avast! Antivirus") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="MsMpSvc") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="RsMgrSvc") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="fshoster") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="AVKProxy") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="MBAMService") returned -1 [0137.641] lstrcmpiW (lpString1="AmdK8", lpString2="GbpSv") returned -1 [0137.641] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AmdPPM", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.641] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AmdPPM") returned 40 [0137.641] SetLastError (dwErrCode=0x0) [0137.641] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AmdPPM", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.641] SetLastError (dwErrCode=0x0) [0137.641] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.641] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.641] SetLastError (dwErrCode=0x0) [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="NAVENG") returned -1 [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="ccEvtMgr") returned -1 [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="NAV") returned -1 [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="NIS") returned -1 [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="NAVEX15") returned -1 [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="AVP") returned -1 [0137.641] lstrcmpiW (lpString1="AmdPPM", lpString2="AVP15.0.0") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="AVP15.0.1") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="kl1") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="McComponentHostService") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="ekrn") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="egui") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="avgwd") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="BdfNdisf") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="avast! Antivirus") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="MsMpSvc") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="RsMgrSvc") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="fshoster") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="AVKProxy") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="MBAMService") returned -1 [0137.642] lstrcmpiW (lpString1="AmdPPM", lpString2="GbpSv") returned -1 [0137.642] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="amdsata", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.642] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\amdsata") returned 41 [0137.642] SetLastError (dwErrCode=0x0) [0137.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\amdsata", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.642] SetLastError (dwErrCode=0x0) [0137.642] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.642] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.642] SetLastError (dwErrCode=0x0) [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="NAVENG") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="ccEvtMgr") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="NAV") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="NIS") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="NAVEX15") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="AVP") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="AVP15.0.0") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="AVP15.0.1") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="kl1") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="McComponentHostService") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="ekrn") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="egui") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="avgwd") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="BdfNdisf") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="avast! Antivirus") returned -1 [0137.642] lstrcmpiW (lpString1="amdsata", lpString2="MsMpSvc") returned -1 [0137.643] lstrcmpiW (lpString1="amdsata", lpString2="RsMgrSvc") returned -1 [0137.643] lstrcmpiW (lpString1="amdsata", lpString2="fshoster") returned -1 [0137.643] lstrcmpiW (lpString1="amdsata", lpString2="AVKProxy") returned -1 [0137.643] lstrcmpiW (lpString1="amdsata", lpString2="MBAMService") returned -1 [0137.643] lstrcmpiW (lpString1="amdsata", lpString2="GbpSv") returned -1 [0137.643] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="amdsbs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.643] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\amdsbs") returned 40 [0137.643] SetLastError (dwErrCode=0x0) [0137.643] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\amdsbs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.643] SetLastError (dwErrCode=0x0) [0137.643] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.643] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.643] SetLastError (dwErrCode=0x0) [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="NAVENG") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="ccEvtMgr") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="NAV") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="NIS") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="NAVEX15") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="AVP") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="AVP15.0.0") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="AVP15.0.1") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="kl1") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="McComponentHostService") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="ekrn") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="egui") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="avgwd") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="BdfNdisf") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="avast! Antivirus") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="MsMpSvc") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="RsMgrSvc") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="fshoster") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="AVKProxy") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="MBAMService") returned -1 [0137.643] lstrcmpiW (lpString1="amdsbs", lpString2="GbpSv") returned -1 [0137.643] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="amdxata", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.643] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\amdxata") returned 41 [0137.644] SetLastError (dwErrCode=0x0) [0137.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\amdxata", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.644] SetLastError (dwErrCode=0x0) [0137.644] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.644] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.644] SetLastError (dwErrCode=0x0) [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="NAVENG") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="ccEvtMgr") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="NAV") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="NIS") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="NAVEX15") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="AVP") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="AVP15.0.0") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="AVP15.0.1") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="kl1") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="McComponentHostService") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="ekrn") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="egui") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="avgwd") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="BdfNdisf") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="avast! Antivirus") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="MsMpSvc") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="RsMgrSvc") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="fshoster") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="AVKProxy") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="MBAMService") returned -1 [0137.644] lstrcmpiW (lpString1="amdxata", lpString2="GbpSv") returned -1 [0137.644] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppID", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.644] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppID") returned 39 [0137.644] SetLastError (dwErrCode=0x0) [0137.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppID", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.644] SetLastError (dwErrCode=0x0) [0137.644] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.644] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.645] SetLastError (dwErrCode=0x0) [0137.645] lstrcmpiW (lpString1="AppID", lpString2="NAVENG") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="ccEvtMgr") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="NAV") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="NIS") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="NAVEX15") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="AVP") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="AVP15.0.0") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="AVP15.0.1") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="kl1") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="McComponentHostService") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="ekrn") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="egui") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="avgwd") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="BdfNdisf") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="avast! Antivirus") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="MsMpSvc") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="RsMgrSvc") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="fshoster") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="AVKProxy") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="MBAMService") returned -1 [0137.645] lstrcmpiW (lpString1="AppID", lpString2="GbpSv") returned -1 [0137.645] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppIDSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.645] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppIDSvc") returned 42 [0137.645] SetLastError (dwErrCode=0x0) [0137.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppIDSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.645] SetLastError (dwErrCode=0x0) [0137.645] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.645] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.645] SetLastError (dwErrCode=0x0) [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="NAVENG") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="ccEvtMgr") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="NAV") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="NIS") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="NAVEX15") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVP") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVP15.0.0") returned -1 [0137.645] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVP15.0.1") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="kl1") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="McComponentHostService") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="ekrn") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="egui") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="avgwd") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="BdfNdisf") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="avast! Antivirus") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="MsMpSvc") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="RsMgrSvc") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="fshoster") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="AVKProxy") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="MBAMService") returned -1 [0137.646] lstrcmpiW (lpString1="AppIDSvc", lpString2="GbpSv") returned -1 [0137.646] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Appinfo", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.646] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Appinfo") returned 41 [0137.646] SetLastError (dwErrCode=0x0) [0137.646] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Appinfo", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.646] SetLastError (dwErrCode=0x0) [0137.646] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.646] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.646] SetLastError (dwErrCode=0x0) [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="NAVENG") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="ccEvtMgr") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="NAV") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="NIS") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="NAVEX15") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="AVP") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="AVP15.0.0") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="AVP15.0.1") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="kl1") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="McComponentHostService") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="ekrn") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="egui") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="avgwd") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="BdfNdisf") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="avast! Antivirus") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="MsMpSvc") returned -1 [0137.646] lstrcmpiW (lpString1="Appinfo", lpString2="RsMgrSvc") returned -1 [0137.647] lstrcmpiW (lpString1="Appinfo", lpString2="fshoster") returned -1 [0137.647] lstrcmpiW (lpString1="Appinfo", lpString2="AVKProxy") returned -1 [0137.647] lstrcmpiW (lpString1="Appinfo", lpString2="MBAMService") returned -1 [0137.647] lstrcmpiW (lpString1="Appinfo", lpString2="GbpSv") returned -1 [0137.647] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppMgmt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.647] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppMgmt") returned 41 [0137.647] SetLastError (dwErrCode=0x0) [0137.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppMgmt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.647] SetLastError (dwErrCode=0x0) [0137.647] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.647] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.647] SetLastError (dwErrCode=0x0) [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="NAVENG") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="ccEvtMgr") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="NAV") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="NIS") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="NAVEX15") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="AVP") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="AVP15.0.0") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="AVP15.0.1") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="kl1") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="McComponentHostService") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="ekrn") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="egui") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="avgwd") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="BdfNdisf") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="avast! Antivirus") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="MsMpSvc") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="RsMgrSvc") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="fshoster") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="AVKProxy") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="MBAMService") returned -1 [0137.647] lstrcmpiW (lpString1="AppMgmt", lpString2="GbpSv") returned -1 [0137.647] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x20, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppReadiness", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.647] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppReadiness") returned 46 [0137.647] SetLastError (dwErrCode=0x0) [0137.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppReadiness", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.648] SetLastError (dwErrCode=0x0) [0137.648] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.648] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.648] SetLastError (dwErrCode=0x0) [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="NAVENG") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="ccEvtMgr") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="NAV") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="NIS") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="NAVEX15") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="AVP") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="AVP15.0.0") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="AVP15.0.1") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="kl1") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="McComponentHostService") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="ekrn") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="egui") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="avgwd") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="BdfNdisf") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="avast! Antivirus") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="MsMpSvc") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="RsMgrSvc") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="fshoster") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="AVKProxy") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="MBAMService") returned -1 [0137.648] lstrcmpiW (lpString1="AppReadiness", lpString2="GbpSv") returned -1 [0137.648] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x21, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppXSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.648] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AppXSvc") returned 41 [0137.648] SetLastError (dwErrCode=0x0) [0137.648] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AppXSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.648] SetLastError (dwErrCode=0x0) [0137.648] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.648] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.648] SetLastError (dwErrCode=0x0) [0137.648] lstrcmpiW (lpString1="AppXSvc", lpString2="NAVENG") returned -1 [0137.648] lstrcmpiW (lpString1="AppXSvc", lpString2="ccEvtMgr") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="NAV") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="NIS") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="NAVEX15") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="AVP") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="AVP15.0.0") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="AVP15.0.1") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="kl1") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="McComponentHostService") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="ekrn") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="egui") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="avgwd") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="BdfNdisf") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="avast! Antivirus") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="MsMpSvc") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="RsMgrSvc") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="fshoster") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="AVKProxy") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="MBAMService") returned -1 [0137.649] lstrcmpiW (lpString1="AppXSvc", lpString2="GbpSv") returned -1 [0137.649] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x22, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="arcsas", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.649] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\arcsas") returned 40 [0137.649] SetLastError (dwErrCode=0x0) [0137.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\arcsas", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.649] SetLastError (dwErrCode=0x0) [0137.649] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.649] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.649] SetLastError (dwErrCode=0x0) [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="NAVENG") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="ccEvtMgr") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="NAV") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="NIS") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="NAVEX15") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="AVP") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="AVP15.0.0") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="AVP15.0.1") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="kl1") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="McComponentHostService") returned -1 [0137.649] lstrcmpiW (lpString1="arcsas", lpString2="ekrn") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="egui") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="avgwd") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="BdfNdisf") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="avast! Antivirus") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="MsMpSvc") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="RsMgrSvc") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="fshoster") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="AVKProxy") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="MBAMService") returned -1 [0137.650] lstrcmpiW (lpString1="arcsas", lpString2="GbpSv") returned -1 [0137.650] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x23, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AsyncMac", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.650] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AsyncMac") returned 42 [0137.650] SetLastError (dwErrCode=0x0) [0137.651] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AsyncMac", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.651] SetLastError (dwErrCode=0x0) [0137.651] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.651] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.651] SetLastError (dwErrCode=0x0) [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="NAVENG") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="ccEvtMgr") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="NAV") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="NIS") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="NAVEX15") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="AVP") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="AVP15.0.0") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="AVP15.0.1") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="kl1") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="McComponentHostService") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="ekrn") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="egui") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="avgwd") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="BdfNdisf") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="avast! Antivirus") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="MsMpSvc") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="RsMgrSvc") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="fshoster") returned -1 [0137.651] lstrcmpiW (lpString1="AsyncMac", lpString2="AVKProxy") returned -1 [0137.652] lstrcmpiW (lpString1="AsyncMac", lpString2="MBAMService") returned -1 [0137.652] lstrcmpiW (lpString1="AsyncMac", lpString2="GbpSv") returned -1 [0137.652] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x24, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="atapi", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.652] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\atapi") returned 39 [0137.652] SetLastError (dwErrCode=0x0) [0137.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\atapi", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.652] SetLastError (dwErrCode=0x0) [0137.652] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.652] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.652] SetLastError (dwErrCode=0x0) [0137.652] lstrcmpiW (lpString1="atapi", lpString2="NAVENG") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="ccEvtMgr") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="NAV") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="NIS") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="NAVEX15") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="AVP") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="AVP15.0.0") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="AVP15.0.1") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="kl1") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="McComponentHostService") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="ekrn") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="egui") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="avgwd") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="BdfNdisf") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="avast! Antivirus") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="MsMpSvc") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="RsMgrSvc") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="fshoster") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="AVKProxy") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="MBAMService") returned -1 [0137.652] lstrcmpiW (lpString1="atapi", lpString2="GbpSv") returned -1 [0137.652] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x25, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AudioEndpointBuilder", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.652] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AudioEndpointBuilder") returned 54 [0137.653] SetLastError (dwErrCode=0x0) [0137.653] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AudioEndpointBuilder", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.653] SetLastError (dwErrCode=0x0) [0137.653] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.653] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.653] SetLastError (dwErrCode=0x0) [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NAVENG") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="ccEvtMgr") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NAV") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NIS") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="NAVEX15") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVP") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVP15.0.0") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVP15.0.1") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="kl1") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="McComponentHostService") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="ekrn") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="egui") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="avgwd") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="BdfNdisf") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="avast! Antivirus") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="MsMpSvc") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="RsMgrSvc") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="fshoster") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="AVKProxy") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="MBAMService") returned -1 [0137.653] lstrcmpiW (lpString1="AudioEndpointBuilder", lpString2="GbpSv") returned -1 [0137.653] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x26, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Audiosrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.653] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Audiosrv") returned 42 [0137.653] SetLastError (dwErrCode=0x0) [0137.653] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Audiosrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.653] SetLastError (dwErrCode=0x0) [0137.653] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.654] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.654] SetLastError (dwErrCode=0x0) [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="NAVENG") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="ccEvtMgr") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="NAV") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="NIS") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="NAVEX15") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="AVP") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="AVP15.0.0") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="AVP15.0.1") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="kl1") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="McComponentHostService") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="ekrn") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="egui") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="avgwd") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="BdfNdisf") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="avast! Antivirus") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="MsMpSvc") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="RsMgrSvc") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="fshoster") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="AVKProxy") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="MBAMService") returned -1 [0137.654] lstrcmpiW (lpString1="Audiosrv", lpString2="GbpSv") returned -1 [0137.654] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x27, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AxInstSV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.654] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\AxInstSV") returned 42 [0137.654] SetLastError (dwErrCode=0x0) [0137.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\AxInstSV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.654] SetLastError (dwErrCode=0x0) [0137.654] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.655] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.655] SetLastError (dwErrCode=0x0) [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="NAVENG") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="ccEvtMgr") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="NAV") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="NIS") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="NAVEX15") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="AVP") returned 1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="AVP15.0.0") returned 1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="AVP15.0.1") returned 1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="kl1") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="McComponentHostService") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="ekrn") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="egui") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="avgwd") returned 1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="BdfNdisf") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="avast! Antivirus") returned 1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="MsMpSvc") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="RsMgrSvc") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="fshoster") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="AVKProxy") returned 1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="MBAMService") returned -1 [0137.655] lstrcmpiW (lpString1="AxInstSV", lpString2="GbpSv") returned -1 [0137.655] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x28, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="b06bdrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.655] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\b06bdrv") returned 41 [0137.655] SetLastError (dwErrCode=0x0) [0137.655] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\b06bdrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.655] SetLastError (dwErrCode=0x0) [0137.655] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.655] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.656] SetLastError (dwErrCode=0x0) [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="NAVENG") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="ccEvtMgr") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="NAV") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="NIS") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="NAVEX15") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="AVP") returned 1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="AVP15.0.0") returned 1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="AVP15.0.1") returned 1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="kl1") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="McComponentHostService") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="ekrn") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="egui") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="avgwd") returned 1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="BdfNdisf") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="avast! Antivirus") returned 1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="MsMpSvc") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="RsMgrSvc") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="fshoster") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="AVKProxy") returned 1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="MBAMService") returned -1 [0137.656] lstrcmpiW (lpString1="b06bdrv", lpString2="GbpSv") returned -1 [0137.656] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x29, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BasicDisplay", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.656] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BasicDisplay") returned 46 [0137.656] SetLastError (dwErrCode=0x0) [0137.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BasicDisplay", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.656] SetLastError (dwErrCode=0x0) [0137.656] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.656] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.656] SetLastError (dwErrCode=0x0) [0137.656] lstrcmpiW (lpString1="BasicDisplay", lpString2="NAVENG") returned -1 [0137.656] lstrcmpiW (lpString1="BasicDisplay", lpString2="ccEvtMgr") returned -1 [0137.656] lstrcmpiW (lpString1="BasicDisplay", lpString2="NAV") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="NIS") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="NAVEX15") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVP") returned 1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVP15.0.0") returned 1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVP15.0.1") returned 1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="kl1") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="McComponentHostService") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="ekrn") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="egui") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="avgwd") returned 1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="BdfNdisf") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="avast! Antivirus") returned 1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="MsMpSvc") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="RsMgrSvc") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="fshoster") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="AVKProxy") returned 1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="MBAMService") returned -1 [0137.657] lstrcmpiW (lpString1="BasicDisplay", lpString2="GbpSv") returned -1 [0137.657] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BasicRender", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.657] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BasicRender") returned 45 [0137.657] SetLastError (dwErrCode=0x0) [0137.657] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BasicRender", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.657] SetLastError (dwErrCode=0x0) [0137.657] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.657] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.657] SetLastError (dwErrCode=0x0) [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="NAVENG") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="ccEvtMgr") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="NAV") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="NIS") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="NAVEX15") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="AVP") returned 1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="AVP15.0.0") returned 1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="AVP15.0.1") returned 1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="kl1") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="McComponentHostService") returned -1 [0137.657] lstrcmpiW (lpString1="BasicRender", lpString2="ekrn") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="egui") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="avgwd") returned 1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="BdfNdisf") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="avast! Antivirus") returned 1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="MsMpSvc") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="RsMgrSvc") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="fshoster") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="AVKProxy") returned 1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="MBAMService") returned -1 [0137.658] lstrcmpiW (lpString1="BasicRender", lpString2="GbpSv") returned -1 [0137.658] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BattC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.658] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BattC") returned 39 [0137.658] SetLastError (dwErrCode=0x0) [0137.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BattC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.658] SetLastError (dwErrCode=0x0) [0137.658] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.658] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.658] SetLastError (dwErrCode=0x0) [0137.658] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bcmfn2", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.658] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bcmfn2") returned 40 [0137.658] SetLastError (dwErrCode=0x0) [0137.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bcmfn2", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.658] SetLastError (dwErrCode=0x0) [0137.658] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.658] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.658] SetLastError (dwErrCode=0x0) [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="NAVENG") returned -1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="ccEvtMgr") returned -1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="NAV") returned -1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="NIS") returned -1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="NAVEX15") returned -1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="AVP") returned 1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="AVP15.0.0") returned 1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="AVP15.0.1") returned 1 [0137.658] lstrcmpiW (lpString1="bcmfn2", lpString2="kl1") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="McComponentHostService") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="ekrn") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="egui") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="avgwd") returned 1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="BdfNdisf") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="avast! Antivirus") returned 1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="MsMpSvc") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="RsMgrSvc") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="fshoster") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="AVKProxy") returned 1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="MBAMService") returned -1 [0137.659] lstrcmpiW (lpString1="bcmfn2", lpString2="GbpSv") returned -1 [0137.659] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BDESVC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.659] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BDESVC") returned 40 [0137.659] SetLastError (dwErrCode=0x0) [0137.659] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BDESVC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.659] SetLastError (dwErrCode=0x0) [0137.659] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.659] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.659] SetLastError (dwErrCode=0x0) [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="NAVENG") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="ccEvtMgr") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="NAV") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="NIS") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="NAVEX15") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="AVP") returned 1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="AVP15.0.0") returned 1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="AVP15.0.1") returned 1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="kl1") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="McComponentHostService") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="ekrn") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="egui") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="avgwd") returned 1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="BdfNdisf") returned -1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="avast! Antivirus") returned 1 [0137.659] lstrcmpiW (lpString1="BDESVC", lpString2="MsMpSvc") returned -1 [0137.660] lstrcmpiW (lpString1="BDESVC", lpString2="RsMgrSvc") returned -1 [0137.660] lstrcmpiW (lpString1="BDESVC", lpString2="fshoster") returned -1 [0137.660] lstrcmpiW (lpString1="BDESVC", lpString2="AVKProxy") returned 1 [0137.660] lstrcmpiW (lpString1="BDESVC", lpString2="MBAMService") returned -1 [0137.660] lstrcmpiW (lpString1="BDESVC", lpString2="GbpSv") returned -1 [0137.660] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Beep", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.660] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Beep") returned 38 [0137.660] SetLastError (dwErrCode=0x0) [0137.660] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Beep", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.660] SetLastError (dwErrCode=0x0) [0137.660] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.660] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.660] SetLastError (dwErrCode=0x0) [0137.660] lstrcmpiW (lpString1="Beep", lpString2="NAVENG") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="ccEvtMgr") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="NAV") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="NIS") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="NAVEX15") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="AVP") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="AVP15.0.0") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="AVP15.0.1") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="kl1") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="McComponentHostService") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="ekrn") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="egui") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="avgwd") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="BdfNdisf") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="avast! Antivirus") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="MsMpSvc") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="RsMgrSvc") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="fshoster") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="AVKProxy") returned 1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="MBAMService") returned -1 [0137.660] lstrcmpiW (lpString1="Beep", lpString2="GbpSv") returned -1 [0137.660] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BFE", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.660] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BFE") returned 37 [0137.660] SetLastError (dwErrCode=0x0) [0137.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BFE", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.661] SetLastError (dwErrCode=0x0) [0137.661] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.661] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.661] SetLastError (dwErrCode=0x0) [0137.661] lstrcmpiW (lpString1="BFE", lpString2="NAVENG") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="ccEvtMgr") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="NAV") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="NIS") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="NAVEX15") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="AVP") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="AVP15.0.0") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="AVP15.0.1") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="kl1") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="McComponentHostService") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="ekrn") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="egui") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="avgwd") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="BdfNdisf") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="avast! Antivirus") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="MsMpSvc") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="RsMgrSvc") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="fshoster") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="AVKProxy") returned 1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="MBAMService") returned -1 [0137.661] lstrcmpiW (lpString1="BFE", lpString2="GbpSv") returned -1 [0137.661] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x30, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BITS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.661] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BITS") returned 38 [0137.661] SetLastError (dwErrCode=0x0) [0137.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BITS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.661] SetLastError (dwErrCode=0x0) [0137.661] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.662] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.662] SetLastError (dwErrCode=0x0) [0137.662] lstrcmpiW (lpString1="BITS", lpString2="NAVENG") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="ccEvtMgr") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="NAV") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="NIS") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="NAVEX15") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="AVP") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="AVP15.0.0") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="AVP15.0.1") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="kl1") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="McComponentHostService") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="ekrn") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="egui") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="avgwd") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="BdfNdisf") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="avast! Antivirus") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="MsMpSvc") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="RsMgrSvc") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="fshoster") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="AVKProxy") returned 1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="MBAMService") returned -1 [0137.662] lstrcmpiW (lpString1="BITS", lpString2="GbpSv") returned -1 [0137.662] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x31, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bowser", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.662] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bowser") returned 40 [0137.662] SetLastError (dwErrCode=0x0) [0137.662] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bowser", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.662] SetLastError (dwErrCode=0x0) [0137.662] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.662] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.662] SetLastError (dwErrCode=0x0) [0137.662] lstrcmpiW (lpString1="bowser", lpString2="NAVENG") returned -1 [0137.662] lstrcmpiW (lpString1="bowser", lpString2="ccEvtMgr") returned -1 [0137.662] lstrcmpiW (lpString1="bowser", lpString2="NAV") returned -1 [0137.662] lstrcmpiW (lpString1="bowser", lpString2="NIS") returned -1 [0137.662] lstrcmpiW (lpString1="bowser", lpString2="NAVEX15") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="AVP") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="AVP15.0.0") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="AVP15.0.1") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="kl1") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="McComponentHostService") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="ekrn") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="egui") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="avgwd") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="BdfNdisf") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="avast! Antivirus") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="MsMpSvc") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="RsMgrSvc") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="fshoster") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="AVKProxy") returned 1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="MBAMService") returned -1 [0137.663] lstrcmpiW (lpString1="bowser", lpString2="GbpSv") returned -1 [0137.663] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x32, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BrokerInfrastructure", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.663] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BrokerInfrastructure") returned 54 [0137.663] SetLastError (dwErrCode=0x0) [0137.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BrokerInfrastructure", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.663] SetLastError (dwErrCode=0x0) [0137.663] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.663] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.663] SetLastError (dwErrCode=0x0) [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NAVENG") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="ccEvtMgr") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NAV") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NIS") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="NAVEX15") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVP") returned 1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVP15.0.0") returned 1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVP15.0.1") returned 1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="kl1") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="McComponentHostService") returned -1 [0137.663] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="ekrn") returned -1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="egui") returned -1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="avgwd") returned 1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="BdfNdisf") returned 1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="avast! Antivirus") returned 1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="MsMpSvc") returned -1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="RsMgrSvc") returned -1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="fshoster") returned -1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="AVKProxy") returned 1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="MBAMService") returned -1 [0137.664] lstrcmpiW (lpString1="BrokerInfrastructure", lpString2="GbpSv") returned -1 [0137.664] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x33, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Browser", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.664] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Browser") returned 41 [0137.664] SetLastError (dwErrCode=0x0) [0137.664] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Browser", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.664] SetLastError (dwErrCode=0x0) [0137.664] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.664] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.664] SetLastError (dwErrCode=0x0) [0137.664] lstrcmpiW (lpString1="Browser", lpString2="NAVENG") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="ccEvtMgr") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="NAV") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="NIS") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="NAVEX15") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="AVP") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="AVP15.0.0") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="AVP15.0.1") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="kl1") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="McComponentHostService") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="ekrn") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="egui") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="avgwd") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="BdfNdisf") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="avast! Antivirus") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="MsMpSvc") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="RsMgrSvc") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="fshoster") returned -1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="AVKProxy") returned 1 [0137.664] lstrcmpiW (lpString1="Browser", lpString2="MBAMService") returned -1 [0137.665] lstrcmpiW (lpString1="Browser", lpString2="GbpSv") returned -1 [0137.665] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x34, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BthAvrcpTg", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.665] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BthAvrcpTg") returned 44 [0137.665] SetLastError (dwErrCode=0x0) [0137.665] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BthAvrcpTg", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.665] SetLastError (dwErrCode=0x0) [0137.665] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.665] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.665] SetLastError (dwErrCode=0x0) [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NAVENG") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="ccEvtMgr") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NAV") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NIS") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="NAVEX15") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVP") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVP15.0.0") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVP15.0.1") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="kl1") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="McComponentHostService") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="ekrn") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="egui") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="avgwd") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="BdfNdisf") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="avast! Antivirus") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="MsMpSvc") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="RsMgrSvc") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="fshoster") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="AVKProxy") returned 1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="MBAMService") returned -1 [0137.665] lstrcmpiW (lpString1="BthAvrcpTg", lpString2="GbpSv") returned -1 [0137.665] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x35, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BthHFEnum", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.665] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BthHFEnum") returned 43 [0137.666] SetLastError (dwErrCode=0x0) [0137.666] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BthHFEnum", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.666] SetLastError (dwErrCode=0x0) [0137.666] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.666] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.666] SetLastError (dwErrCode=0x0) [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="NAVENG") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="ccEvtMgr") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="NAV") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="NIS") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="NAVEX15") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVP") returned 1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVP15.0.0") returned 1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVP15.0.1") returned 1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="kl1") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="McComponentHostService") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="ekrn") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="egui") returned -1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="avgwd") returned 1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="BdfNdisf") returned 1 [0137.666] lstrcmpiW (lpString1="BthHFEnum", lpString2="avast! Antivirus") returned 1 [0137.667] lstrcmpiW (lpString1="BthHFEnum", lpString2="MsMpSvc") returned -1 [0137.667] lstrcmpiW (lpString1="BthHFEnum", lpString2="RsMgrSvc") returned -1 [0137.667] lstrcmpiW (lpString1="BthHFEnum", lpString2="fshoster") returned -1 [0137.667] lstrcmpiW (lpString1="BthHFEnum", lpString2="AVKProxy") returned 1 [0137.667] lstrcmpiW (lpString1="BthHFEnum", lpString2="MBAMService") returned -1 [0137.667] lstrcmpiW (lpString1="BthHFEnum", lpString2="GbpSv") returned -1 [0137.667] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x36, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bthhfhid", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.667] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bthhfhid") returned 42 [0137.667] SetLastError (dwErrCode=0x0) [0137.667] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bthhfhid", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.667] SetLastError (dwErrCode=0x0) [0137.667] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.667] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.667] SetLastError (dwErrCode=0x0) [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="NAVENG") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="ccEvtMgr") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="NAV") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="NIS") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="NAVEX15") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="AVP") returned 1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="AVP15.0.0") returned 1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="AVP15.0.1") returned 1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="kl1") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="McComponentHostService") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="ekrn") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="egui") returned -1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="avgwd") returned 1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="BdfNdisf") returned 1 [0137.667] lstrcmpiW (lpString1="bthhfhid", lpString2="avast! Antivirus") returned 1 [0137.668] lstrcmpiW (lpString1="bthhfhid", lpString2="MsMpSvc") returned -1 [0137.668] lstrcmpiW (lpString1="bthhfhid", lpString2="RsMgrSvc") returned -1 [0137.668] lstrcmpiW (lpString1="bthhfhid", lpString2="fshoster") returned -1 [0137.668] lstrcmpiW (lpString1="bthhfhid", lpString2="AVKProxy") returned 1 [0137.668] lstrcmpiW (lpString1="bthhfhid", lpString2="MBAMService") returned -1 [0137.668] lstrcmpiW (lpString1="bthhfhid", lpString2="GbpSv") returned -1 [0137.668] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x37, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BthHFSrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.668] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BthHFSrv") returned 42 [0137.668] SetLastError (dwErrCode=0x0) [0137.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BthHFSrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.668] SetLastError (dwErrCode=0x0) [0137.668] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.668] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.668] SetLastError (dwErrCode=0x0) [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="NAVENG") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="ccEvtMgr") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="NAV") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="NIS") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="NAVEX15") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVP") returned 1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVP15.0.0") returned 1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVP15.0.1") returned 1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="kl1") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="McComponentHostService") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="ekrn") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="egui") returned -1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="avgwd") returned 1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="BdfNdisf") returned 1 [0137.668] lstrcmpiW (lpString1="BthHFSrv", lpString2="avast! Antivirus") returned 1 [0137.669] lstrcmpiW (lpString1="BthHFSrv", lpString2="MsMpSvc") returned -1 [0137.669] lstrcmpiW (lpString1="BthHFSrv", lpString2="RsMgrSvc") returned -1 [0137.669] lstrcmpiW (lpString1="BthHFSrv", lpString2="fshoster") returned -1 [0137.669] lstrcmpiW (lpString1="BthHFSrv", lpString2="AVKProxy") returned 1 [0137.669] lstrcmpiW (lpString1="BthHFSrv", lpString2="MBAMService") returned -1 [0137.669] lstrcmpiW (lpString1="BthHFSrv", lpString2="GbpSv") returned -1 [0137.669] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x38, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BTHMODEM", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.669] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BTHMODEM") returned 42 [0137.669] SetLastError (dwErrCode=0x0) [0137.669] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BTHMODEM", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.669] SetLastError (dwErrCode=0x0) [0137.669] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.669] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.669] SetLastError (dwErrCode=0x0) [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="NAVENG") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="ccEvtMgr") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="NAV") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="NIS") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="NAVEX15") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVP") returned 1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVP15.0.0") returned 1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVP15.0.1") returned 1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="kl1") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="McComponentHostService") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="ekrn") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="egui") returned -1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="avgwd") returned 1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="BdfNdisf") returned 1 [0137.669] lstrcmpiW (lpString1="BTHMODEM", lpString2="avast! Antivirus") returned 1 [0137.670] lstrcmpiW (lpString1="BTHMODEM", lpString2="MsMpSvc") returned -1 [0137.670] lstrcmpiW (lpString1="BTHMODEM", lpString2="RsMgrSvc") returned -1 [0137.670] lstrcmpiW (lpString1="BTHMODEM", lpString2="fshoster") returned -1 [0137.670] lstrcmpiW (lpString1="BTHMODEM", lpString2="AVKProxy") returned 1 [0137.670] lstrcmpiW (lpString1="BTHMODEM", lpString2="MBAMService") returned -1 [0137.670] lstrcmpiW (lpString1="BTHMODEM", lpString2="GbpSv") returned -1 [0137.670] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x39, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="BTHPORT", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.670] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\BTHPORT") returned 41 [0137.670] SetLastError (dwErrCode=0x0) [0137.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\BTHPORT", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.670] SetLastError (dwErrCode=0x0) [0137.670] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.670] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.670] SetLastError (dwErrCode=0x0) [0137.670] GetLastError () returned 0x0 [0137.670] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bthserv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.670] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\bthserv") returned 41 [0137.670] SetLastError (dwErrCode=0x0) [0137.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\bthserv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.670] SetLastError (dwErrCode=0x0) [0137.670] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.670] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.670] SetLastError (dwErrCode=0x0) [0137.670] lstrcmpiW (lpString1="bthserv", lpString2="NAVENG") returned -1 [0137.670] lstrcmpiW (lpString1="bthserv", lpString2="ccEvtMgr") returned -1 [0137.670] lstrcmpiW (lpString1="bthserv", lpString2="NAV") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="NIS") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="NAVEX15") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="AVP") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="AVP15.0.0") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="AVP15.0.1") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="kl1") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="McComponentHostService") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="ekrn") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="egui") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="avgwd") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="BdfNdisf") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="avast! Antivirus") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="MsMpSvc") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="RsMgrSvc") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="fshoster") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="AVKProxy") returned 1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="MBAMService") returned -1 [0137.671] lstrcmpiW (lpString1="bthserv", lpString2="GbpSv") returned -1 [0137.671] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="buttonconverter", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.671] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\buttonconverter") returned 49 [0137.671] SetLastError (dwErrCode=0x0) [0137.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\buttonconverter", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.671] SetLastError (dwErrCode=0x0) [0137.671] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.671] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.671] SetLastError (dwErrCode=0x0) [0137.671] lstrcmpiW (lpString1="buttonconverter", lpString2="NAVENG") returned -1 [0137.671] lstrcmpiW (lpString1="buttonconverter", lpString2="ccEvtMgr") returned -1 [0137.671] lstrcmpiW (lpString1="buttonconverter", lpString2="NAV") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="NIS") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="NAVEX15") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="AVP") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="AVP15.0.0") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="AVP15.0.1") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="kl1") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="McComponentHostService") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="ekrn") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="egui") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="avgwd") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="BdfNdisf") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="avast! Antivirus") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="MsMpSvc") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="RsMgrSvc") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="fshoster") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="AVKProxy") returned 1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="MBAMService") returned -1 [0137.672] lstrcmpiW (lpString1="buttonconverter", lpString2="GbpSv") returned -1 [0137.672] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CapImg", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.672] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CapImg") returned 40 [0137.672] SetLastError (dwErrCode=0x0) [0137.672] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CapImg", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.672] SetLastError (dwErrCode=0x0) [0137.672] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.672] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.672] SetLastError (dwErrCode=0x0) [0137.672] lstrcmpiW (lpString1="CapImg", lpString2="NAVENG") returned -1 [0137.672] lstrcmpiW (lpString1="CapImg", lpString2="ccEvtMgr") returned -1 [0137.672] lstrcmpiW (lpString1="CapImg", lpString2="NAV") returned -1 [0137.672] lstrcmpiW (lpString1="CapImg", lpString2="NIS") returned -1 [0137.672] lstrcmpiW (lpString1="CapImg", lpString2="NAVEX15") returned -1 [0137.672] lstrcmpiW (lpString1="CapImg", lpString2="AVP") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="AVP15.0.0") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="AVP15.0.1") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="kl1") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="McComponentHostService") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="ekrn") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="egui") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="avgwd") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="BdfNdisf") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="avast! Antivirus") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="MsMpSvc") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="RsMgrSvc") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="fshoster") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="AVKProxy") returned 1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="MBAMService") returned -1 [0137.673] lstrcmpiW (lpString1="CapImg", lpString2="GbpSv") returned -1 [0137.673] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="cdfs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.673] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\cdfs") returned 38 [0137.673] SetLastError (dwErrCode=0x0) [0137.673] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\cdfs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.673] SetLastError (dwErrCode=0x0) [0137.673] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.673] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.673] SetLastError (dwErrCode=0x0) [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="NAVENG") returned -1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="ccEvtMgr") returned 1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="NAV") returned -1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="NIS") returned -1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="NAVEX15") returned -1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="AVP") returned 1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="AVP15.0.0") returned 1 [0137.673] lstrcmpiW (lpString1="cdfs", lpString2="AVP15.0.1") returned 1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="kl1") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="McComponentHostService") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="ekrn") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="egui") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="avgwd") returned 1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="BdfNdisf") returned 1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="avast! Antivirus") returned 1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="MsMpSvc") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="RsMgrSvc") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="fshoster") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="AVKProxy") returned 1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="MBAMService") returned -1 [0137.674] lstrcmpiW (lpString1="cdfs", lpString2="GbpSv") returned -1 [0137.674] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CDPSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.674] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CDPSvc") returned 40 [0137.674] SetLastError (dwErrCode=0x0) [0137.674] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CDPSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.674] SetLastError (dwErrCode=0x0) [0137.674] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.674] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.674] SetLastError (dwErrCode=0x0) [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="NAVENG") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="ccEvtMgr") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="NAV") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="NIS") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="NAVEX15") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="AVP") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="AVP15.0.0") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="AVP15.0.1") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="kl1") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="McComponentHostService") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="ekrn") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="egui") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="avgwd") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="BdfNdisf") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="avast! Antivirus") returned 1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="MsMpSvc") returned -1 [0137.674] lstrcmpiW (lpString1="CDPSvc", lpString2="RsMgrSvc") returned -1 [0137.675] lstrcmpiW (lpString1="CDPSvc", lpString2="fshoster") returned -1 [0137.675] lstrcmpiW (lpString1="CDPSvc", lpString2="AVKProxy") returned 1 [0137.675] lstrcmpiW (lpString1="CDPSvc", lpString2="MBAMService") returned -1 [0137.675] lstrcmpiW (lpString1="CDPSvc", lpString2="GbpSv") returned -1 [0137.675] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="cdrom", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.675] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\cdrom") returned 39 [0137.675] SetLastError (dwErrCode=0x0) [0137.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\cdrom", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.675] SetLastError (dwErrCode=0x0) [0137.675] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.675] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.675] SetLastError (dwErrCode=0x0) [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="NAVENG") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="ccEvtMgr") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="NAV") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="NIS") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="NAVEX15") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="AVP") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="AVP15.0.0") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="AVP15.0.1") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="kl1") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="McComponentHostService") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="ekrn") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="egui") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="avgwd") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="BdfNdisf") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="avast! Antivirus") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="MsMpSvc") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="RsMgrSvc") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="fshoster") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="AVKProxy") returned 1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="MBAMService") returned -1 [0137.675] lstrcmpiW (lpString1="cdrom", lpString2="GbpSv") returned -1 [0137.675] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x40, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CertPropSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.675] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CertPropSvc") returned 45 [0137.675] SetLastError (dwErrCode=0x0) [0137.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CertPropSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.676] SetLastError (dwErrCode=0x0) [0137.676] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.676] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.676] SetLastError (dwErrCode=0x0) [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="NAVENG") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="ccEvtMgr") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="NAV") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="NIS") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="NAVEX15") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVP") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVP15.0.0") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVP15.0.1") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="kl1") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="McComponentHostService") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="ekrn") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="egui") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="avgwd") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="BdfNdisf") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="avast! Antivirus") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="MsMpSvc") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="RsMgrSvc") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="fshoster") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="AVKProxy") returned 1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="MBAMService") returned -1 [0137.676] lstrcmpiW (lpString1="CertPropSvc", lpString2="GbpSv") returned -1 [0137.676] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x41, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="circlass", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.676] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\circlass") returned 42 [0137.676] SetLastError (dwErrCode=0x0) [0137.676] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\circlass", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.676] SetLastError (dwErrCode=0x0) [0137.676] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.676] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.676] SetLastError (dwErrCode=0x0) [0137.677] lstrcmpiW (lpString1="circlass", lpString2="NAVENG") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="ccEvtMgr") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="NAV") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="NIS") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="NAVEX15") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="AVP") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="AVP15.0.0") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="AVP15.0.1") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="kl1") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="McComponentHostService") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="ekrn") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="egui") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="avgwd") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="BdfNdisf") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="avast! Antivirus") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="MsMpSvc") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="RsMgrSvc") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="fshoster") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="AVKProxy") returned 1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="MBAMService") returned -1 [0137.677] lstrcmpiW (lpString1="circlass", lpString2="GbpSv") returned -1 [0137.677] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x42, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CLFS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.677] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CLFS") returned 38 [0137.677] SetLastError (dwErrCode=0x0) [0137.677] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CLFS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.677] SetLastError (dwErrCode=0x0) [0137.677] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.677] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.677] SetLastError (dwErrCode=0x0) [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="NAVENG") returned -1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="ccEvtMgr") returned 1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="NAV") returned -1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="NIS") returned -1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="NAVEX15") returned -1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="AVP") returned 1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="AVP15.0.0") returned 1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="AVP15.0.1") returned 1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="kl1") returned -1 [0137.677] lstrcmpiW (lpString1="CLFS", lpString2="McComponentHostService") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="ekrn") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="egui") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="avgwd") returned 1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="BdfNdisf") returned 1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="avast! Antivirus") returned 1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="MsMpSvc") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="RsMgrSvc") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="fshoster") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="AVKProxy") returned 1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="MBAMService") returned -1 [0137.678] lstrcmpiW (lpString1="CLFS", lpString2="GbpSv") returned -1 [0137.678] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x43, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ClickToRunSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.678] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ClickToRunSvc") returned 47 [0137.678] SetLastError (dwErrCode=0x0) [0137.678] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ClickToRunSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.678] SetLastError (dwErrCode=0x0) [0137.678] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.678] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.678] SetLastError (dwErrCode=0x0) [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NAVENG") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="ccEvtMgr") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NAV") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NIS") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="NAVEX15") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVP") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVP15.0.0") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVP15.0.1") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="kl1") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="McComponentHostService") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="ekrn") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="egui") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="avgwd") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="BdfNdisf") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="avast! Antivirus") returned 1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="MsMpSvc") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="RsMgrSvc") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="fshoster") returned -1 [0137.678] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="AVKProxy") returned 1 [0137.679] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="MBAMService") returned -1 [0137.679] lstrcmpiW (lpString1="ClickToRunSvc", lpString2="GbpSv") returned -1 [0137.679] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x44, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ClipSVC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.679] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ClipSVC") returned 41 [0137.679] SetLastError (dwErrCode=0x0) [0137.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ClipSVC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.679] SetLastError (dwErrCode=0x0) [0137.679] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.679] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.679] SetLastError (dwErrCode=0x0) [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="NAVENG") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="ccEvtMgr") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="NAV") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="NIS") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="NAVEX15") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="AVP") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="AVP15.0.0") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="AVP15.0.1") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="kl1") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="McComponentHostService") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="ekrn") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="egui") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="avgwd") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="BdfNdisf") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="avast! Antivirus") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="MsMpSvc") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="RsMgrSvc") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="fshoster") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="AVKProxy") returned 1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="MBAMService") returned -1 [0137.679] lstrcmpiW (lpString1="ClipSVC", lpString2="GbpSv") returned -1 [0137.679] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x45, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v2.0.50727_32", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.679] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_32") returned 64 [0137.679] SetLastError (dwErrCode=0x0) [0137.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_32", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.679] SetLastError (dwErrCode=0x0) [0137.680] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x46, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v2.0.50727_64", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_64") returned 64 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v2.0.50727_64", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x47, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v4.0.30319_32", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_32") returned 64 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_32", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x48, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="clr_optimization_v4.0.30319_64", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_64") returned 64 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\clr_optimization_v4.0.30319_64", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x49, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CmBatt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.680] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CmBatt") returned 40 [0137.680] SetLastError (dwErrCode=0x0) [0137.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CmBatt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.681] SetLastError (dwErrCode=0x0) [0137.681] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.681] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.681] SetLastError (dwErrCode=0x0) [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="NAVENG") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="ccEvtMgr") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="NAV") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="NIS") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="NAVEX15") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="AVP") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="AVP15.0.0") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="AVP15.0.1") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="kl1") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="McComponentHostService") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="ekrn") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="egui") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="avgwd") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="BdfNdisf") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="avast! Antivirus") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="MsMpSvc") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="RsMgrSvc") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="fshoster") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="AVKProxy") returned 1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="MBAMService") returned -1 [0137.681] lstrcmpiW (lpString1="CmBatt", lpString2="GbpSv") returned -1 [0137.681] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CNG", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.682] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CNG") returned 37 [0137.682] SetLastError (dwErrCode=0x0) [0137.682] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CNG", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.682] SetLastError (dwErrCode=0x0) [0137.682] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.682] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.682] SetLastError (dwErrCode=0x0) [0137.682] lstrcmpiW (lpString1="CNG", lpString2="NAVENG") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="ccEvtMgr") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="NAV") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="NIS") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="NAVEX15") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="AVP") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="AVP15.0.0") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="AVP15.0.1") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="kl1") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="McComponentHostService") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="ekrn") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="egui") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="avgwd") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="BdfNdisf") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="avast! Antivirus") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="MsMpSvc") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="RsMgrSvc") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="fshoster") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="AVKProxy") returned 1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="MBAMService") returned -1 [0137.682] lstrcmpiW (lpString1="CNG", lpString2="GbpSv") returned -1 [0137.682] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="cnghwassist", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.682] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\cnghwassist") returned 45 [0137.682] SetLastError (dwErrCode=0x0) [0137.682] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\cnghwassist", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.682] SetLastError (dwErrCode=0x0) [0137.682] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.682] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.683] SetLastError (dwErrCode=0x0) [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="NAVENG") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="ccEvtMgr") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="NAV") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="NIS") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="NAVEX15") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="AVP") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="AVP15.0.0") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="AVP15.0.1") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="kl1") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="McComponentHostService") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="ekrn") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="egui") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="avgwd") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="BdfNdisf") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="avast! Antivirus") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="MsMpSvc") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="RsMgrSvc") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="fshoster") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="AVKProxy") returned 1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="MBAMService") returned -1 [0137.683] lstrcmpiW (lpString1="cnghwassist", lpString2="GbpSv") returned -1 [0137.683] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CompositeBus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.683] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CompositeBus") returned 46 [0137.683] SetLastError (dwErrCode=0x0) [0137.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CompositeBus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.683] SetLastError (dwErrCode=0x0) [0137.683] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.683] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.683] SetLastError (dwErrCode=0x0) [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="NAVENG") returned -1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="ccEvtMgr") returned 1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="NAV") returned -1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="NIS") returned -1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="NAVEX15") returned -1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="AVP") returned 1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="AVP15.0.0") returned 1 [0137.683] lstrcmpiW (lpString1="CompositeBus", lpString2="AVP15.0.1") returned 1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="kl1") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="McComponentHostService") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="ekrn") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="egui") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="avgwd") returned 1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="BdfNdisf") returned 1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="avast! Antivirus") returned 1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="MsMpSvc") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="RsMgrSvc") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="fshoster") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="AVKProxy") returned 1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="MBAMService") returned -1 [0137.684] lstrcmpiW (lpString1="CompositeBus", lpString2="GbpSv") returned -1 [0137.684] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="COMSysApp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.684] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\COMSysApp") returned 43 [0137.684] SetLastError (dwErrCode=0x0) [0137.684] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\COMSysApp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.684] SetLastError (dwErrCode=0x0) [0137.684] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.684] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.684] SetLastError (dwErrCode=0x0) [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="NAVENG") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="ccEvtMgr") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="NAV") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="NIS") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="NAVEX15") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="AVP") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="AVP15.0.0") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="AVP15.0.1") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="kl1") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="McComponentHostService") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="ekrn") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="egui") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="avgwd") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="BdfNdisf") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="avast! Antivirus") returned 1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="MsMpSvc") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="RsMgrSvc") returned -1 [0137.684] lstrcmpiW (lpString1="COMSysApp", lpString2="fshoster") returned -1 [0137.685] lstrcmpiW (lpString1="COMSysApp", lpString2="AVKProxy") returned 1 [0137.685] lstrcmpiW (lpString1="COMSysApp", lpString2="MBAMService") returned -1 [0137.685] lstrcmpiW (lpString1="COMSysApp", lpString2="GbpSv") returned -1 [0137.685] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="condrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.685] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\condrv") returned 40 [0137.685] SetLastError (dwErrCode=0x0) [0137.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\condrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.685] SetLastError (dwErrCode=0x0) [0137.685] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.685] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.685] SetLastError (dwErrCode=0x0) [0137.685] lstrcmpiW (lpString1="condrv", lpString2="NAVENG") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="ccEvtMgr") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="NAV") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="NIS") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="NAVEX15") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="AVP") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="AVP15.0.0") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="AVP15.0.1") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="kl1") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="McComponentHostService") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="ekrn") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="egui") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="avgwd") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="BdfNdisf") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="avast! Antivirus") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="MsMpSvc") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="RsMgrSvc") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="fshoster") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="AVKProxy") returned 1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="MBAMService") returned -1 [0137.685] lstrcmpiW (lpString1="condrv", lpString2="GbpSv") returned -1 [0137.685] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CoreMessagingRegistrar", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.685] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CoreMessagingRegistrar") returned 56 [0137.685] SetLastError (dwErrCode=0x0) [0137.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CoreMessagingRegistrar", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.685] SetLastError (dwErrCode=0x0) [0137.686] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.686] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.686] SetLastError (dwErrCode=0x0) [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NAVENG") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="ccEvtMgr") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NAV") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NIS") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="NAVEX15") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVP") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVP15.0.0") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVP15.0.1") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="kl1") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="McComponentHostService") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="ekrn") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="egui") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="avgwd") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="BdfNdisf") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="avast! Antivirus") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="MsMpSvc") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="RsMgrSvc") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="fshoster") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="AVKProxy") returned 1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="MBAMService") returned -1 [0137.686] lstrcmpiW (lpString1="CoreMessagingRegistrar", lpString2="GbpSv") returned -1 [0137.686] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x50, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CoreUI", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.686] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CoreUI") returned 40 [0137.686] SetLastError (dwErrCode=0x0) [0137.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CoreUI", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.686] SetLastError (dwErrCode=0x0) [0137.686] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.687] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] GetLastError () returned 0x0 [0137.687] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x51, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="crypt32", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.687] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\crypt32") returned 41 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\crypt32", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.687] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] GetLastError () returned 0x0 [0137.687] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x52, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CryptSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.687] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CryptSvc") returned 42 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CryptSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.687] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.687] SetLastError (dwErrCode=0x0) [0137.687] lstrcmpiW (lpString1="CryptSvc", lpString2="NAVENG") returned -1 [0137.687] lstrcmpiW (lpString1="CryptSvc", lpString2="ccEvtMgr") returned 1 [0137.687] lstrcmpiW (lpString1="CryptSvc", lpString2="NAV") returned -1 [0137.687] lstrcmpiW (lpString1="CryptSvc", lpString2="NIS") returned -1 [0137.687] lstrcmpiW (lpString1="CryptSvc", lpString2="NAVEX15") returned -1 [0137.687] lstrcmpiW (lpString1="CryptSvc", lpString2="AVP") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="AVP15.0.0") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="AVP15.0.1") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="kl1") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="McComponentHostService") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="ekrn") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="egui") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="avgwd") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="BdfNdisf") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="avast! Antivirus") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="MsMpSvc") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="RsMgrSvc") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="fshoster") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="AVKProxy") returned 1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="MBAMService") returned -1 [0137.688] lstrcmpiW (lpString1="CryptSvc", lpString2="GbpSv") returned -1 [0137.688] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x53, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CSC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.688] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CSC") returned 37 [0137.688] SetLastError (dwErrCode=0x0) [0137.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CSC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.688] SetLastError (dwErrCode=0x0) [0137.688] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.688] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.688] SetLastError (dwErrCode=0x0) [0137.688] lstrcmpiW (lpString1="CSC", lpString2="NAVENG") returned -1 [0137.688] lstrcmpiW (lpString1="CSC", lpString2="ccEvtMgr") returned 1 [0137.688] lstrcmpiW (lpString1="CSC", lpString2="NAV") returned -1 [0137.688] lstrcmpiW (lpString1="CSC", lpString2="NIS") returned -1 [0137.688] lstrcmpiW (lpString1="CSC", lpString2="NAVEX15") returned -1 [0137.688] lstrcmpiW (lpString1="CSC", lpString2="AVP") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="AVP15.0.0") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="AVP15.0.1") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="kl1") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="McComponentHostService") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="ekrn") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="egui") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="avgwd") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="BdfNdisf") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="avast! Antivirus") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="MsMpSvc") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="RsMgrSvc") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="fshoster") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="AVKProxy") returned 1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="MBAMService") returned -1 [0137.689] lstrcmpiW (lpString1="CSC", lpString2="GbpSv") returned -1 [0137.689] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x54, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CscService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.689] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\CscService") returned 44 [0137.689] SetLastError (dwErrCode=0x0) [0137.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\CscService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.689] SetLastError (dwErrCode=0x0) [0137.689] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.689] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.689] SetLastError (dwErrCode=0x0) [0137.689] lstrcmpiW (lpString1="CscService", lpString2="NAVENG") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="ccEvtMgr") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="NAV") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="NIS") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="NAVEX15") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="AVP") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="AVP15.0.0") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="AVP15.0.1") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="kl1") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="McComponentHostService") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="ekrn") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="egui") returned -1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="avgwd") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="BdfNdisf") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="avast! Antivirus") returned 1 [0137.689] lstrcmpiW (lpString1="CscService", lpString2="MsMpSvc") returned -1 [0137.690] lstrcmpiW (lpString1="CscService", lpString2="RsMgrSvc") returned -1 [0137.690] lstrcmpiW (lpString1="CscService", lpString2="fshoster") returned -1 [0137.690] lstrcmpiW (lpString1="CscService", lpString2="AVKProxy") returned 1 [0137.690] lstrcmpiW (lpString1="CscService", lpString2="MBAMService") returned -1 [0137.690] lstrcmpiW (lpString1="CscService", lpString2="GbpSv") returned -1 [0137.690] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x55, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dam", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.690] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dam") returned 37 [0137.690] SetLastError (dwErrCode=0x0) [0137.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dam", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.690] SetLastError (dwErrCode=0x0) [0137.690] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.690] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.690] SetLastError (dwErrCode=0x0) [0137.690] lstrcmpiW (lpString1="dam", lpString2="NAVENG") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="ccEvtMgr") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="NAV") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="NIS") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="NAVEX15") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="AVP") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="AVP15.0.0") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="AVP15.0.1") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="kl1") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="McComponentHostService") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="ekrn") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="egui") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="avgwd") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="BdfNdisf") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="avast! Antivirus") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="MsMpSvc") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="RsMgrSvc") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="fshoster") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="AVKProxy") returned 1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="MBAMService") returned -1 [0137.690] lstrcmpiW (lpString1="dam", lpString2="GbpSv") returned -1 [0137.690] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x56, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DCLocator", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.690] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DCLocator") returned 43 [0137.690] SetLastError (dwErrCode=0x0) [0137.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DCLocator", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.691] SetLastError (dwErrCode=0x0) [0137.691] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.691] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.691] SetLastError (dwErrCode=0x0) [0137.691] GetLastError () returned 0x0 [0137.691] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x57, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DcomLaunch", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.691] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DcomLaunch") returned 44 [0137.691] SetLastError (dwErrCode=0x0) [0137.691] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DcomLaunch", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.691] SetLastError (dwErrCode=0x0) [0137.691] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.691] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.691] SetLastError (dwErrCode=0x0) [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="NAVENG") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="ccEvtMgr") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="NAV") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="NIS") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="NAVEX15") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVP") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVP15.0.0") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVP15.0.1") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="kl1") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="McComponentHostService") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="ekrn") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="egui") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="avgwd") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="BdfNdisf") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="avast! Antivirus") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="MsMpSvc") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="RsMgrSvc") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="fshoster") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="AVKProxy") returned 1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="MBAMService") returned -1 [0137.691] lstrcmpiW (lpString1="DcomLaunch", lpString2="GbpSv") returned -1 [0137.691] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x58, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DcpSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.691] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DcpSvc") returned 40 [0137.691] SetLastError (dwErrCode=0x0) [0137.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DcpSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.692] SetLastError (dwErrCode=0x0) [0137.692] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.692] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.692] SetLastError (dwErrCode=0x0) [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="NAVENG") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="ccEvtMgr") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="NAV") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="NIS") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="NAVEX15") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="AVP") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="AVP15.0.0") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="AVP15.0.1") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="kl1") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="McComponentHostService") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="ekrn") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="egui") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="avgwd") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="BdfNdisf") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="avast! Antivirus") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="MsMpSvc") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="RsMgrSvc") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="fshoster") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="AVKProxy") returned 1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="MBAMService") returned -1 [0137.692] lstrcmpiW (lpString1="DcpSvc", lpString2="GbpSv") returned -1 [0137.692] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x59, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="defragsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.692] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\defragsvc") returned 43 [0137.692] SetLastError (dwErrCode=0x0) [0137.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\defragsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.692] SetLastError (dwErrCode=0x0) [0137.692] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.692] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.693] SetLastError (dwErrCode=0x0) [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="NAVENG") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="ccEvtMgr") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="NAV") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="NIS") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="NAVEX15") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="AVP") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="AVP15.0.0") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="AVP15.0.1") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="kl1") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="McComponentHostService") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="ekrn") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="egui") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="avgwd") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="BdfNdisf") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="avast! Antivirus") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="MsMpSvc") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="RsMgrSvc") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="fshoster") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="AVKProxy") returned 1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="MBAMService") returned -1 [0137.693] lstrcmpiW (lpString1="defragsvc", lpString2="GbpSv") returned -1 [0137.693] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DeviceAssociationService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.693] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DeviceAssociationService") returned 58 [0137.693] SetLastError (dwErrCode=0x0) [0137.693] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DeviceAssociationService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.693] SetLastError (dwErrCode=0x0) [0137.693] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.693] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.693] SetLastError (dwErrCode=0x0) [0137.693] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NAVENG") returned -1 [0137.693] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="ccEvtMgr") returned 1 [0137.693] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NAV") returned -1 [0137.693] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NIS") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="NAVEX15") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVP") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVP15.0.0") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVP15.0.1") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="kl1") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="McComponentHostService") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="ekrn") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="egui") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="avgwd") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="BdfNdisf") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="avast! Antivirus") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="MsMpSvc") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="RsMgrSvc") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="fshoster") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="AVKProxy") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="MBAMService") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceAssociationService", lpString2="GbpSv") returned -1 [0137.694] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DeviceInstall", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.694] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DeviceInstall") returned 47 [0137.694] SetLastError (dwErrCode=0x0) [0137.694] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DeviceInstall", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.694] SetLastError (dwErrCode=0x0) [0137.694] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.694] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.694] SetLastError (dwErrCode=0x0) [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="NAVENG") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="ccEvtMgr") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="NAV") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="NIS") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="NAVEX15") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVP") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVP15.0.0") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVP15.0.1") returned 1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="kl1") returned -1 [0137.694] lstrcmpiW (lpString1="DeviceInstall", lpString2="McComponentHostService") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="ekrn") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="egui") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="avgwd") returned 1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="BdfNdisf") returned 1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="avast! Antivirus") returned 1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="MsMpSvc") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="RsMgrSvc") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="fshoster") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="AVKProxy") returned 1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="MBAMService") returned -1 [0137.695] lstrcmpiW (lpString1="DeviceInstall", lpString2="GbpSv") returned -1 [0137.695] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DevQueryBroker", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.695] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DevQueryBroker") returned 48 [0137.695] SetLastError (dwErrCode=0x0) [0137.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DevQueryBroker", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.695] SetLastError (dwErrCode=0x0) [0137.695] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.695] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.695] SetLastError (dwErrCode=0x0) [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NAVENG") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="ccEvtMgr") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NAV") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NIS") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="NAVEX15") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVP") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVP15.0.0") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVP15.0.1") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="kl1") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="McComponentHostService") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="ekrn") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="egui") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="avgwd") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="BdfNdisf") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="avast! Antivirus") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="MsMpSvc") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="RsMgrSvc") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="fshoster") returned -1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="AVKProxy") returned 1 [0137.695] lstrcmpiW (lpString1="DevQueryBroker", lpString2="MBAMService") returned -1 [0137.696] lstrcmpiW (lpString1="DevQueryBroker", lpString2="GbpSv") returned -1 [0137.696] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Dfsc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.696] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Dfsc") returned 38 [0137.696] SetLastError (dwErrCode=0x0) [0137.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Dfsc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.696] SetLastError (dwErrCode=0x0) [0137.696] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.696] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.696] SetLastError (dwErrCode=0x0) [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="NAVENG") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="ccEvtMgr") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="NAV") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="NIS") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="NAVEX15") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="AVP") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="AVP15.0.0") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="AVP15.0.1") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="kl1") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="McComponentHostService") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="ekrn") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="egui") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="avgwd") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="BdfNdisf") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="avast! Antivirus") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="MsMpSvc") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="RsMgrSvc") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="fshoster") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="AVKProxy") returned 1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="MBAMService") returned -1 [0137.696] lstrcmpiW (lpString1="Dfsc", lpString2="GbpSv") returned -1 [0137.696] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Dhcp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.696] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Dhcp") returned 38 [0137.696] SetLastError (dwErrCode=0x0) [0137.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Dhcp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.696] SetLastError (dwErrCode=0x0) [0137.696] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.696] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.697] SetLastError (dwErrCode=0x0) [0137.697] lstrcmpiW (lpString1="Dhcp", lpString2="NAVENG") returned -1 [0137.697] lstrcmpiW (lpString1="Dhcp", lpString2="ccEvtMgr") returned 1 [0137.697] lstrcmpiW (lpString1="Dhcp", lpString2="NAV") returned -1 [0137.697] lstrcmpiW (lpString1="Dhcp", lpString2="NIS") returned -1 [0137.697] lstrcmpiW (lpString1="Dhcp", lpString2="NAVEX15") returned -1 [0137.697] lstrcmpiW (lpString1="Dhcp", lpString2="AVP") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="AVP15.0.0") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="AVP15.0.1") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="kl1") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="McComponentHostService") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="ekrn") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="egui") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="avgwd") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="BdfNdisf") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="avast! Antivirus") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="MsMpSvc") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="RsMgrSvc") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="fshoster") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="AVKProxy") returned 1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="MBAMService") returned -1 [0137.698] lstrcmpiW (lpString1="Dhcp", lpString2="GbpSv") returned -1 [0137.698] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="diagnosticshub.standardcollector.service", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.698] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\diagnosticshub.standardcollector.service") returned 74 [0137.698] SetLastError (dwErrCode=0x0) [0137.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\diagnosticshub.standardcollector.service", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.698] SetLastError (dwErrCode=0x0) [0137.698] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.698] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.698] SetLastError (dwErrCode=0x0) [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NAVENG") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="ccEvtMgr") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NAV") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NIS") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="NAVEX15") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVP") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVP15.0.0") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVP15.0.1") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="kl1") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="McComponentHostService") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="ekrn") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="egui") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="avgwd") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="BdfNdisf") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="avast! Antivirus") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="MsMpSvc") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="RsMgrSvc") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="fshoster") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="AVKProxy") returned 1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="MBAMService") returned -1 [0137.699] lstrcmpiW (lpString1="diagnosticshub.standardcollector.service", lpString2="GbpSv") returned -1 [0137.699] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x60, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DiagTrack", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.699] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DiagTrack") returned 43 [0137.699] SetLastError (dwErrCode=0x0) [0137.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DiagTrack", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.699] SetLastError (dwErrCode=0x0) [0137.699] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.699] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.699] SetLastError (dwErrCode=0x0) [0137.699] lstrcmpiW (lpString1="DiagTrack", lpString2="NAVENG") returned -1 [0137.699] lstrcmpiW (lpString1="DiagTrack", lpString2="ccEvtMgr") returned 1 [0137.699] lstrcmpiW (lpString1="DiagTrack", lpString2="NAV") returned -1 [0137.699] lstrcmpiW (lpString1="DiagTrack", lpString2="NIS") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="NAVEX15") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="AVP") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="AVP15.0.0") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="AVP15.0.1") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="kl1") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="McComponentHostService") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="ekrn") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="egui") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="avgwd") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="BdfNdisf") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="avast! Antivirus") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="MsMpSvc") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="RsMgrSvc") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="fshoster") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="AVKProxy") returned 1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="MBAMService") returned -1 [0137.700] lstrcmpiW (lpString1="DiagTrack", lpString2="GbpSv") returned -1 [0137.700] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x61, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="disk", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.700] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\disk") returned 38 [0137.700] SetLastError (dwErrCode=0x0) [0137.700] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\disk", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.700] SetLastError (dwErrCode=0x0) [0137.700] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.700] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.700] SetLastError (dwErrCode=0x0) [0137.700] lstrcmpiW (lpString1="disk", lpString2="NAVENG") returned -1 [0137.700] lstrcmpiW (lpString1="disk", lpString2="ccEvtMgr") returned 1 [0137.700] lstrcmpiW (lpString1="disk", lpString2="NAV") returned -1 [0137.700] lstrcmpiW (lpString1="disk", lpString2="NIS") returned -1 [0137.700] lstrcmpiW (lpString1="disk", lpString2="NAVEX15") returned -1 [0137.700] lstrcmpiW (lpString1="disk", lpString2="AVP") returned 1 [0137.700] lstrcmpiW (lpString1="disk", lpString2="AVP15.0.0") returned 1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="AVP15.0.1") returned 1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="kl1") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="McComponentHostService") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="ekrn") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="egui") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="avgwd") returned 1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="BdfNdisf") returned 1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="avast! Antivirus") returned 1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="MsMpSvc") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="RsMgrSvc") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="fshoster") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="AVKProxy") returned 1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="MBAMService") returned -1 [0137.701] lstrcmpiW (lpString1="disk", lpString2="GbpSv") returned -1 [0137.701] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x62, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DmEnrollmentSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.701] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DmEnrollmentSvc") returned 49 [0137.701] SetLastError (dwErrCode=0x0) [0137.701] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DmEnrollmentSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.701] SetLastError (dwErrCode=0x0) [0137.701] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.701] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.701] SetLastError (dwErrCode=0x0) [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NAVENG") returned -1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="ccEvtMgr") returned 1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NAV") returned -1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NIS") returned -1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="NAVEX15") returned -1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVP") returned 1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVP15.0.0") returned 1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVP15.0.1") returned 1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="kl1") returned -1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="McComponentHostService") returned -1 [0137.701] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="ekrn") returned -1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="egui") returned -1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="avgwd") returned 1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="BdfNdisf") returned 1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="avast! Antivirus") returned 1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="MsMpSvc") returned -1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="RsMgrSvc") returned -1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="fshoster") returned -1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="AVKProxy") returned 1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="MBAMService") returned -1 [0137.702] lstrcmpiW (lpString1="DmEnrollmentSvc", lpString2="GbpSv") returned -1 [0137.702] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x63, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dmvsc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.702] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dmvsc") returned 39 [0137.702] SetLastError (dwErrCode=0x0) [0137.702] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dmvsc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.702] SetLastError (dwErrCode=0x0) [0137.702] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.702] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.702] SetLastError (dwErrCode=0x0) [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="NAVENG") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="ccEvtMgr") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="NAV") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="NIS") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="NAVEX15") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="AVP") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="AVP15.0.0") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="AVP15.0.1") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="kl1") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="McComponentHostService") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="ekrn") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="egui") returned -1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="avgwd") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="BdfNdisf") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="avast! Antivirus") returned 1 [0137.702] lstrcmpiW (lpString1="dmvsc", lpString2="MsMpSvc") returned -1 [0137.703] lstrcmpiW (lpString1="dmvsc", lpString2="RsMgrSvc") returned -1 [0137.703] lstrcmpiW (lpString1="dmvsc", lpString2="fshoster") returned -1 [0137.703] lstrcmpiW (lpString1="dmvsc", lpString2="AVKProxy") returned 1 [0137.703] lstrcmpiW (lpString1="dmvsc", lpString2="MBAMService") returned -1 [0137.703] lstrcmpiW (lpString1="dmvsc", lpString2="GbpSv") returned -1 [0137.703] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x64, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dmwappushservice", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.703] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dmwappushservice") returned 50 [0137.703] SetLastError (dwErrCode=0x0) [0137.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dmwappushservice", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.703] SetLastError (dwErrCode=0x0) [0137.703] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.703] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.703] SetLastError (dwErrCode=0x0) [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="NAVENG") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="ccEvtMgr") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="NAV") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="NIS") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="NAVEX15") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVP") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVP15.0.0") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVP15.0.1") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="kl1") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="McComponentHostService") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="ekrn") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="egui") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="avgwd") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="BdfNdisf") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="avast! Antivirus") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="MsMpSvc") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="RsMgrSvc") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="fshoster") returned -1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="AVKProxy") returned 1 [0137.703] lstrcmpiW (lpString1="dmwappushservice", lpString2="MBAMService") returned -1 [0137.704] lstrcmpiW (lpString1="dmwappushservice", lpString2="GbpSv") returned -1 [0137.704] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x65, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Dnscache", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.704] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Dnscache") returned 42 [0137.704] SetLastError (dwErrCode=0x0) [0137.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Dnscache", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.704] SetLastError (dwErrCode=0x0) [0137.704] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.704] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.704] SetLastError (dwErrCode=0x0) [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="NAVENG") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="ccEvtMgr") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="NAV") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="NIS") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="NAVEX15") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="AVP") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="AVP15.0.0") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="AVP15.0.1") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="kl1") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="McComponentHostService") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="ekrn") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="egui") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="avgwd") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="BdfNdisf") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="avast! Antivirus") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="MsMpSvc") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="RsMgrSvc") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="fshoster") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="AVKProxy") returned 1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="MBAMService") returned -1 [0137.704] lstrcmpiW (lpString1="Dnscache", lpString2="GbpSv") returned -1 [0137.704] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x66, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DoSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.704] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DoSvc") returned 39 [0137.704] SetLastError (dwErrCode=0x0) [0137.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DoSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.705] SetLastError (dwErrCode=0x0) [0137.705] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xe, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.705] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.705] SetLastError (dwErrCode=0x0) [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="NAVENG") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="ccEvtMgr") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="NAV") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="NIS") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="NAVEX15") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="AVP") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="AVP15.0.0") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="AVP15.0.1") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="kl1") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="McComponentHostService") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="ekrn") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="egui") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="avgwd") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="BdfNdisf") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="avast! Antivirus") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="MsMpSvc") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="RsMgrSvc") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="fshoster") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="AVKProxy") returned 1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="MBAMService") returned -1 [0137.705] lstrcmpiW (lpString1="DoSvc", lpString2="GbpSv") returned -1 [0137.705] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x67, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="dot3svc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.705] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dot3svc") returned 41 [0137.705] SetLastError (dwErrCode=0x0) [0137.705] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dot3svc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.705] SetLastError (dwErrCode=0x0) [0137.705] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.705] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.706] SetLastError (dwErrCode=0x0) [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="NAVENG") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="ccEvtMgr") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="NAV") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="NIS") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="NAVEX15") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="AVP") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="AVP15.0.0") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="AVP15.0.1") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="kl1") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="McComponentHostService") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="ekrn") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="egui") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="avgwd") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="BdfNdisf") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="avast! Antivirus") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="MsMpSvc") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="RsMgrSvc") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="fshoster") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="AVKProxy") returned 1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="MBAMService") returned -1 [0137.706] lstrcmpiW (lpString1="dot3svc", lpString2="GbpSv") returned -1 [0137.706] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x68, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DPS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.706] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DPS") returned 37 [0137.706] SetLastError (dwErrCode=0x0) [0137.706] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DPS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.706] SetLastError (dwErrCode=0x0) [0137.706] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.706] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.706] SetLastError (dwErrCode=0x0) [0137.706] lstrcmpiW (lpString1="DPS", lpString2="NAVENG") returned -1 [0137.706] lstrcmpiW (lpString1="DPS", lpString2="ccEvtMgr") returned 1 [0137.706] lstrcmpiW (lpString1="DPS", lpString2="NAV") returned -1 [0137.706] lstrcmpiW (lpString1="DPS", lpString2="NIS") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="NAVEX15") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="AVP") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="AVP15.0.0") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="AVP15.0.1") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="kl1") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="McComponentHostService") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="ekrn") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="egui") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="avgwd") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="BdfNdisf") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="avast! Antivirus") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="MsMpSvc") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="RsMgrSvc") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="fshoster") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="AVKProxy") returned 1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="MBAMService") returned -1 [0137.707] lstrcmpiW (lpString1="DPS", lpString2="GbpSv") returned -1 [0137.707] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x69, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="drmkaud", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.707] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\drmkaud") returned 41 [0137.707] SetLastError (dwErrCode=0x0) [0137.707] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\drmkaud", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.707] SetLastError (dwErrCode=0x0) [0137.707] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.707] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.707] SetLastError (dwErrCode=0x0) [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="NAVENG") returned -1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="ccEvtMgr") returned 1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="NAV") returned -1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="NIS") returned -1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="NAVEX15") returned -1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="AVP") returned 1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="AVP15.0.0") returned 1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="AVP15.0.1") returned 1 [0137.707] lstrcmpiW (lpString1="drmkaud", lpString2="kl1") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="McComponentHostService") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="ekrn") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="egui") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="avgwd") returned 1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="BdfNdisf") returned 1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="avast! Antivirus") returned 1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="MsMpSvc") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="RsMgrSvc") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="fshoster") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="AVKProxy") returned 1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="MBAMService") returned -1 [0137.708] lstrcmpiW (lpString1="drmkaud", lpString2="GbpSv") returned -1 [0137.708] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DsmSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.708] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DsmSvc") returned 40 [0137.708] SetLastError (dwErrCode=0x0) [0137.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DsmSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.708] SetLastError (dwErrCode=0x0) [0137.708] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.708] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.708] SetLastError (dwErrCode=0x0) [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="NAVENG") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="ccEvtMgr") returned 1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="NAV") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="NIS") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="NAVEX15") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="AVP") returned 1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="AVP15.0.0") returned 1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="AVP15.0.1") returned 1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="kl1") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="McComponentHostService") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="ekrn") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="egui") returned -1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="avgwd") returned 1 [0137.708] lstrcmpiW (lpString1="DsmSvc", lpString2="BdfNdisf") returned 1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="avast! Antivirus") returned 1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="MsMpSvc") returned -1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="RsMgrSvc") returned -1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="fshoster") returned -1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="AVKProxy") returned 1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="MBAMService") returned -1 [0137.709] lstrcmpiW (lpString1="DsmSvc", lpString2="GbpSv") returned -1 [0137.709] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DsSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.709] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DsSvc") returned 39 [0137.709] SetLastError (dwErrCode=0x0) [0137.709] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DsSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.709] SetLastError (dwErrCode=0x0) [0137.709] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.709] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.709] SetLastError (dwErrCode=0x0) [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="NAVENG") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="ccEvtMgr") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="NAV") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="NIS") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="NAVEX15") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="AVP") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="AVP15.0.0") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="AVP15.0.1") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="kl1") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="McComponentHostService") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="ekrn") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="egui") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="avgwd") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="BdfNdisf") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="avast! Antivirus") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="MsMpSvc") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="RsMgrSvc") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="fshoster") returned -1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="AVKProxy") returned 1 [0137.709] lstrcmpiW (lpString1="DsSvc", lpString2="MBAMService") returned -1 [0137.710] lstrcmpiW (lpString1="DsSvc", lpString2="GbpSv") returned -1 [0137.710] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXGKrnl", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.710] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\DXGKrnl") returned 41 [0137.710] SetLastError (dwErrCode=0x0) [0137.710] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\DXGKrnl", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.710] SetLastError (dwErrCode=0x0) [0137.710] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.710] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.710] SetLastError (dwErrCode=0x0) [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="NAVENG") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="ccEvtMgr") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="NAV") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="NIS") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="NAVEX15") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVP") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVP15.0.0") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVP15.0.1") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="kl1") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="McComponentHostService") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="ekrn") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="egui") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="avgwd") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="BdfNdisf") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="avast! Antivirus") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="MsMpSvc") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="RsMgrSvc") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="fshoster") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="AVKProxy") returned 1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="MBAMService") returned -1 [0137.710] lstrcmpiW (lpString1="DXGKrnl", lpString2="GbpSv") returned -1 [0137.710] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="e1iexpress", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.710] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\e1iexpress") returned 44 [0137.710] SetLastError (dwErrCode=0x0) [0137.711] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\e1iexpress", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.711] SetLastError (dwErrCode=0x0) [0137.711] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.711] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.711] SetLastError (dwErrCode=0x0) [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="NAVENG") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="ccEvtMgr") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="NAV") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="NIS") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="NAVEX15") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="AVP") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="AVP15.0.0") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="AVP15.0.1") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="kl1") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="McComponentHostService") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="ekrn") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="egui") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="avgwd") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="BdfNdisf") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="avast! Antivirus") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="MsMpSvc") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="RsMgrSvc") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="fshoster") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="AVKProxy") returned 1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="MBAMService") returned -1 [0137.711] lstrcmpiW (lpString1="e1iexpress", lpString2="GbpSv") returned -1 [0137.711] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Eaphost", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.711] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Eaphost") returned 41 [0137.711] SetLastError (dwErrCode=0x0) [0137.711] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Eaphost", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.711] SetLastError (dwErrCode=0x0) [0137.711] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.712] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.712] SetLastError (dwErrCode=0x0) [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="NAVENG") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="ccEvtMgr") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="NAV") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="NIS") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="NAVEX15") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="AVP") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="AVP15.0.0") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="AVP15.0.1") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="kl1") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="McComponentHostService") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="ekrn") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="egui") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="avgwd") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="BdfNdisf") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="avast! Antivirus") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="MsMpSvc") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="RsMgrSvc") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="fshoster") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="AVKProxy") returned 1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="MBAMService") returned -1 [0137.712] lstrcmpiW (lpString1="Eaphost", lpString2="GbpSv") returned -1 [0137.712] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ebdrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.712] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ebdrv") returned 39 [0137.712] SetLastError (dwErrCode=0x0) [0137.712] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ebdrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.712] SetLastError (dwErrCode=0x0) [0137.713] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.713] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.713] SetLastError (dwErrCode=0x0) [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="NAVENG") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="ccEvtMgr") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="NAV") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="NIS") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="NAVEX15") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="AVP") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="AVP15.0.0") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="AVP15.0.1") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="kl1") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="McComponentHostService") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="ekrn") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="egui") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="avgwd") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="BdfNdisf") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="avast! Antivirus") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="MsMpSvc") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="RsMgrSvc") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="fshoster") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="AVKProxy") returned 1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="MBAMService") returned -1 [0137.713] lstrcmpiW (lpString1="ebdrv", lpString2="GbpSv") returned -1 [0137.713] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x70, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EFS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.713] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EFS") returned 37 [0137.713] SetLastError (dwErrCode=0x0) [0137.714] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EFS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.714] SetLastError (dwErrCode=0x0) [0137.714] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.714] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.714] SetLastError (dwErrCode=0x0) [0137.714] lstrcmpiW (lpString1="EFS", lpString2="NAVENG") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="ccEvtMgr") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="NAV") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="NIS") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="NAVEX15") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="AVP") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="AVP15.0.0") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="AVP15.0.1") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="kl1") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="McComponentHostService") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="ekrn") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="egui") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="avgwd") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="BdfNdisf") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="avast! Antivirus") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="MsMpSvc") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="RsMgrSvc") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="fshoster") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="AVKProxy") returned 1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="MBAMService") returned -1 [0137.714] lstrcmpiW (lpString1="EFS", lpString2="GbpSv") returned -1 [0137.714] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x71, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EhStorClass", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.714] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EhStorClass") returned 45 [0137.714] SetLastError (dwErrCode=0x0) [0137.714] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EhStorClass", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.714] SetLastError (dwErrCode=0x0) [0137.714] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.714] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.714] SetLastError (dwErrCode=0x0) [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="NAVENG") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="ccEvtMgr") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="NAV") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="NIS") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="NAVEX15") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="AVP") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="AVP15.0.0") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="AVP15.0.1") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="kl1") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="McComponentHostService") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="ekrn") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="egui") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="avgwd") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="BdfNdisf") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="avast! Antivirus") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="MsMpSvc") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="RsMgrSvc") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="fshoster") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="AVKProxy") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="MBAMService") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorClass", lpString2="GbpSv") returned -1 [0137.715] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x72, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EhStorTcgDrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.715] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EhStorTcgDrv") returned 46 [0137.715] SetLastError (dwErrCode=0x0) [0137.715] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EhStorTcgDrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.715] SetLastError (dwErrCode=0x0) [0137.715] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.715] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.715] SetLastError (dwErrCode=0x0) [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NAVENG") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="ccEvtMgr") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NAV") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NIS") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="NAVEX15") returned -1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVP") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVP15.0.0") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVP15.0.1") returned 1 [0137.715] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="kl1") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="McComponentHostService") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="ekrn") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="egui") returned 1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="avgwd") returned 1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="BdfNdisf") returned 1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="avast! Antivirus") returned 1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="MsMpSvc") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="RsMgrSvc") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="fshoster") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="AVKProxy") returned 1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="MBAMService") returned -1 [0137.716] lstrcmpiW (lpString1="EhStorTcgDrv", lpString2="GbpSv") returned -1 [0137.716] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x73, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="embeddedmode", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.716] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\embeddedmode") returned 46 [0137.716] SetLastError (dwErrCode=0x0) [0137.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\embeddedmode", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.716] SetLastError (dwErrCode=0x0) [0137.716] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.716] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.716] SetLastError (dwErrCode=0x0) [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="NAVENG") returned -1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="ccEvtMgr") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="NAV") returned -1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="NIS") returned -1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="NAVEX15") returned -1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="AVP") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="AVP15.0.0") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="AVP15.0.1") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="kl1") returned -1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="McComponentHostService") returned -1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="ekrn") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="egui") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="avgwd") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="BdfNdisf") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="avast! Antivirus") returned 1 [0137.716] lstrcmpiW (lpString1="embeddedmode", lpString2="MsMpSvc") returned -1 [0137.717] lstrcmpiW (lpString1="embeddedmode", lpString2="RsMgrSvc") returned -1 [0137.717] lstrcmpiW (lpString1="embeddedmode", lpString2="fshoster") returned -1 [0137.717] lstrcmpiW (lpString1="embeddedmode", lpString2="AVKProxy") returned 1 [0137.717] lstrcmpiW (lpString1="embeddedmode", lpString2="MBAMService") returned -1 [0137.717] lstrcmpiW (lpString1="embeddedmode", lpString2="GbpSv") returned -1 [0137.717] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x74, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EntAppSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.717] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EntAppSvc") returned 43 [0137.717] SetLastError (dwErrCode=0x0) [0137.717] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EntAppSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.717] SetLastError (dwErrCode=0x0) [0137.717] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.717] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.717] SetLastError (dwErrCode=0x0) [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="NAVENG") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="ccEvtMgr") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="NAV") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="NIS") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="NAVEX15") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVP") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVP15.0.0") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVP15.0.1") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="kl1") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="McComponentHostService") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="ekrn") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="egui") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="avgwd") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="BdfNdisf") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="avast! Antivirus") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="MsMpSvc") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="RsMgrSvc") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="fshoster") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="AVKProxy") returned 1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="MBAMService") returned -1 [0137.717] lstrcmpiW (lpString1="EntAppSvc", lpString2="GbpSv") returned -1 [0137.718] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x75, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ErrDev", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.718] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ErrDev") returned 40 [0137.718] SetLastError (dwErrCode=0x0) [0137.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ErrDev", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.718] SetLastError (dwErrCode=0x0) [0137.718] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.718] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.718] SetLastError (dwErrCode=0x0) [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="NAVENG") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="ccEvtMgr") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="NAV") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="NIS") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="NAVEX15") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="AVP") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="AVP15.0.0") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="AVP15.0.1") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="kl1") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="McComponentHostService") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="ekrn") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="egui") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="avgwd") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="BdfNdisf") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="avast! Antivirus") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="MsMpSvc") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="RsMgrSvc") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="fshoster") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="AVKProxy") returned 1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="MBAMService") returned -1 [0137.718] lstrcmpiW (lpString1="ErrDev", lpString2="GbpSv") returned -1 [0137.718] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x76, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ESENT", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.718] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ESENT") returned 39 [0137.718] SetLastError (dwErrCode=0x0) [0137.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ESENT", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.719] SetLastError (dwErrCode=0x0) [0137.719] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.719] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.719] SetLastError (dwErrCode=0x0) [0137.719] GetLastError () returned 0x0 [0137.719] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x77, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventLog", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.719] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EventLog") returned 42 [0137.719] SetLastError (dwErrCode=0x0) [0137.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EventLog", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.719] SetLastError (dwErrCode=0x0) [0137.719] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.719] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.719] SetLastError (dwErrCode=0x0) [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="NAVENG") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="ccEvtMgr") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="NAV") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="NIS") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="NAVEX15") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="AVP") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="AVP15.0.0") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="AVP15.0.1") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="kl1") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="McComponentHostService") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="ekrn") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="egui") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="avgwd") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="BdfNdisf") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="avast! Antivirus") returned 1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="MsMpSvc") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="RsMgrSvc") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="fshoster") returned -1 [0137.719] lstrcmpiW (lpString1="EventLog", lpString2="AVKProxy") returned 1 [0137.720] lstrcmpiW (lpString1="EventLog", lpString2="MBAMService") returned -1 [0137.720] lstrcmpiW (lpString1="EventLog", lpString2="GbpSv") returned -1 [0137.720] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x78, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.720] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\EventSystem") returned 45 [0137.720] SetLastError (dwErrCode=0x0) [0137.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\EventSystem", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.720] SetLastError (dwErrCode=0x0) [0137.720] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.720] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.720] SetLastError (dwErrCode=0x0) [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="NAVENG") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="ccEvtMgr") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="NAV") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="NIS") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="NAVEX15") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="AVP") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="AVP15.0.0") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="AVP15.0.1") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="kl1") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="McComponentHostService") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="ekrn") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="egui") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="avgwd") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="BdfNdisf") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="avast! Antivirus") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="MsMpSvc") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="RsMgrSvc") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="fshoster") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="AVKProxy") returned 1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="MBAMService") returned -1 [0137.720] lstrcmpiW (lpString1="EventSystem", lpString2="GbpSv") returned -1 [0137.720] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x79, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="exfat", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.720] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\exfat") returned 39 [0137.720] SetLastError (dwErrCode=0x0) [0137.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\exfat", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.721] SetLastError (dwErrCode=0x0) [0137.721] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.721] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.721] SetLastError (dwErrCode=0x0) [0137.721] lstrcmpiW (lpString1="exfat", lpString2="NAVENG") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="ccEvtMgr") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="NAV") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="NIS") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="NAVEX15") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="AVP") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="AVP15.0.0") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="AVP15.0.1") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="kl1") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="McComponentHostService") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="ekrn") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="egui") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="avgwd") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="BdfNdisf") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="avast! Antivirus") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="MsMpSvc") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="RsMgrSvc") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="fshoster") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="AVKProxy") returned 1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="MBAMService") returned -1 [0137.721] lstrcmpiW (lpString1="exfat", lpString2="GbpSv") returned -1 [0137.721] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fastfat", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.721] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fastfat") returned 41 [0137.721] SetLastError (dwErrCode=0x0) [0137.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fastfat", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.721] SetLastError (dwErrCode=0x0) [0137.721] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.722] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.722] SetLastError (dwErrCode=0x0) [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="NAVENG") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="ccEvtMgr") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="NAV") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="NIS") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="NAVEX15") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="AVP") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="AVP15.0.0") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="AVP15.0.1") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="kl1") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="McComponentHostService") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="ekrn") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="egui") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="avgwd") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="BdfNdisf") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="avast! Antivirus") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="MsMpSvc") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="RsMgrSvc") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="fshoster") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="AVKProxy") returned 1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="MBAMService") returned -1 [0137.722] lstrcmpiW (lpString1="fastfat", lpString2="GbpSv") returned -1 [0137.722] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.722] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Fax") returned 37 [0137.722] SetLastError (dwErrCode=0x0) [0137.722] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Fax", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.722] SetLastError (dwErrCode=0x0) [0137.722] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.722] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.722] SetLastError (dwErrCode=0x0) [0137.722] lstrcmpiW (lpString1="Fax", lpString2="NAVENG") returned -1 [0137.722] lstrcmpiW (lpString1="Fax", lpString2="ccEvtMgr") returned 1 [0137.722] lstrcmpiW (lpString1="Fax", lpString2="NAV") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="NIS") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="NAVEX15") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="AVP") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="AVP15.0.0") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="AVP15.0.1") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="kl1") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="McComponentHostService") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="ekrn") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="egui") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="avgwd") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="BdfNdisf") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="avast! Antivirus") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="MsMpSvc") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="RsMgrSvc") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="fshoster") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="AVKProxy") returned 1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="MBAMService") returned -1 [0137.723] lstrcmpiW (lpString1="Fax", lpString2="GbpSv") returned -1 [0137.723] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fcvsc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.723] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fcvsc") returned 39 [0137.723] SetLastError (dwErrCode=0x0) [0137.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fcvsc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.723] SetLastError (dwErrCode=0x0) [0137.723] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.723] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.723] SetLastError (dwErrCode=0x0) [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="NAVENG") returned -1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="ccEvtMgr") returned 1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="NAV") returned -1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="NIS") returned -1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="NAVEX15") returned -1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="AVP") returned 1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="AVP15.0.0") returned 1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="AVP15.0.1") returned 1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="kl1") returned -1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="McComponentHostService") returned -1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="ekrn") returned 1 [0137.723] lstrcmpiW (lpString1="fcvsc", lpString2="egui") returned 1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="avgwd") returned 1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="BdfNdisf") returned 1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="avast! Antivirus") returned 1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="MsMpSvc") returned -1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="RsMgrSvc") returned -1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="fshoster") returned -1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="AVKProxy") returned 1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="MBAMService") returned -1 [0137.724] lstrcmpiW (lpString1="fcvsc", lpString2="GbpSv") returned -1 [0137.724] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fdc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.724] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fdc") returned 37 [0137.724] SetLastError (dwErrCode=0x0) [0137.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fdc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.724] SetLastError (dwErrCode=0x0) [0137.724] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.724] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.724] SetLastError (dwErrCode=0x0) [0137.724] lstrcmpiW (lpString1="fdc", lpString2="NAVENG") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="ccEvtMgr") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="NAV") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="NIS") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="NAVEX15") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="AVP") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="AVP15.0.0") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="AVP15.0.1") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="kl1") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="McComponentHostService") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="ekrn") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="egui") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="avgwd") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="BdfNdisf") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="avast! Antivirus") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="MsMpSvc") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="RsMgrSvc") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="fshoster") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="AVKProxy") returned 1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="MBAMService") returned -1 [0137.724] lstrcmpiW (lpString1="fdc", lpString2="GbpSv") returned -1 [0137.725] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fdPHost", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.725] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fdPHost") returned 41 [0137.725] SetLastError (dwErrCode=0x0) [0137.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fdPHost", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.725] SetLastError (dwErrCode=0x0) [0137.725] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.725] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.725] SetLastError (dwErrCode=0x0) [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="NAVENG") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="ccEvtMgr") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="NAV") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="NIS") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="NAVEX15") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="AVP") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="AVP15.0.0") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="AVP15.0.1") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="kl1") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="McComponentHostService") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="ekrn") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="egui") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="avgwd") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="BdfNdisf") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="avast! Antivirus") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="MsMpSvc") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="RsMgrSvc") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="fshoster") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="AVKProxy") returned 1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="MBAMService") returned -1 [0137.725] lstrcmpiW (lpString1="fdPHost", lpString2="GbpSv") returned -1 [0137.725] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FDResPub", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.725] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FDResPub") returned 42 [0137.725] SetLastError (dwErrCode=0x0) [0137.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FDResPub", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.725] SetLastError (dwErrCode=0x0) [0137.725] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.725] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.725] SetLastError (dwErrCode=0x0) [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="NAVENG") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="ccEvtMgr") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="NAV") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="NIS") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="NAVEX15") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="AVP") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="AVP15.0.0") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="AVP15.0.1") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="kl1") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="McComponentHostService") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="ekrn") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="egui") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="avgwd") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="BdfNdisf") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="avast! Antivirus") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="MsMpSvc") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="RsMgrSvc") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="fshoster") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="AVKProxy") returned 1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="MBAMService") returned -1 [0137.726] lstrcmpiW (lpString1="FDResPub", lpString2="GbpSv") returned -1 [0137.726] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x80, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fhsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.726] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fhsvc") returned 39 [0137.726] SetLastError (dwErrCode=0x0) [0137.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fhsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.726] SetLastError (dwErrCode=0x0) [0137.726] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.726] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.726] SetLastError (dwErrCode=0x0) [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="NAVENG") returned -1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="ccEvtMgr") returned 1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="NAV") returned -1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="NIS") returned -1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="NAVEX15") returned -1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="AVP") returned 1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="AVP15.0.0") returned 1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="AVP15.0.1") returned 1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="kl1") returned -1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="McComponentHostService") returned -1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="ekrn") returned 1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="egui") returned 1 [0137.726] lstrcmpiW (lpString1="fhsvc", lpString2="avgwd") returned 1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="BdfNdisf") returned 1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="avast! Antivirus") returned 1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="MsMpSvc") returned -1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="RsMgrSvc") returned -1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="fshoster") returned -1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="AVKProxy") returned 1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="MBAMService") returned -1 [0137.727] lstrcmpiW (lpString1="fhsvc", lpString2="GbpSv") returned -1 [0137.727] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x81, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FileCrypt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.727] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FileCrypt") returned 43 [0137.727] SetLastError (dwErrCode=0x0) [0137.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FileCrypt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.727] SetLastError (dwErrCode=0x0) [0137.727] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.727] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.727] SetLastError (dwErrCode=0x0) [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="NAVENG") returned -1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="ccEvtMgr") returned 1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="NAV") returned -1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="NIS") returned -1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="NAVEX15") returned -1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="AVP") returned 1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="AVP15.0.0") returned 1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="AVP15.0.1") returned 1 [0137.727] lstrcmpiW (lpString1="FileCrypt", lpString2="kl1") returned -1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="McComponentHostService") returned -1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="ekrn") returned 1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="egui") returned 1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="avgwd") returned 1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="BdfNdisf") returned 1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="avast! Antivirus") returned 1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="MsMpSvc") returned -1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="RsMgrSvc") returned -1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="fshoster") returned -1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="AVKProxy") returned 1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="MBAMService") returned -1 [0137.728] lstrcmpiW (lpString1="FileCrypt", lpString2="GbpSv") returned -1 [0137.728] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x82, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FileInfo", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.728] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FileInfo") returned 42 [0137.728] SetLastError (dwErrCode=0x0) [0137.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FileInfo", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.728] SetLastError (dwErrCode=0x0) [0137.728] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.728] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.728] SetLastError (dwErrCode=0x0) [0137.728] lstrcmpiW (lpString1="FileInfo", lpString2="NAVENG") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="ccEvtMgr") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="NAV") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="NIS") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="NAVEX15") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="AVP") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="AVP15.0.0") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="AVP15.0.1") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="kl1") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="McComponentHostService") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="ekrn") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="egui") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="avgwd") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="BdfNdisf") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="avast! Antivirus") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="MsMpSvc") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="RsMgrSvc") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="fshoster") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="AVKProxy") returned 1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="MBAMService") returned -1 [0137.729] lstrcmpiW (lpString1="FileInfo", lpString2="GbpSv") returned -1 [0137.729] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x83, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Filetrace", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.729] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Filetrace") returned 43 [0137.729] SetLastError (dwErrCode=0x0) [0137.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Filetrace", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.729] SetLastError (dwErrCode=0x0) [0137.729] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.729] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.729] SetLastError (dwErrCode=0x0) [0137.729] lstrcmpiW (lpString1="Filetrace", lpString2="NAVENG") returned -1 [0137.729] lstrcmpiW (lpString1="Filetrace", lpString2="ccEvtMgr") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="NAV") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="NIS") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="NAVEX15") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="AVP") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="AVP15.0.0") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="AVP15.0.1") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="kl1") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="McComponentHostService") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="ekrn") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="egui") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="avgwd") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="BdfNdisf") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="avast! Antivirus") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="MsMpSvc") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="RsMgrSvc") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="fshoster") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="AVKProxy") returned 1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="MBAMService") returned -1 [0137.730] lstrcmpiW (lpString1="Filetrace", lpString2="GbpSv") returned -1 [0137.730] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x84, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="flpydisk", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.730] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\flpydisk") returned 42 [0137.730] SetLastError (dwErrCode=0x0) [0137.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\flpydisk", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.730] SetLastError (dwErrCode=0x0) [0137.730] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.730] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.730] SetLastError (dwErrCode=0x0) [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="NAVENG") returned -1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="ccEvtMgr") returned 1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="NAV") returned -1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="NIS") returned -1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="NAVEX15") returned -1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="AVP") returned 1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="AVP15.0.0") returned 1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="AVP15.0.1") returned 1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="kl1") returned -1 [0137.730] lstrcmpiW (lpString1="flpydisk", lpString2="McComponentHostService") returned -1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="ekrn") returned 1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="egui") returned 1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="avgwd") returned 1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="BdfNdisf") returned 1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="avast! Antivirus") returned 1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="MsMpSvc") returned -1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="RsMgrSvc") returned -1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="fshoster") returned -1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="AVKProxy") returned 1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="MBAMService") returned -1 [0137.731] lstrcmpiW (lpString1="flpydisk", lpString2="GbpSv") returned -1 [0137.731] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x85, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FltMgr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.731] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FltMgr") returned 40 [0137.731] SetLastError (dwErrCode=0x0) [0137.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FltMgr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.731] SetLastError (dwErrCode=0x0) [0137.731] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.731] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.731] SetLastError (dwErrCode=0x0) [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="NAVENG") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="ccEvtMgr") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="NAV") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="NIS") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="NAVEX15") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="AVP") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="AVP15.0.0") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="AVP15.0.1") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="kl1") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="McComponentHostService") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="ekrn") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="egui") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="avgwd") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="BdfNdisf") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="avast! Antivirus") returned 1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="MsMpSvc") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="RsMgrSvc") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="fshoster") returned -1 [0137.731] lstrcmpiW (lpString1="FltMgr", lpString2="AVKProxy") returned 1 [0137.732] lstrcmpiW (lpString1="FltMgr", lpString2="MBAMService") returned -1 [0137.732] lstrcmpiW (lpString1="FltMgr", lpString2="GbpSv") returned -1 [0137.732] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x86, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FontCache", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.732] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FontCache") returned 43 [0137.732] SetLastError (dwErrCode=0x0) [0137.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FontCache", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.732] SetLastError (dwErrCode=0x0) [0137.732] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.732] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.732] SetLastError (dwErrCode=0x0) [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="NAVENG") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="ccEvtMgr") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="NAV") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="NIS") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="NAVEX15") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="AVP") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="AVP15.0.0") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="AVP15.0.1") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="kl1") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="McComponentHostService") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="ekrn") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="egui") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="avgwd") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="BdfNdisf") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="avast! Antivirus") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="MsMpSvc") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="RsMgrSvc") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="fshoster") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="AVKProxy") returned 1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="MBAMService") returned -1 [0137.732] lstrcmpiW (lpString1="FontCache", lpString2="GbpSv") returned -1 [0137.732] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x87, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FontCache3.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.732] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FontCache3.0.0.0") returned 50 [0137.732] SetLastError (dwErrCode=0x0) [0137.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FontCache3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.733] SetLastError (dwErrCode=0x0) [0137.733] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.733] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.733] SetLastError (dwErrCode=0x0) [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NAVENG") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="ccEvtMgr") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NAV") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NIS") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="NAVEX15") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVP") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVP15.0.0") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVP15.0.1") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="kl1") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="McComponentHostService") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="ekrn") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="egui") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="avgwd") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="BdfNdisf") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="avast! Antivirus") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="MsMpSvc") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="RsMgrSvc") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="fshoster") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="AVKProxy") returned 1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="MBAMService") returned -1 [0137.733] lstrcmpiW (lpString1="FontCache3.0.0.0", lpString2="GbpSv") returned -1 [0137.733] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x88, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FsDepends", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.733] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\FsDepends") returned 43 [0137.733] SetLastError (dwErrCode=0x0) [0137.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\FsDepends", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.733] SetLastError (dwErrCode=0x0) [0137.733] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.733] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.733] SetLastError (dwErrCode=0x0) [0137.733] lstrcmpiW (lpString1="FsDepends", lpString2="NAVENG") returned -1 [0137.733] lstrcmpiW (lpString1="FsDepends", lpString2="ccEvtMgr") returned 1 [0137.733] lstrcmpiW (lpString1="FsDepends", lpString2="NAV") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="NIS") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="NAVEX15") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="AVP") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="AVP15.0.0") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="AVP15.0.1") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="kl1") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="McComponentHostService") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="ekrn") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="egui") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="avgwd") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="BdfNdisf") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="avast! Antivirus") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="MsMpSvc") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="RsMgrSvc") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="fshoster") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="AVKProxy") returned 1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="MBAMService") returned -1 [0137.734] lstrcmpiW (lpString1="FsDepends", lpString2="GbpSv") returned -1 [0137.734] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x89, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fs_Rec", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.734] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Fs_Rec") returned 40 [0137.734] SetLastError (dwErrCode=0x0) [0137.734] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Fs_Rec", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.734] SetLastError (dwErrCode=0x0) [0137.734] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.734] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.734] SetLastError (dwErrCode=0x0) [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="NAVENG") returned -1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="ccEvtMgr") returned 1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="NAV") returned -1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="NIS") returned -1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="NAVEX15") returned -1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVP") returned 1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVP15.0.0") returned 1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVP15.0.1") returned 1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="kl1") returned -1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="McComponentHostService") returned -1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="ekrn") returned 1 [0137.734] lstrcmpiW (lpString1="Fs_Rec", lpString2="egui") returned 1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="avgwd") returned 1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="BdfNdisf") returned 1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="avast! Antivirus") returned 1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="MsMpSvc") returned -1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="RsMgrSvc") returned -1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="fshoster") returned -1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="AVKProxy") returned 1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="MBAMService") returned -1 [0137.735] lstrcmpiW (lpString1="Fs_Rec", lpString2="GbpSv") returned -1 [0137.735] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="fvevol", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.735] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\fvevol") returned 40 [0137.735] SetLastError (dwErrCode=0x0) [0137.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\fvevol", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.735] SetLastError (dwErrCode=0x0) [0137.735] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.735] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.735] SetLastError (dwErrCode=0x0) [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="NAVENG") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="ccEvtMgr") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="NAV") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="NIS") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="NAVEX15") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="AVP") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="AVP15.0.0") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="AVP15.0.1") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="kl1") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="McComponentHostService") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="ekrn") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="egui") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="avgwd") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="BdfNdisf") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="avast! Antivirus") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="MsMpSvc") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="RsMgrSvc") returned -1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="fshoster") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="AVKProxy") returned 1 [0137.735] lstrcmpiW (lpString1="fvevol", lpString2="MBAMService") returned -1 [0137.736] lstrcmpiW (lpString1="fvevol", lpString2="GbpSv") returned -1 [0137.736] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gagp30kx", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.736] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gagp30kx") returned 42 [0137.736] SetLastError (dwErrCode=0x0) [0137.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gagp30kx", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.736] SetLastError (dwErrCode=0x0) [0137.736] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.736] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.736] SetLastError (dwErrCode=0x0) [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="NAVENG") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="ccEvtMgr") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="NAV") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="NIS") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="NAVEX15") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="AVP") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="AVP15.0.0") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="AVP15.0.1") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="kl1") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="McComponentHostService") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="ekrn") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="egui") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="avgwd") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="BdfNdisf") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="avast! Antivirus") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="MsMpSvc") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="RsMgrSvc") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="fshoster") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="AVKProxy") returned 1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="MBAMService") returned -1 [0137.736] lstrcmpiW (lpString1="gagp30kx", lpString2="GbpSv") returned -1 [0137.736] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gencounter", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.736] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gencounter") returned 44 [0137.736] SetLastError (dwErrCode=0x0) [0137.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gencounter", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.736] SetLastError (dwErrCode=0x0) [0137.737] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.737] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.737] SetLastError (dwErrCode=0x0) [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="NAVENG") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="ccEvtMgr") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="NAV") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="NIS") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="NAVEX15") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="AVP") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="AVP15.0.0") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="AVP15.0.1") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="kl1") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="McComponentHostService") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="ekrn") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="egui") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="avgwd") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="BdfNdisf") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="avast! Antivirus") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="MsMpSvc") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="RsMgrSvc") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="fshoster") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="AVKProxy") returned 1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="MBAMService") returned -1 [0137.737] lstrcmpiW (lpString1="gencounter", lpString2="GbpSv") returned 1 [0137.737] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="genericusbfn", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.737] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\genericusbfn") returned 46 [0137.737] SetLastError (dwErrCode=0x0) [0137.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\genericusbfn", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.737] SetLastError (dwErrCode=0x0) [0137.737] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.737] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.737] SetLastError (dwErrCode=0x0) [0137.737] lstrcmpiW (lpString1="genericusbfn", lpString2="NAVENG") returned -1 [0137.737] lstrcmpiW (lpString1="genericusbfn", lpString2="ccEvtMgr") returned 1 [0137.737] lstrcmpiW (lpString1="genericusbfn", lpString2="NAV") returned -1 [0137.737] lstrcmpiW (lpString1="genericusbfn", lpString2="NIS") returned -1 [0137.737] lstrcmpiW (lpString1="genericusbfn", lpString2="NAVEX15") returned -1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="AVP") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="AVP15.0.0") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="AVP15.0.1") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="kl1") returned -1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="McComponentHostService") returned -1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="ekrn") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="egui") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="avgwd") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="BdfNdisf") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="avast! Antivirus") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="MsMpSvc") returned -1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="RsMgrSvc") returned -1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="fshoster") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="AVKProxy") returned 1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="MBAMService") returned -1 [0137.738] lstrcmpiW (lpString1="genericusbfn", lpString2="GbpSv") returned 1 [0137.738] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GPIOClx0101", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.738] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\GPIOClx0101") returned 45 [0137.738] SetLastError (dwErrCode=0x0) [0137.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\GPIOClx0101", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.738] SetLastError (dwErrCode=0x0) [0137.738] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.738] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.738] SetLastError (dwErrCode=0x0) [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NAVENG") returned -1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="ccEvtMgr") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NAV") returned -1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NIS") returned -1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="NAVEX15") returned -1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVP") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVP15.0.0") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVP15.0.1") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="kl1") returned -1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="McComponentHostService") returned -1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="ekrn") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="egui") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="avgwd") returned 1 [0137.738] lstrcmpiW (lpString1="GPIOClx0101", lpString2="BdfNdisf") returned 1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="avast! Antivirus") returned 1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="MsMpSvc") returned -1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="RsMgrSvc") returned -1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="fshoster") returned 1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="AVKProxy") returned 1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="MBAMService") returned -1 [0137.739] lstrcmpiW (lpString1="GPIOClx0101", lpString2="GbpSv") returned 1 [0137.739] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gpsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.739] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gpsvc") returned 39 [0137.739] SetLastError (dwErrCode=0x0) [0137.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gpsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.739] SetLastError (dwErrCode=0x0) [0137.739] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.739] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.739] SetLastError (dwErrCode=0x0) [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="NAVENG") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="ccEvtMgr") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="NAV") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="NIS") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="NAVEX15") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="AVP") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="AVP15.0.0") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="AVP15.0.1") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="kl1") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="McComponentHostService") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="ekrn") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="egui") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="avgwd") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="BdfNdisf") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="avast! Antivirus") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="MsMpSvc") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="RsMgrSvc") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="fshoster") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="AVKProxy") returned 1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="MBAMService") returned -1 [0137.739] lstrcmpiW (lpString1="gpsvc", lpString2="GbpSv") returned 1 [0137.739] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x90, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GpuEnergyDrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.740] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\GpuEnergyDrv") returned 46 [0137.740] SetLastError (dwErrCode=0x0) [0137.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\GpuEnergyDrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.740] SetLastError (dwErrCode=0x0) [0137.740] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.740] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.740] SetLastError (dwErrCode=0x0) [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NAVENG") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="ccEvtMgr") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NAV") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NIS") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="NAVEX15") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVP") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVP15.0.0") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVP15.0.1") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="kl1") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="McComponentHostService") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="ekrn") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="egui") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="avgwd") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="BdfNdisf") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="avast! Antivirus") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="MsMpSvc") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="RsMgrSvc") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="fshoster") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="AVKProxy") returned 1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="MBAMService") returned -1 [0137.740] lstrcmpiW (lpString1="GpuEnergyDrv", lpString2="GbpSv") returned 1 [0137.740] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x91, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gupdate", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.740] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gupdate") returned 41 [0137.740] SetLastError (dwErrCode=0x0) [0137.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gupdate", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.740] SetLastError (dwErrCode=0x0) [0137.740] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.740] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.741] SetLastError (dwErrCode=0x0) [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="NAVENG") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="ccEvtMgr") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="NAV") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="NIS") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="NAVEX15") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="AVP") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="AVP15.0.0") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="AVP15.0.1") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="kl1") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="McComponentHostService") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="ekrn") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="egui") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="avgwd") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="BdfNdisf") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="avast! Antivirus") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="MsMpSvc") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="RsMgrSvc") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="fshoster") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="AVKProxy") returned 1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="MBAMService") returned -1 [0137.741] lstrcmpiW (lpString1="gupdate", lpString2="GbpSv") returned 1 [0137.741] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x92, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="gupdatem", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.741] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\gupdatem") returned 42 [0137.741] SetLastError (dwErrCode=0x0) [0137.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\gupdatem", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.741] SetLastError (dwErrCode=0x0) [0137.741] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.741] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.741] SetLastError (dwErrCode=0x0) [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="NAVENG") returned -1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="ccEvtMgr") returned 1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="NAV") returned -1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="NIS") returned -1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="NAVEX15") returned -1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="AVP") returned 1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="AVP15.0.0") returned 1 [0137.741] lstrcmpiW (lpString1="gupdatem", lpString2="AVP15.0.1") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="kl1") returned -1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="McComponentHostService") returned -1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="ekrn") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="egui") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="avgwd") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="BdfNdisf") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="avast! Antivirus") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="MsMpSvc") returned -1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="RsMgrSvc") returned -1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="fshoster") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="AVKProxy") returned 1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="MBAMService") returned -1 [0137.742] lstrcmpiW (lpString1="gupdatem", lpString2="GbpSv") returned 1 [0137.742] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x93, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HdAudAddService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.742] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HdAudAddService") returned 49 [0137.742] SetLastError (dwErrCode=0x0) [0137.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HdAudAddService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.742] SetLastError (dwErrCode=0x0) [0137.742] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.742] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.742] SetLastError (dwErrCode=0x0) [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="NAVENG") returned -1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="ccEvtMgr") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="NAV") returned -1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="NIS") returned -1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="NAVEX15") returned -1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVP") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVP15.0.0") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVP15.0.1") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="kl1") returned -1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="McComponentHostService") returned -1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="ekrn") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="egui") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="avgwd") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="BdfNdisf") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="avast! Antivirus") returned 1 [0137.742] lstrcmpiW (lpString1="HdAudAddService", lpString2="MsMpSvc") returned -1 [0137.743] lstrcmpiW (lpString1="HdAudAddService", lpString2="RsMgrSvc") returned -1 [0137.743] lstrcmpiW (lpString1="HdAudAddService", lpString2="fshoster") returned 1 [0137.743] lstrcmpiW (lpString1="HdAudAddService", lpString2="AVKProxy") returned 1 [0137.743] lstrcmpiW (lpString1="HdAudAddService", lpString2="MBAMService") returned -1 [0137.743] lstrcmpiW (lpString1="HdAudAddService", lpString2="GbpSv") returned 1 [0137.743] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x94, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HDAudBus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.743] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HDAudBus") returned 42 [0137.743] SetLastError (dwErrCode=0x0) [0137.743] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HDAudBus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.743] SetLastError (dwErrCode=0x0) [0137.743] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.743] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.743] SetLastError (dwErrCode=0x0) [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="NAVENG") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="ccEvtMgr") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="NAV") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="NIS") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="NAVEX15") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="AVP") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="AVP15.0.0") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="AVP15.0.1") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="kl1") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="McComponentHostService") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="ekrn") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="egui") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="avgwd") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="BdfNdisf") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="avast! Antivirus") returned 1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="MsMpSvc") returned -1 [0137.743] lstrcmpiW (lpString1="HDAudBus", lpString2="RsMgrSvc") returned -1 [0137.744] lstrcmpiW (lpString1="HDAudBus", lpString2="fshoster") returned 1 [0137.744] lstrcmpiW (lpString1="HDAudBus", lpString2="AVKProxy") returned 1 [0137.744] lstrcmpiW (lpString1="HDAudBus", lpString2="MBAMService") returned -1 [0137.745] lstrcmpiW (lpString1="HDAudBus", lpString2="GbpSv") returned 1 [0137.745] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x95, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidBatt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.745] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidBatt") returned 41 [0137.745] SetLastError (dwErrCode=0x0) [0137.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidBatt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.745] SetLastError (dwErrCode=0x0) [0137.745] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.745] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.745] SetLastError (dwErrCode=0x0) [0137.745] lstrcmpiW (lpString1="HidBatt", lpString2="NAVENG") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="ccEvtMgr") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="NAV") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="NIS") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="NAVEX15") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="AVP") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="AVP15.0.0") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="AVP15.0.1") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="kl1") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="McComponentHostService") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="ekrn") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="egui") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="avgwd") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="BdfNdisf") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="avast! Antivirus") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="MsMpSvc") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="RsMgrSvc") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="fshoster") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="AVKProxy") returned 1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="MBAMService") returned -1 [0137.746] lstrcmpiW (lpString1="HidBatt", lpString2="GbpSv") returned 1 [0137.746] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x96, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidBth", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.746] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidBth") returned 40 [0137.746] SetLastError (dwErrCode=0x0) [0137.746] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidBth", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.746] SetLastError (dwErrCode=0x0) [0137.746] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.746] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.746] SetLastError (dwErrCode=0x0) [0137.746] lstrcmpiW (lpString1="HidBth", lpString2="NAVENG") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="ccEvtMgr") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="NAV") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="NIS") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="NAVEX15") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="AVP") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="AVP15.0.0") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="AVP15.0.1") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="kl1") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="McComponentHostService") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="ekrn") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="egui") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="avgwd") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="BdfNdisf") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="avast! Antivirus") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="MsMpSvc") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="RsMgrSvc") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="fshoster") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="AVKProxy") returned 1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="MBAMService") returned -1 [0137.747] lstrcmpiW (lpString1="HidBth", lpString2="GbpSv") returned 1 [0137.747] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x97, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hidi2c", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.747] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hidi2c") returned 40 [0137.747] SetLastError (dwErrCode=0x0) [0137.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hidi2c", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.747] SetLastError (dwErrCode=0x0) [0137.747] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.747] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.747] SetLastError (dwErrCode=0x0) [0137.747] lstrcmpiW (lpString1="hidi2c", lpString2="NAVENG") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="ccEvtMgr") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="NAV") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="NIS") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="NAVEX15") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="AVP") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="AVP15.0.0") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="AVP15.0.1") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="kl1") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="McComponentHostService") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="ekrn") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="egui") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="avgwd") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="BdfNdisf") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="avast! Antivirus") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="MsMpSvc") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="RsMgrSvc") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="fshoster") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="AVKProxy") returned 1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="MBAMService") returned -1 [0137.748] lstrcmpiW (lpString1="hidi2c", lpString2="GbpSv") returned 1 [0137.748] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x98, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hidinterrupt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.748] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hidinterrupt") returned 46 [0137.748] SetLastError (dwErrCode=0x0) [0137.748] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hidinterrupt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.748] SetLastError (dwErrCode=0x0) [0137.748] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.748] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.748] SetLastError (dwErrCode=0x0) [0137.748] lstrcmpiW (lpString1="hidinterrupt", lpString2="NAVENG") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="ccEvtMgr") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="NAV") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="NIS") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="NAVEX15") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVP") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVP15.0.0") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVP15.0.1") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="kl1") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="McComponentHostService") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="ekrn") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="egui") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="avgwd") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="BdfNdisf") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="avast! Antivirus") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="MsMpSvc") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="RsMgrSvc") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="fshoster") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="AVKProxy") returned 1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="MBAMService") returned -1 [0137.749] lstrcmpiW (lpString1="hidinterrupt", lpString2="GbpSv") returned 1 [0137.749] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x99, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidIr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.749] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidIr") returned 39 [0137.749] SetLastError (dwErrCode=0x0) [0137.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidIr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.749] SetLastError (dwErrCode=0x0) [0137.749] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.749] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.749] SetLastError (dwErrCode=0x0) [0137.749] lstrcmpiW (lpString1="HidIr", lpString2="NAVENG") returned -1 [0137.749] lstrcmpiW (lpString1="HidIr", lpString2="ccEvtMgr") returned 1 [0137.749] lstrcmpiW (lpString1="HidIr", lpString2="NAV") returned -1 [0137.749] lstrcmpiW (lpString1="HidIr", lpString2="NIS") returned -1 [0137.749] lstrcmpiW (lpString1="HidIr", lpString2="NAVEX15") returned -1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="AVP") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="AVP15.0.0") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="AVP15.0.1") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="kl1") returned -1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="McComponentHostService") returned -1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="ekrn") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="egui") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="avgwd") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="BdfNdisf") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="avast! Antivirus") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="MsMpSvc") returned -1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="RsMgrSvc") returned -1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="fshoster") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="AVKProxy") returned 1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="MBAMService") returned -1 [0137.750] lstrcmpiW (lpString1="HidIr", lpString2="GbpSv") returned 1 [0137.750] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hidserv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.750] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hidserv") returned 41 [0137.750] SetLastError (dwErrCode=0x0) [0137.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hidserv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.750] SetLastError (dwErrCode=0x0) [0137.750] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.750] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.750] SetLastError (dwErrCode=0x0) [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="NAVENG") returned -1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="ccEvtMgr") returned 1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="NAV") returned -1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="NIS") returned -1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="NAVEX15") returned -1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="AVP") returned 1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="AVP15.0.0") returned 1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="AVP15.0.1") returned 1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="kl1") returned -1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="McComponentHostService") returned -1 [0137.750] lstrcmpiW (lpString1="hidserv", lpString2="ekrn") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="egui") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="avgwd") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="BdfNdisf") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="avast! Antivirus") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="MsMpSvc") returned -1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="RsMgrSvc") returned -1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="fshoster") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="AVKProxy") returned 1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="MBAMService") returned -1 [0137.751] lstrcmpiW (lpString1="hidserv", lpString2="GbpSv") returned 1 [0137.751] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HidUsb", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.751] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HidUsb") returned 40 [0137.751] SetLastError (dwErrCode=0x0) [0137.751] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HidUsb", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.751] SetLastError (dwErrCode=0x0) [0137.751] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.751] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.751] SetLastError (dwErrCode=0x0) [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="NAVENG") returned -1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="ccEvtMgr") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="NAV") returned -1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="NIS") returned -1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="NAVEX15") returned -1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="AVP") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="AVP15.0.0") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="AVP15.0.1") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="kl1") returned -1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="McComponentHostService") returned -1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="ekrn") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="egui") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="avgwd") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="BdfNdisf") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="avast! Antivirus") returned 1 [0137.751] lstrcmpiW (lpString1="HidUsb", lpString2="MsMpSvc") returned -1 [0137.752] lstrcmpiW (lpString1="HidUsb", lpString2="RsMgrSvc") returned -1 [0137.752] lstrcmpiW (lpString1="HidUsb", lpString2="fshoster") returned 1 [0137.752] lstrcmpiW (lpString1="HidUsb", lpString2="AVKProxy") returned 1 [0137.752] lstrcmpiW (lpString1="HidUsb", lpString2="MBAMService") returned -1 [0137.752] lstrcmpiW (lpString1="HidUsb", lpString2="GbpSv") returned 1 [0137.752] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HomeGroupListener", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.752] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HomeGroupListener") returned 51 [0137.752] SetLastError (dwErrCode=0x0) [0137.752] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HomeGroupListener", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.752] SetLastError (dwErrCode=0x0) [0137.752] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.752] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.752] SetLastError (dwErrCode=0x0) [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NAVENG") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="ccEvtMgr") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NAV") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NIS") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="NAVEX15") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVP") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVP15.0.0") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVP15.0.1") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="kl1") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="McComponentHostService") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="ekrn") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="egui") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="avgwd") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="BdfNdisf") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="avast! Antivirus") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="MsMpSvc") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="RsMgrSvc") returned -1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="fshoster") returned 1 [0137.752] lstrcmpiW (lpString1="HomeGroupListener", lpString2="AVKProxy") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupListener", lpString2="MBAMService") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupListener", lpString2="GbpSv") returned 1 [0137.753] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HomeGroupProvider", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.753] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HomeGroupProvider") returned 51 [0137.753] SetLastError (dwErrCode=0x0) [0137.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HomeGroupProvider", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.753] SetLastError (dwErrCode=0x0) [0137.753] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.753] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.753] SetLastError (dwErrCode=0x0) [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NAVENG") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="ccEvtMgr") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NAV") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NIS") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="NAVEX15") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVP") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVP15.0.0") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVP15.0.1") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="kl1") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="McComponentHostService") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="ekrn") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="egui") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="avgwd") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="BdfNdisf") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="avast! Antivirus") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="MsMpSvc") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="RsMgrSvc") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="fshoster") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="AVKProxy") returned 1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="MBAMService") returned -1 [0137.753] lstrcmpiW (lpString1="HomeGroupProvider", lpString2="GbpSv") returned 1 [0137.753] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HpSAMD", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.753] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HpSAMD") returned 40 [0137.753] SetLastError (dwErrCode=0x0) [0137.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HpSAMD", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.754] SetLastError (dwErrCode=0x0) [0137.754] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.754] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.754] SetLastError (dwErrCode=0x0) [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="NAVENG") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="ccEvtMgr") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="NAV") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="NIS") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="NAVEX15") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="AVP") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="AVP15.0.0") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="AVP15.0.1") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="kl1") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="McComponentHostService") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="ekrn") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="egui") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="avgwd") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="BdfNdisf") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="avast! Antivirus") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="MsMpSvc") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="RsMgrSvc") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="fshoster") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="AVKProxy") returned 1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="MBAMService") returned -1 [0137.754] lstrcmpiW (lpString1="HpSAMD", lpString2="GbpSv") returned 1 [0137.754] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x9f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HTTP", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.754] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HTTP") returned 38 [0137.754] SetLastError (dwErrCode=0x0) [0137.754] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HTTP", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.754] SetLastError (dwErrCode=0x0) [0137.754] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.754] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.754] SetLastError (dwErrCode=0x0) [0137.754] lstrcmpiW (lpString1="HTTP", lpString2="NAVENG") returned -1 [0137.754] lstrcmpiW (lpString1="HTTP", lpString2="ccEvtMgr") returned 1 [0137.754] lstrcmpiW (lpString1="HTTP", lpString2="NAV") returned -1 [0137.754] lstrcmpiW (lpString1="HTTP", lpString2="NIS") returned -1 [0137.754] lstrcmpiW (lpString1="HTTP", lpString2="NAVEX15") returned -1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="AVP") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="AVP15.0.0") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="AVP15.0.1") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="kl1") returned -1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="McComponentHostService") returned -1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="ekrn") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="egui") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="avgwd") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="BdfNdisf") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="avast! Antivirus") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="MsMpSvc") returned -1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="RsMgrSvc") returned -1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="fshoster") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="AVKProxy") returned 1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="MBAMService") returned -1 [0137.755] lstrcmpiW (lpString1="HTTP", lpString2="GbpSv") returned 1 [0137.755] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hwpolicy", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.755] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hwpolicy") returned 42 [0137.755] SetLastError (dwErrCode=0x0) [0137.755] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hwpolicy", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.755] SetLastError (dwErrCode=0x0) [0137.755] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.755] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.755] SetLastError (dwErrCode=0x0) [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="NAVENG") returned -1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="ccEvtMgr") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="NAV") returned -1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="NIS") returned -1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="NAVEX15") returned -1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="AVP") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="AVP15.0.0") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="AVP15.0.1") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="kl1") returned -1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="McComponentHostService") returned -1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="ekrn") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="egui") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="avgwd") returned 1 [0137.755] lstrcmpiW (lpString1="hwpolicy", lpString2="BdfNdisf") returned 1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="avast! Antivirus") returned 1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="MsMpSvc") returned -1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="RsMgrSvc") returned -1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="fshoster") returned 1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="AVKProxy") returned 1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="MBAMService") returned -1 [0137.756] lstrcmpiW (lpString1="hwpolicy", lpString2="GbpSv") returned 1 [0137.756] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="hyperkbd", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.756] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\hyperkbd") returned 42 [0137.756] SetLastError (dwErrCode=0x0) [0137.756] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\hyperkbd", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.756] SetLastError (dwErrCode=0x0) [0137.756] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.756] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.756] SetLastError (dwErrCode=0x0) [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="NAVENG") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="ccEvtMgr") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="NAV") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="NIS") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="NAVEX15") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="AVP") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="AVP15.0.0") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="AVP15.0.1") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="kl1") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="McComponentHostService") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="ekrn") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="egui") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="avgwd") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="BdfNdisf") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="avast! Antivirus") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="MsMpSvc") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="RsMgrSvc") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="fshoster") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="AVKProxy") returned 1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="MBAMService") returned -1 [0137.756] lstrcmpiW (lpString1="hyperkbd", lpString2="GbpSv") returned 1 [0137.756] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HyperVideo", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.757] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\HyperVideo") returned 44 [0137.757] SetLastError (dwErrCode=0x0) [0137.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\HyperVideo", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.757] SetLastError (dwErrCode=0x0) [0137.757] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.757] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.757] SetLastError (dwErrCode=0x0) [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="NAVENG") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="ccEvtMgr") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="NAV") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="NIS") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="NAVEX15") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="AVP") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="AVP15.0.0") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="AVP15.0.1") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="kl1") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="McComponentHostService") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="ekrn") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="egui") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="avgwd") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="BdfNdisf") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="avast! Antivirus") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="MsMpSvc") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="RsMgrSvc") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="fshoster") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="AVKProxy") returned 1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="MBAMService") returned -1 [0137.757] lstrcmpiW (lpString1="HyperVideo", lpString2="GbpSv") returned 1 [0137.757] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="i8042prt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.757] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\i8042prt") returned 42 [0137.757] SetLastError (dwErrCode=0x0) [0137.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\i8042prt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.759] SetLastError (dwErrCode=0x0) [0137.759] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.759] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.759] SetLastError (dwErrCode=0x0) [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="NAVENG") returned -1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="ccEvtMgr") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="NAV") returned -1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="NIS") returned -1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="NAVEX15") returned -1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="AVP") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="AVP15.0.0") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="AVP15.0.1") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="kl1") returned -1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="McComponentHostService") returned -1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="ekrn") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="egui") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="avgwd") returned 1 [0137.759] lstrcmpiW (lpString1="i8042prt", lpString2="BdfNdisf") returned 1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="avast! Antivirus") returned 1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="MsMpSvc") returned -1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="RsMgrSvc") returned -1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="fshoster") returned 1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="AVKProxy") returned 1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="MBAMService") returned -1 [0137.760] lstrcmpiW (lpString1="i8042prt", lpString2="GbpSv") returned 1 [0137.760] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaLPSSi_GPIO", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.760] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_GPIO") returned 46 [0137.760] SetLastError (dwErrCode=0x0) [0137.760] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_GPIO", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.760] SetLastError (dwErrCode=0x0) [0137.760] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.760] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.760] SetLastError (dwErrCode=0x0) [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NAVENG") returned -1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="ccEvtMgr") returned 1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NAV") returned -1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NIS") returned -1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="NAVEX15") returned -1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVP") returned 1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVP15.0.0") returned 1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVP15.0.1") returned 1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="kl1") returned -1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="McComponentHostService") returned -1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="ekrn") returned 1 [0137.760] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="egui") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="avgwd") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="BdfNdisf") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="avast! Antivirus") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="MsMpSvc") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="RsMgrSvc") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="fshoster") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="AVKProxy") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="MBAMService") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_GPIO", lpString2="GbpSv") returned 1 [0137.761] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaLPSSi_I2C", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.761] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_I2C") returned 45 [0137.761] SetLastError (dwErrCode=0x0) [0137.761] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaLPSSi_I2C", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.761] SetLastError (dwErrCode=0x0) [0137.761] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.761] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.761] SetLastError (dwErrCode=0x0) [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NAVENG") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="ccEvtMgr") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NAV") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NIS") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="NAVEX15") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVP") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVP15.0.0") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVP15.0.1") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="kl1") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="McComponentHostService") returned -1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="ekrn") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="egui") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="avgwd") returned 1 [0137.761] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="BdfNdisf") returned 1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="avast! Antivirus") returned 1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="MsMpSvc") returned -1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="RsMgrSvc") returned -1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="fshoster") returned 1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="AVKProxy") returned 1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="MBAMService") returned -1 [0137.762] lstrcmpiW (lpString1="iaLPSSi_I2C", lpString2="GbpSv") returned 1 [0137.762] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaStorAV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.762] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaStorAV") returned 42 [0137.762] SetLastError (dwErrCode=0x0) [0137.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaStorAV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.762] SetLastError (dwErrCode=0x0) [0137.762] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.762] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.762] SetLastError (dwErrCode=0x0) [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="NAVENG") returned -1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="ccEvtMgr") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="NAV") returned -1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="NIS") returned -1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="NAVEX15") returned -1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="AVP") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="AVP15.0.0") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="AVP15.0.1") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="kl1") returned -1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="McComponentHostService") returned -1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="ekrn") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="egui") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="avgwd") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="BdfNdisf") returned 1 [0137.762] lstrcmpiW (lpString1="iaStorAV", lpString2="avast! Antivirus") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorAV", lpString2="MsMpSvc") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorAV", lpString2="RsMgrSvc") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorAV", lpString2="fshoster") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorAV", lpString2="AVKProxy") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorAV", lpString2="MBAMService") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorAV", lpString2="GbpSv") returned 1 [0137.763] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iaStorV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.763] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iaStorV") returned 41 [0137.763] SetLastError (dwErrCode=0x0) [0137.763] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iaStorV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.763] SetLastError (dwErrCode=0x0) [0137.763] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.763] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.763] SetLastError (dwErrCode=0x0) [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="NAVENG") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="ccEvtMgr") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="NAV") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="NIS") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="NAVEX15") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="AVP") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="AVP15.0.0") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="AVP15.0.1") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="kl1") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="McComponentHostService") returned -1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="ekrn") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="egui") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="avgwd") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="BdfNdisf") returned 1 [0137.763] lstrcmpiW (lpString1="iaStorV", lpString2="avast! Antivirus") returned 1 [0137.764] lstrcmpiW (lpString1="iaStorV", lpString2="MsMpSvc") returned -1 [0137.764] lstrcmpiW (lpString1="iaStorV", lpString2="RsMgrSvc") returned -1 [0137.764] lstrcmpiW (lpString1="iaStorV", lpString2="fshoster") returned 1 [0137.764] lstrcmpiW (lpString1="iaStorV", lpString2="AVKProxy") returned 1 [0137.764] lstrcmpiW (lpString1="iaStorV", lpString2="MBAMService") returned -1 [0137.764] lstrcmpiW (lpString1="iaStorV", lpString2="GbpSv") returned 1 [0137.764] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ibbus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.764] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ibbus") returned 39 [0137.764] SetLastError (dwErrCode=0x0) [0137.764] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ibbus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.764] SetLastError (dwErrCode=0x0) [0137.764] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.764] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.764] SetLastError (dwErrCode=0x0) [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="NAVENG") returned -1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="ccEvtMgr") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="NAV") returned -1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="NIS") returned -1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="NAVEX15") returned -1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="AVP") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="AVP15.0.0") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="AVP15.0.1") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="kl1") returned -1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="McComponentHostService") returned -1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="ekrn") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="egui") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="avgwd") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="BdfNdisf") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="avast! Antivirus") returned 1 [0137.764] lstrcmpiW (lpString1="ibbus", lpString2="MsMpSvc") returned -1 [0137.765] lstrcmpiW (lpString1="ibbus", lpString2="RsMgrSvc") returned -1 [0137.765] lstrcmpiW (lpString1="ibbus", lpString2="fshoster") returned 1 [0137.765] lstrcmpiW (lpString1="ibbus", lpString2="AVKProxy") returned 1 [0137.765] lstrcmpiW (lpString1="ibbus", lpString2="MBAMService") returned -1 [0137.765] lstrcmpiW (lpString1="ibbus", lpString2="GbpSv") returned 1 [0137.765] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xa9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="icssvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.765] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\icssvc") returned 40 [0137.765] SetLastError (dwErrCode=0x0) [0137.765] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\icssvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.765] SetLastError (dwErrCode=0x0) [0137.765] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.765] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.765] SetLastError (dwErrCode=0x0) [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="NAVENG") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="ccEvtMgr") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="NAV") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="NIS") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="NAVEX15") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="AVP") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="AVP15.0.0") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="AVP15.0.1") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="kl1") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="McComponentHostService") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="ekrn") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="egui") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="avgwd") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="BdfNdisf") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="avast! Antivirus") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="MsMpSvc") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="RsMgrSvc") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="fshoster") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="AVKProxy") returned 1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="MBAMService") returned -1 [0137.765] lstrcmpiW (lpString1="icssvc", lpString2="GbpSv") returned 1 [0137.765] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xaa, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEEtwCollectorService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.765] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IEEtwCollectorService") returned 55 [0137.765] SetLastError (dwErrCode=0x0) [0137.765] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IEEtwCollectorService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.766] SetLastError (dwErrCode=0x0) [0137.766] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.766] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.766] SetLastError (dwErrCode=0x0) [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NAVENG") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="ccEvtMgr") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NAV") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NIS") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="NAVEX15") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVP") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVP15.0.0") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVP15.0.1") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="kl1") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="McComponentHostService") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="ekrn") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="egui") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="avgwd") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="BdfNdisf") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="avast! Antivirus") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="MsMpSvc") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="RsMgrSvc") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="fshoster") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="AVKProxy") returned 1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="MBAMService") returned -1 [0137.766] lstrcmpiW (lpString1="IEEtwCollectorService", lpString2="GbpSv") returned 1 [0137.766] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xab, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IKEEXT", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.766] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IKEEXT") returned 40 [0137.766] SetLastError (dwErrCode=0x0) [0137.766] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IKEEXT", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.766] SetLastError (dwErrCode=0x0) [0137.766] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.766] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.766] SetLastError (dwErrCode=0x0) [0137.766] lstrcmpiW (lpString1="IKEEXT", lpString2="NAVENG") returned -1 [0137.766] lstrcmpiW (lpString1="IKEEXT", lpString2="ccEvtMgr") returned 1 [0137.766] lstrcmpiW (lpString1="IKEEXT", lpString2="NAV") returned -1 [0137.766] lstrcmpiW (lpString1="IKEEXT", lpString2="NIS") returned -1 [0137.766] lstrcmpiW (lpString1="IKEEXT", lpString2="NAVEX15") returned -1 [0137.766] lstrcmpiW (lpString1="IKEEXT", lpString2="AVP") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="AVP15.0.0") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="AVP15.0.1") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="kl1") returned -1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="McComponentHostService") returned -1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="ekrn") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="egui") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="avgwd") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="BdfNdisf") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="avast! Antivirus") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="MsMpSvc") returned -1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="RsMgrSvc") returned -1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="fshoster") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="AVKProxy") returned 1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="MBAMService") returned -1 [0137.767] lstrcmpiW (lpString1="IKEEXT", lpString2="GbpSv") returned 1 [0137.767] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xac, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="inetaccs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.767] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\inetaccs") returned 42 [0137.767] SetLastError (dwErrCode=0x0) [0137.767] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\inetaccs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.767] SetLastError (dwErrCode=0x0) [0137.767] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.767] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.767] SetLastError (dwErrCode=0x0) [0137.767] GetLastError () returned 0x0 [0137.767] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xad, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="intelide", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.767] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\intelide") returned 42 [0137.767] SetLastError (dwErrCode=0x0) [0137.767] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\intelide", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.767] SetLastError (dwErrCode=0x0) [0137.767] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.767] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.767] SetLastError (dwErrCode=0x0) [0137.767] lstrcmpiW (lpString1="intelide", lpString2="NAVENG") returned -1 [0137.767] lstrcmpiW (lpString1="intelide", lpString2="ccEvtMgr") returned 1 [0137.767] lstrcmpiW (lpString1="intelide", lpString2="NAV") returned -1 [0137.767] lstrcmpiW (lpString1="intelide", lpString2="NIS") returned -1 [0137.767] lstrcmpiW (lpString1="intelide", lpString2="NAVEX15") returned -1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="AVP") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="AVP15.0.0") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="AVP15.0.1") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="kl1") returned -1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="McComponentHostService") returned -1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="ekrn") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="egui") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="avgwd") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="BdfNdisf") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="avast! Antivirus") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="MsMpSvc") returned -1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="RsMgrSvc") returned -1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="fshoster") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="AVKProxy") returned 1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="MBAMService") returned -1 [0137.768] lstrcmpiW (lpString1="intelide", lpString2="GbpSv") returned 1 [0137.768] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xae, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="intelpep", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.768] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\intelpep") returned 42 [0137.768] SetLastError (dwErrCode=0x0) [0137.768] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\intelpep", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.768] SetLastError (dwErrCode=0x0) [0137.768] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.768] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.768] SetLastError (dwErrCode=0x0) [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="NAVENG") returned -1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="ccEvtMgr") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="NAV") returned -1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="NIS") returned -1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="NAVEX15") returned -1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="AVP") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="AVP15.0.0") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="AVP15.0.1") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="kl1") returned -1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="McComponentHostService") returned -1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="ekrn") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="egui") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="avgwd") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="BdfNdisf") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="avast! Antivirus") returned 1 [0137.768] lstrcmpiW (lpString1="intelpep", lpString2="MsMpSvc") returned -1 [0137.769] lstrcmpiW (lpString1="intelpep", lpString2="RsMgrSvc") returned -1 [0137.769] lstrcmpiW (lpString1="intelpep", lpString2="fshoster") returned 1 [0137.769] lstrcmpiW (lpString1="intelpep", lpString2="AVKProxy") returned 1 [0137.769] lstrcmpiW (lpString1="intelpep", lpString2="MBAMService") returned -1 [0137.769] lstrcmpiW (lpString1="intelpep", lpString2="GbpSv") returned 1 [0137.769] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xaf, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="intelppm", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.769] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\intelppm") returned 42 [0137.769] SetLastError (dwErrCode=0x0) [0137.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\intelppm", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.769] SetLastError (dwErrCode=0x0) [0137.769] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.769] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.769] SetLastError (dwErrCode=0x0) [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="NAVENG") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="ccEvtMgr") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="NAV") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="NIS") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="NAVEX15") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="AVP") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="AVP15.0.0") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="AVP15.0.1") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="kl1") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="McComponentHostService") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="ekrn") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="egui") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="avgwd") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="BdfNdisf") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="avast! Antivirus") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="MsMpSvc") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="RsMgrSvc") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="fshoster") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="AVKProxy") returned 1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="MBAMService") returned -1 [0137.769] lstrcmpiW (lpString1="intelppm", lpString2="GbpSv") returned 1 [0137.769] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IoQos", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.769] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IoQos") returned 39 [0137.769] SetLastError (dwErrCode=0x0) [0137.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IoQos", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.769] SetLastError (dwErrCode=0x0) [0137.770] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.770] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.770] SetLastError (dwErrCode=0x0) [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="NAVENG") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="ccEvtMgr") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="NAV") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="NIS") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="NAVEX15") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="AVP") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="AVP15.0.0") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="AVP15.0.1") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="kl1") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="McComponentHostService") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="ekrn") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="egui") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="avgwd") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="BdfNdisf") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="avast! Antivirus") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="MsMpSvc") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="RsMgrSvc") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="fshoster") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="AVKProxy") returned 1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="MBAMService") returned -1 [0137.770] lstrcmpiW (lpString1="IoQos", lpString2="GbpSv") returned 1 [0137.770] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IpFilterDriver", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.770] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IpFilterDriver") returned 48 [0137.770] SetLastError (dwErrCode=0x0) [0137.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IpFilterDriver", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.770] SetLastError (dwErrCode=0x0) [0137.770] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.770] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.770] SetLastError (dwErrCode=0x0) [0137.770] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NAVENG") returned -1 [0137.770] lstrcmpiW (lpString1="IpFilterDriver", lpString2="ccEvtMgr") returned 1 [0137.770] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NAV") returned -1 [0137.770] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NIS") returned -1 [0137.770] lstrcmpiW (lpString1="IpFilterDriver", lpString2="NAVEX15") returned -1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVP") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVP15.0.0") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVP15.0.1") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="kl1") returned -1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="McComponentHostService") returned -1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="ekrn") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="egui") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="avgwd") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="BdfNdisf") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="avast! Antivirus") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="MsMpSvc") returned -1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="RsMgrSvc") returned -1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="fshoster") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="AVKProxy") returned 1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="MBAMService") returned -1 [0137.771] lstrcmpiW (lpString1="IpFilterDriver", lpString2="GbpSv") returned 1 [0137.771] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iphlpsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.771] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iphlpsvc") returned 42 [0137.771] SetLastError (dwErrCode=0x0) [0137.771] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iphlpsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.771] SetLastError (dwErrCode=0x0) [0137.771] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.771] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.771] SetLastError (dwErrCode=0x0) [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="NAVENG") returned -1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="ccEvtMgr") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="NAV") returned -1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="NIS") returned -1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="NAVEX15") returned -1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVP") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVP15.0.0") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVP15.0.1") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="kl1") returned -1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="McComponentHostService") returned -1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="ekrn") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="egui") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="avgwd") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="BdfNdisf") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="avast! Antivirus") returned 1 [0137.771] lstrcmpiW (lpString1="iphlpsvc", lpString2="MsMpSvc") returned -1 [0137.772] lstrcmpiW (lpString1="iphlpsvc", lpString2="RsMgrSvc") returned -1 [0137.772] lstrcmpiW (lpString1="iphlpsvc", lpString2="fshoster") returned 1 [0137.772] lstrcmpiW (lpString1="iphlpsvc", lpString2="AVKProxy") returned 1 [0137.772] lstrcmpiW (lpString1="iphlpsvc", lpString2="MBAMService") returned -1 [0137.772] lstrcmpiW (lpString1="iphlpsvc", lpString2="GbpSv") returned 1 [0137.772] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IPMIDRV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.772] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IPMIDRV") returned 41 [0137.772] SetLastError (dwErrCode=0x0) [0137.772] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IPMIDRV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.772] SetLastError (dwErrCode=0x0) [0137.772] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.772] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.772] SetLastError (dwErrCode=0x0) [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="NAVENG") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="ccEvtMgr") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="NAV") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="NIS") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="NAVEX15") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVP") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVP15.0.0") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVP15.0.1") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="kl1") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="McComponentHostService") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="ekrn") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="egui") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="avgwd") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="BdfNdisf") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="avast! Antivirus") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="MsMpSvc") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="RsMgrSvc") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="fshoster") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="AVKProxy") returned 1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="MBAMService") returned -1 [0137.772] lstrcmpiW (lpString1="IPMIDRV", lpString2="GbpSv") returned 1 [0137.772] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IPNAT", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.772] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IPNAT") returned 39 [0137.772] SetLastError (dwErrCode=0x0) [0137.772] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IPNAT", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.773] SetLastError (dwErrCode=0x0) [0137.773] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.773] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.773] SetLastError (dwErrCode=0x0) [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="NAVENG") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="ccEvtMgr") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="NAV") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="NIS") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="NAVEX15") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="AVP") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="AVP15.0.0") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="AVP15.0.1") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="kl1") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="McComponentHostService") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="ekrn") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="egui") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="avgwd") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="BdfNdisf") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="avast! Antivirus") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="MsMpSvc") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="RsMgrSvc") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="fshoster") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="AVKProxy") returned 1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="MBAMService") returned -1 [0137.773] lstrcmpiW (lpString1="IPNAT", lpString2="GbpSv") returned 1 [0137.773] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IRENUM", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.773] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\IRENUM") returned 40 [0137.773] SetLastError (dwErrCode=0x0) [0137.773] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\IRENUM", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.773] SetLastError (dwErrCode=0x0) [0137.773] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.773] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.773] SetLastError (dwErrCode=0x0) [0137.773] lstrcmpiW (lpString1="IRENUM", lpString2="NAVENG") returned -1 [0137.773] lstrcmpiW (lpString1="IRENUM", lpString2="ccEvtMgr") returned 1 [0137.773] lstrcmpiW (lpString1="IRENUM", lpString2="NAV") returned -1 [0137.773] lstrcmpiW (lpString1="IRENUM", lpString2="NIS") returned -1 [0137.773] lstrcmpiW (lpString1="IRENUM", lpString2="NAVEX15") returned -1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="AVP") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="AVP15.0.0") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="AVP15.0.1") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="kl1") returned -1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="McComponentHostService") returned -1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="ekrn") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="egui") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="avgwd") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="BdfNdisf") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="avast! Antivirus") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="MsMpSvc") returned -1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="RsMgrSvc") returned -1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="fshoster") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="AVKProxy") returned 1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="MBAMService") returned -1 [0137.774] lstrcmpiW (lpString1="IRENUM", lpString2="GbpSv") returned 1 [0137.774] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="isapnp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.774] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\isapnp") returned 40 [0137.774] SetLastError (dwErrCode=0x0) [0137.774] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\isapnp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.774] SetLastError (dwErrCode=0x0) [0137.774] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.774] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.774] SetLastError (dwErrCode=0x0) [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="NAVENG") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="ccEvtMgr") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="NAV") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="NIS") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="NAVEX15") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="AVP") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="AVP15.0.0") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="AVP15.0.1") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="kl1") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="McComponentHostService") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="ekrn") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="egui") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="avgwd") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="BdfNdisf") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="avast! Antivirus") returned 1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="MsMpSvc") returned -1 [0137.774] lstrcmpiW (lpString1="isapnp", lpString2="RsMgrSvc") returned -1 [0137.775] lstrcmpiW (lpString1="isapnp", lpString2="fshoster") returned 1 [0137.775] lstrcmpiW (lpString1="isapnp", lpString2="AVKProxy") returned 1 [0137.775] lstrcmpiW (lpString1="isapnp", lpString2="MBAMService") returned -1 [0137.775] lstrcmpiW (lpString1="isapnp", lpString2="GbpSv") returned 1 [0137.775] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="iScsiPrt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.775] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\iScsiPrt") returned 42 [0137.775] SetLastError (dwErrCode=0x0) [0137.775] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\iScsiPrt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.775] SetLastError (dwErrCode=0x0) [0137.775] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.775] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.775] SetLastError (dwErrCode=0x0) [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="NAVENG") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="ccEvtMgr") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="NAV") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="NIS") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="NAVEX15") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVP") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVP15.0.0") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVP15.0.1") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="kl1") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="McComponentHostService") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="ekrn") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="egui") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="avgwd") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="BdfNdisf") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="avast! Antivirus") returned 1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="MsMpSvc") returned -1 [0137.775] lstrcmpiW (lpString1="iScsiPrt", lpString2="RsMgrSvc") returned -1 [0137.776] lstrcmpiW (lpString1="iScsiPrt", lpString2="fshoster") returned 1 [0137.776] lstrcmpiW (lpString1="iScsiPrt", lpString2="AVKProxy") returned 1 [0137.776] lstrcmpiW (lpString1="iScsiPrt", lpString2="MBAMService") returned -1 [0137.776] lstrcmpiW (lpString1="iScsiPrt", lpString2="GbpSv") returned 1 [0137.776] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="kbdclass", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.776] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\kbdclass") returned 42 [0137.776] SetLastError (dwErrCode=0x0) [0137.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\kbdclass", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.776] SetLastError (dwErrCode=0x0) [0137.776] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.776] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.776] SetLastError (dwErrCode=0x0) [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="NAVENG") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="ccEvtMgr") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="NAV") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="NIS") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="NAVEX15") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="AVP") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="AVP15.0.0") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="AVP15.0.1") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="kl1") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="McComponentHostService") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="ekrn") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="egui") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="avgwd") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="BdfNdisf") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="avast! Antivirus") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="MsMpSvc") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="RsMgrSvc") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="fshoster") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="AVKProxy") returned 1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="MBAMService") returned -1 [0137.776] lstrcmpiW (lpString1="kbdclass", lpString2="GbpSv") returned 1 [0137.776] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xb9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="kbdhid", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.776] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\kbdhid") returned 40 [0137.776] SetLastError (dwErrCode=0x0) [0137.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\kbdhid", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.777] SetLastError (dwErrCode=0x0) [0137.777] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.777] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.777] SetLastError (dwErrCode=0x0) [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="NAVENG") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="ccEvtMgr") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="NAV") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="NIS") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="NAVEX15") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="AVP") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="AVP15.0.0") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="AVP15.0.1") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="kl1") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="McComponentHostService") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="ekrn") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="egui") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="avgwd") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="BdfNdisf") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="avast! Antivirus") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="MsMpSvc") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="RsMgrSvc") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="fshoster") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="AVKProxy") returned 1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="MBAMService") returned -1 [0137.777] lstrcmpiW (lpString1="kbdhid", lpString2="GbpSv") returned 1 [0137.777] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xba, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="kdnic", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.777] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\kdnic") returned 39 [0137.777] SetLastError (dwErrCode=0x0) [0137.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\kdnic", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.777] SetLastError (dwErrCode=0x0) [0137.777] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.777] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.777] SetLastError (dwErrCode=0x0) [0137.777] lstrcmpiW (lpString1="kdnic", lpString2="NAVENG") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="ccEvtMgr") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="NAV") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="NIS") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="NAVEX15") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="AVP") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="AVP15.0.0") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="AVP15.0.1") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="kl1") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="McComponentHostService") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="ekrn") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="egui") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="avgwd") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="BdfNdisf") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="avast! Antivirus") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="MsMpSvc") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="RsMgrSvc") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="fshoster") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="AVKProxy") returned 1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="MBAMService") returned -1 [0137.778] lstrcmpiW (lpString1="kdnic", lpString2="GbpSv") returned 1 [0137.778] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xbb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KeyIso", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.778] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KeyIso") returned 40 [0137.778] SetLastError (dwErrCode=0x0) [0137.778] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KeyIso", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.778] SetLastError (dwErrCode=0x0) [0137.778] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.778] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.778] SetLastError (dwErrCode=0x0) [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="NAVENG") returned -1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="ccEvtMgr") returned 1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="NAV") returned -1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="NIS") returned -1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="NAVEX15") returned -1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="AVP") returned 1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="AVP15.0.0") returned 1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="AVP15.0.1") returned 1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="kl1") returned -1 [0137.778] lstrcmpiW (lpString1="KeyIso", lpString2="McComponentHostService") returned -1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="ekrn") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="egui") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="avgwd") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="BdfNdisf") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="avast! Antivirus") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="MsMpSvc") returned -1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="RsMgrSvc") returned -1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="fshoster") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="AVKProxy") returned 1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="MBAMService") returned -1 [0137.779] lstrcmpiW (lpString1="KeyIso", lpString2="GbpSv") returned 1 [0137.779] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xbc, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KSecDD", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.779] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KSecDD") returned 40 [0137.779] SetLastError (dwErrCode=0x0) [0137.779] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KSecDD", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.779] SetLastError (dwErrCode=0x0) [0137.779] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.779] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.779] SetLastError (dwErrCode=0x0) [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="NAVENG") returned -1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="ccEvtMgr") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="NAV") returned -1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="NIS") returned -1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="NAVEX15") returned -1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="AVP") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="AVP15.0.0") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="AVP15.0.1") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="kl1") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="McComponentHostService") returned -1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="ekrn") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="egui") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="avgwd") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="BdfNdisf") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="avast! Antivirus") returned 1 [0137.779] lstrcmpiW (lpString1="KSecDD", lpString2="MsMpSvc") returned -1 [0137.780] lstrcmpiW (lpString1="KSecDD", lpString2="RsMgrSvc") returned -1 [0137.780] lstrcmpiW (lpString1="KSecDD", lpString2="fshoster") returned 1 [0137.780] lstrcmpiW (lpString1="KSecDD", lpString2="AVKProxy") returned 1 [0137.780] lstrcmpiW (lpString1="KSecDD", lpString2="MBAMService") returned -1 [0137.780] lstrcmpiW (lpString1="KSecDD", lpString2="GbpSv") returned 1 [0137.780] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xbd, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KSecPkg", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.780] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KSecPkg") returned 41 [0137.780] SetLastError (dwErrCode=0x0) [0137.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KSecPkg", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.780] SetLastError (dwErrCode=0x0) [0137.780] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.780] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.780] SetLastError (dwErrCode=0x0) [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="NAVENG") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="ccEvtMgr") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="NAV") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="NIS") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="NAVEX15") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="AVP") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="AVP15.0.0") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="AVP15.0.1") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="kl1") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="McComponentHostService") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="ekrn") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="egui") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="avgwd") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="BdfNdisf") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="avast! Antivirus") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="MsMpSvc") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="RsMgrSvc") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="fshoster") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="AVKProxy") returned 1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="MBAMService") returned -1 [0137.780] lstrcmpiW (lpString1="KSecPkg", lpString2="GbpSv") returned 1 [0137.780] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xbe, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ksthunk", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.780] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ksthunk") returned 41 [0137.780] SetLastError (dwErrCode=0x0) [0137.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ksthunk", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.781] SetLastError (dwErrCode=0x0) [0137.781] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.781] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.781] SetLastError (dwErrCode=0x0) [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="NAVENG") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="ccEvtMgr") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="NAV") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="NIS") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="NAVEX15") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="AVP") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="AVP15.0.0") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="AVP15.0.1") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="kl1") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="McComponentHostService") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="ekrn") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="egui") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="avgwd") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="BdfNdisf") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="avast! Antivirus") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="MsMpSvc") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="RsMgrSvc") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="fshoster") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="AVKProxy") returned 1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="MBAMService") returned -1 [0137.781] lstrcmpiW (lpString1="ksthunk", lpString2="GbpSv") returned 1 [0137.781] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xbf, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="KtmRm", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.781] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\KtmRm") returned 39 [0137.781] SetLastError (dwErrCode=0x0) [0137.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\KtmRm", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.781] SetLastError (dwErrCode=0x0) [0137.781] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.781] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.781] SetLastError (dwErrCode=0x0) [0137.781] lstrcmpiW (lpString1="KtmRm", lpString2="NAVENG") returned -1 [0137.781] lstrcmpiW (lpString1="KtmRm", lpString2="ccEvtMgr") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="NAV") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="NIS") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="NAVEX15") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="AVP") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="AVP15.0.0") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="AVP15.0.1") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="kl1") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="McComponentHostService") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="ekrn") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="egui") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="avgwd") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="BdfNdisf") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="avast! Antivirus") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="MsMpSvc") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="RsMgrSvc") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="fshoster") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="AVKProxy") returned 1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="MBAMService") returned -1 [0137.782] lstrcmpiW (lpString1="KtmRm", lpString2="GbpSv") returned 1 [0137.782] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LanmanServer", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.782] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LanmanServer") returned 46 [0137.782] SetLastError (dwErrCode=0x0) [0137.782] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LanmanServer", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.782] SetLastError (dwErrCode=0x0) [0137.782] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.782] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.782] SetLastError (dwErrCode=0x0) [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="NAVENG") returned -1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="ccEvtMgr") returned 1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="NAV") returned -1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="NIS") returned -1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="NAVEX15") returned -1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="AVP") returned 1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="AVP15.0.0") returned 1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="AVP15.0.1") returned 1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="kl1") returned 1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="McComponentHostService") returned -1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="ekrn") returned 1 [0137.782] lstrcmpiW (lpString1="LanmanServer", lpString2="egui") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="avgwd") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="BdfNdisf") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="avast! Antivirus") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="MsMpSvc") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="RsMgrSvc") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="fshoster") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="AVKProxy") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="MBAMService") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanServer", lpString2="GbpSv") returned 1 [0137.783] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LanmanWorkstation", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.783] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LanmanWorkstation") returned 51 [0137.783] SetLastError (dwErrCode=0x0) [0137.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LanmanWorkstation", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.783] SetLastError (dwErrCode=0x0) [0137.783] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.783] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.783] SetLastError (dwErrCode=0x0) [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="NAVENG") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="ccEvtMgr") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="NAV") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="NIS") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="NAVEX15") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="AVP") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="AVP15.0.0") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="AVP15.0.1") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="kl1") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="McComponentHostService") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="ekrn") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="egui") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="avgwd") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="BdfNdisf") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="avast! Antivirus") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="MsMpSvc") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="RsMgrSvc") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="fshoster") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="AVKProxy") returned 1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="MBAMService") returned -1 [0137.783] lstrcmpiW (lpString1="LanmanWorkstation", lpString2="GbpSv") returned 1 [0137.784] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ldap", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.784] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ldap") returned 38 [0137.784] SetLastError (dwErrCode=0x0) [0137.784] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ldap", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.784] SetLastError (dwErrCode=0x0) [0137.784] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.784] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.784] SetLastError (dwErrCode=0x0) [0137.784] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lfsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.784] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lfsvc") returned 39 [0137.784] SetLastError (dwErrCode=0x0) [0137.784] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lfsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.784] SetLastError (dwErrCode=0x0) [0137.784] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.784] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.784] SetLastError (dwErrCode=0x0) [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="NAVENG") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="ccEvtMgr") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="NAV") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="NIS") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="NAVEX15") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="AVP") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="AVP15.0.0") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="AVP15.0.1") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="kl1") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="McComponentHostService") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="ekrn") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="egui") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="avgwd") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="BdfNdisf") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="avast! Antivirus") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="MsMpSvc") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="RsMgrSvc") returned -1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="fshoster") returned 1 [0137.784] lstrcmpiW (lpString1="lfsvc", lpString2="AVKProxy") returned 1 [0137.785] lstrcmpiW (lpString1="lfsvc", lpString2="MBAMService") returned -1 [0137.785] lstrcmpiW (lpString1="lfsvc", lpString2="GbpSv") returned 1 [0137.785] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LicenseManager", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.785] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LicenseManager") returned 48 [0137.785] SetLastError (dwErrCode=0x0) [0137.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LicenseManager", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.785] SetLastError (dwErrCode=0x0) [0137.785] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.785] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.785] SetLastError (dwErrCode=0x0) [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="NAVENG") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="ccEvtMgr") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="NAV") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="NIS") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="NAVEX15") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="AVP") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="AVP15.0.0") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="AVP15.0.1") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="kl1") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="McComponentHostService") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="ekrn") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="egui") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="avgwd") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="BdfNdisf") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="avast! Antivirus") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="MsMpSvc") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="RsMgrSvc") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="fshoster") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="AVKProxy") returned 1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="MBAMService") returned -1 [0137.785] lstrcmpiW (lpString1="LicenseManager", lpString2="GbpSv") returned 1 [0137.785] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lltdio", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.785] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lltdio") returned 40 [0137.785] SetLastError (dwErrCode=0x0) [0137.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lltdio", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.786] SetLastError (dwErrCode=0x0) [0137.786] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.786] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.786] SetLastError (dwErrCode=0x0) [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="NAVENG") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="ccEvtMgr") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="NAV") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="NIS") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="NAVEX15") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="AVP") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="AVP15.0.0") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="AVP15.0.1") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="kl1") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="McComponentHostService") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="ekrn") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="egui") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="avgwd") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="BdfNdisf") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="avast! Antivirus") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="MsMpSvc") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="RsMgrSvc") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="fshoster") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="AVKProxy") returned 1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="MBAMService") returned -1 [0137.786] lstrcmpiW (lpString1="lltdio", lpString2="GbpSv") returned 1 [0137.786] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lltdsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.786] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lltdsvc") returned 41 [0137.786] SetLastError (dwErrCode=0x0) [0137.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lltdsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.786] SetLastError (dwErrCode=0x0) [0137.786] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.786] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.786] SetLastError (dwErrCode=0x0) [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="NAVENG") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="ccEvtMgr") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="NAV") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="NIS") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="NAVEX15") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="AVP") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="AVP15.0.0") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="AVP15.0.1") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="kl1") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="McComponentHostService") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="ekrn") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="egui") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="avgwd") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="BdfNdisf") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="avast! Antivirus") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="MsMpSvc") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="RsMgrSvc") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="fshoster") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="AVKProxy") returned 1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="MBAMService") returned -1 [0137.787] lstrcmpiW (lpString1="lltdsvc", lpString2="GbpSv") returned 1 [0137.787] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="lmhosts", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.787] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\lmhosts") returned 41 [0137.787] SetLastError (dwErrCode=0x0) [0137.787] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\lmhosts", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.787] SetLastError (dwErrCode=0x0) [0137.787] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.787] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.787] SetLastError (dwErrCode=0x0) [0137.787] lstrcmpiW (lpString1="lmhosts", lpString2="NAVENG") returned -1 [0137.787] lstrcmpiW (lpString1="lmhosts", lpString2="ccEvtMgr") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="NAV") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="NIS") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="NAVEX15") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="AVP") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="AVP15.0.0") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="AVP15.0.1") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="kl1") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="McComponentHostService") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="ekrn") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="egui") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="avgwd") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="BdfNdisf") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="avast! Antivirus") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="MsMpSvc") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="RsMgrSvc") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="fshoster") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="AVKProxy") returned 1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="MBAMService") returned -1 [0137.788] lstrcmpiW (lpString1="lmhosts", lpString2="GbpSv") returned 1 [0137.788] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Lsa", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.788] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Lsa") returned 37 [0137.788] SetLastError (dwErrCode=0x0) [0137.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Lsa", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.788] SetLastError (dwErrCode=0x0) [0137.788] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.788] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.788] SetLastError (dwErrCode=0x0) [0137.788] GetLastError () returned 0x0 [0137.788] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xc9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SAS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.788] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SAS") returned 41 [0137.788] SetLastError (dwErrCode=0x0) [0137.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SAS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.789] SetLastError (dwErrCode=0x0) [0137.789] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.789] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.789] SetLastError (dwErrCode=0x0) [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="NAVENG") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="ccEvtMgr") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="NAV") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="NIS") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="NAVEX15") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="AVP") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="AVP15.0.0") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="AVP15.0.1") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="kl1") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="McComponentHostService") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="ekrn") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="egui") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="avgwd") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="BdfNdisf") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="avast! Antivirus") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="MsMpSvc") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="RsMgrSvc") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="fshoster") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="AVKProxy") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="MBAMService") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS", lpString2="GbpSv") returned 1 [0137.789] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xca, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SAS2i", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.789] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SAS2i") returned 43 [0137.789] SetLastError (dwErrCode=0x0) [0137.789] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SAS2i", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.789] SetLastError (dwErrCode=0x0) [0137.789] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.789] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.789] SetLastError (dwErrCode=0x0) [0137.789] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="NAVENG") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="ccEvtMgr") returned 1 [0137.789] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="NAV") returned -1 [0137.789] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="NIS") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="NAVEX15") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="AVP") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="AVP15.0.0") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="AVP15.0.1") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="kl1") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="McComponentHostService") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="ekrn") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="egui") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="avgwd") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="BdfNdisf") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="avast! Antivirus") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="MsMpSvc") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="RsMgrSvc") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="fshoster") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="AVKProxy") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="MBAMService") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS2i", lpString2="GbpSv") returned 1 [0137.790] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xcb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SAS3i", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.790] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SAS3i") returned 43 [0137.790] SetLastError (dwErrCode=0x0) [0137.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SAS3i", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.790] SetLastError (dwErrCode=0x0) [0137.790] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.790] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.790] SetLastError (dwErrCode=0x0) [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="NAVENG") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="ccEvtMgr") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="NAV") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="NIS") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="NAVEX15") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="AVP") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="AVP15.0.0") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="AVP15.0.1") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="kl1") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="McComponentHostService") returned -1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="ekrn") returned 1 [0137.790] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="egui") returned 1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="avgwd") returned 1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="BdfNdisf") returned 1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="avast! Antivirus") returned 1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="MsMpSvc") returned -1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="RsMgrSvc") returned -1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="fshoster") returned 1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="AVKProxy") returned 1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="MBAMService") returned -1 [0137.791] lstrcmpiW (lpString1="LSI_SAS3i", lpString2="GbpSv") returned 1 [0137.791] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xcc, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSI_SSS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.792] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSI_SSS") returned 41 [0137.792] SetLastError (dwErrCode=0x0) [0137.792] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSI_SSS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.792] SetLastError (dwErrCode=0x0) [0137.792] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.792] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.792] SetLastError (dwErrCode=0x0) [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="NAVENG") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="ccEvtMgr") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="NAV") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="NIS") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="NAVEX15") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="AVP") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="AVP15.0.0") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="AVP15.0.1") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="kl1") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="McComponentHostService") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="ekrn") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="egui") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="avgwd") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="BdfNdisf") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="avast! Antivirus") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="MsMpSvc") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="RsMgrSvc") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="fshoster") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="AVKProxy") returned 1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="MBAMService") returned -1 [0137.792] lstrcmpiW (lpString1="LSI_SSS", lpString2="GbpSv") returned 1 [0137.792] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xcd, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="LSM", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.792] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\LSM") returned 37 [0137.792] SetLastError (dwErrCode=0x0) [0137.792] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\LSM", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.792] SetLastError (dwErrCode=0x0) [0137.792] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.792] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.792] SetLastError (dwErrCode=0x0) [0137.793] lstrcmpiW (lpString1="LSM", lpString2="NAVENG") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="ccEvtMgr") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="NAV") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="NIS") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="NAVEX15") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="AVP") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="AVP15.0.0") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="AVP15.0.1") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="kl1") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="McComponentHostService") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="ekrn") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="egui") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="avgwd") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="BdfNdisf") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="avast! Antivirus") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="MsMpSvc") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="RsMgrSvc") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="fshoster") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="AVKProxy") returned 1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="MBAMService") returned -1 [0137.793] lstrcmpiW (lpString1="LSM", lpString2="GbpSv") returned 1 [0137.793] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xce, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="luafv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.793] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\luafv") returned 39 [0137.793] SetLastError (dwErrCode=0x0) [0137.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\luafv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.793] SetLastError (dwErrCode=0x0) [0137.793] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.793] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.793] SetLastError (dwErrCode=0x0) [0137.793] lstrcmpiW (lpString1="luafv", lpString2="NAVENG") returned -1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="ccEvtMgr") returned 1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="NAV") returned -1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="NIS") returned -1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="NAVEX15") returned -1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="AVP") returned 1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="AVP15.0.0") returned 1 [0137.793] lstrcmpiW (lpString1="luafv", lpString2="AVP15.0.1") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="kl1") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="McComponentHostService") returned -1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="ekrn") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="egui") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="avgwd") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="BdfNdisf") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="avast! Antivirus") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="MsMpSvc") returned -1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="RsMgrSvc") returned -1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="fshoster") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="AVKProxy") returned 1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="MBAMService") returned -1 [0137.794] lstrcmpiW (lpString1="luafv", lpString2="GbpSv") returned 1 [0137.794] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xcf, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MapsBroker", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.794] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MapsBroker") returned 44 [0137.794] SetLastError (dwErrCode=0x0) [0137.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MapsBroker", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.794] SetLastError (dwErrCode=0x0) [0137.794] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.794] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.794] SetLastError (dwErrCode=0x0) [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="NAVENG") returned -1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="ccEvtMgr") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="NAV") returned -1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="NIS") returned -1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="NAVEX15") returned -1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="AVP") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="AVP15.0.0") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="AVP15.0.1") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="kl1") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="McComponentHostService") returned -1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="ekrn") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="egui") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="avgwd") returned 1 [0137.794] lstrcmpiW (lpString1="MapsBroker", lpString2="BdfNdisf") returned 1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="avast! Antivirus") returned 1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="MsMpSvc") returned -1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="RsMgrSvc") returned -1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="fshoster") returned 1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="AVKProxy") returned 1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="MBAMService") returned -1 [0137.795] lstrcmpiW (lpString1="MapsBroker", lpString2="GbpSv") returned 1 [0137.795] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="megasas", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.795] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\megasas") returned 41 [0137.795] SetLastError (dwErrCode=0x0) [0137.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\megasas", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.795] SetLastError (dwErrCode=0x0) [0137.795] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.795] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.795] SetLastError (dwErrCode=0x0) [0137.795] lstrcmpiW (lpString1="megasas", lpString2="NAVENG") returned -1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="ccEvtMgr") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="NAV") returned -1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="NIS") returned -1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="NAVEX15") returned -1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="AVP") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="AVP15.0.0") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="AVP15.0.1") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="kl1") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="McComponentHostService") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="ekrn") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="egui") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="avgwd") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="BdfNdisf") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="avast! Antivirus") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="MsMpSvc") returned -1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="RsMgrSvc") returned -1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="fshoster") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="AVKProxy") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="MBAMService") returned 1 [0137.795] lstrcmpiW (lpString1="megasas", lpString2="GbpSv") returned 1 [0137.795] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="megasr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.795] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\megasr") returned 40 [0137.795] SetLastError (dwErrCode=0x0) [0137.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\megasr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.796] SetLastError (dwErrCode=0x0) [0137.796] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.796] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.796] SetLastError (dwErrCode=0x0) [0137.796] lstrcmpiW (lpString1="megasr", lpString2="NAVENG") returned -1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="ccEvtMgr") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="NAV") returned -1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="NIS") returned -1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="NAVEX15") returned -1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="AVP") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="AVP15.0.0") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="AVP15.0.1") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="kl1") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="McComponentHostService") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="ekrn") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="egui") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="avgwd") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="BdfNdisf") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="avast! Antivirus") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="MsMpSvc") returned -1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="RsMgrSvc") returned -1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="fshoster") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="AVKProxy") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="MBAMService") returned 1 [0137.796] lstrcmpiW (lpString1="megasr", lpString2="GbpSv") returned 1 [0137.796] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mlx4_bus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.796] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mlx4_bus") returned 42 [0137.796] SetLastError (dwErrCode=0x0) [0137.796] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mlx4_bus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.796] SetLastError (dwErrCode=0x0) [0137.796] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.796] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.796] SetLastError (dwErrCode=0x0) [0137.796] lstrcmpiW (lpString1="mlx4_bus", lpString2="NAVENG") returned -1 [0137.796] lstrcmpiW (lpString1="mlx4_bus", lpString2="ccEvtMgr") returned 1 [0137.796] lstrcmpiW (lpString1="mlx4_bus", lpString2="NAV") returned -1 [0137.796] lstrcmpiW (lpString1="mlx4_bus", lpString2="NIS") returned -1 [0137.796] lstrcmpiW (lpString1="mlx4_bus", lpString2="NAVEX15") returned -1 [0137.796] lstrcmpiW (lpString1="mlx4_bus", lpString2="AVP") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="AVP15.0.0") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="AVP15.0.1") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="kl1") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="McComponentHostService") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="ekrn") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="egui") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="avgwd") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="BdfNdisf") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="avast! Antivirus") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="MsMpSvc") returned -1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="RsMgrSvc") returned -1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="fshoster") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="AVKProxy") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="MBAMService") returned 1 [0137.797] lstrcmpiW (lpString1="mlx4_bus", lpString2="GbpSv") returned 1 [0137.797] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MMCSS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.797] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MMCSS") returned 39 [0137.797] SetLastError (dwErrCode=0x0) [0137.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MMCSS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.797] SetLastError (dwErrCode=0x0) [0137.797] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.797] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.797] SetLastError (dwErrCode=0x0) [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="NAVENG") returned -1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="ccEvtMgr") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="NAV") returned -1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="NIS") returned -1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="NAVEX15") returned -1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="AVP") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="AVP15.0.0") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="AVP15.0.1") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="kl1") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="McComponentHostService") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="ekrn") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="egui") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="avgwd") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="BdfNdisf") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="avast! Antivirus") returned 1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="MsMpSvc") returned -1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="RsMgrSvc") returned -1 [0137.797] lstrcmpiW (lpString1="MMCSS", lpString2="fshoster") returned 1 [0137.798] lstrcmpiW (lpString1="MMCSS", lpString2="AVKProxy") returned 1 [0137.798] lstrcmpiW (lpString1="MMCSS", lpString2="MBAMService") returned 1 [0137.798] lstrcmpiW (lpString1="MMCSS", lpString2="GbpSv") returned 1 [0137.798] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Modem", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.798] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Modem") returned 39 [0137.798] SetLastError (dwErrCode=0x0) [0137.798] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Modem", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.798] SetLastError (dwErrCode=0x0) [0137.798] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.798] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.798] SetLastError (dwErrCode=0x0) [0137.798] lstrcmpiW (lpString1="Modem", lpString2="NAVENG") returned -1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="ccEvtMgr") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="NAV") returned -1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="NIS") returned -1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="NAVEX15") returned -1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="AVP") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="AVP15.0.0") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="AVP15.0.1") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="kl1") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="McComponentHostService") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="ekrn") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="egui") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="avgwd") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="BdfNdisf") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="avast! Antivirus") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="MsMpSvc") returned -1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="RsMgrSvc") returned -1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="fshoster") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="AVKProxy") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="MBAMService") returned 1 [0137.798] lstrcmpiW (lpString1="Modem", lpString2="GbpSv") returned 1 [0137.798] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="monitor", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.798] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\monitor") returned 41 [0137.798] SetLastError (dwErrCode=0x0) [0137.798] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\monitor", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.798] SetLastError (dwErrCode=0x0) [0137.799] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.799] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.799] SetLastError (dwErrCode=0x0) [0137.799] lstrcmpiW (lpString1="monitor", lpString2="NAVENG") returned -1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="ccEvtMgr") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="NAV") returned -1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="NIS") returned -1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="NAVEX15") returned -1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="AVP") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="AVP15.0.0") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="AVP15.0.1") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="kl1") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="McComponentHostService") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="ekrn") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="egui") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="avgwd") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="BdfNdisf") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="avast! Antivirus") returned 1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="MsMpSvc") returned -1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="RsMgrSvc") returned -1 [0137.799] lstrcmpiW (lpString1="monitor", lpString2="fshoster") returned 1 [0137.799] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mouclass", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.799] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mouclass") returned 42 [0137.799] SetLastError (dwErrCode=0x0) [0137.799] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mouclass", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.799] SetLastError (dwErrCode=0x0) [0137.799] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.799] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.799] SetLastError (dwErrCode=0x0) [0137.799] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mouhid", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.799] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mouhid") returned 40 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mouhid", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.800] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mountmgr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.800] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mountmgr") returned 42 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mountmgr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.800] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xd9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MozillaMaintenance", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.800] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MozillaMaintenance") returned 52 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MozillaMaintenance", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.800] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xda, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mpsdrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.800] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mpsdrv") returned 40 [0137.800] SetLastError (dwErrCode=0x0) [0137.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mpsdrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xdb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MpsSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MpsSvc") returned 40 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MpsSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xdc, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MRxDAV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MRxDAV") returned 40 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MRxDAV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xdd, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mrxsmb", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mrxsmb") returned 40 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mrxsmb", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.801] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.801] SetLastError (dwErrCode=0x0) [0137.801] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xde, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mrxsmb10", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mrxsmb10") returned 42 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mrxsmb10", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xdf, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mrxsmb20", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mrxsmb20") returned 42 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mrxsmb20", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MsBridge", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MsBridge") returned 42 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MsBridge", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDTC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSDTC") returned 39 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSDTC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.802] SetLastError (dwErrCode=0x0) [0137.802] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.802] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDTC Bridge 3.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.803] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 3.0.0.0") returned 54 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.803] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] GetLastError () returned 0x0 [0137.803] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDTC Bridge 4.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.803] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 4.0.0.0") returned 54 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSDTC Bridge 4.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.803] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] GetLastError () returned 0x0 [0137.803] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Msfs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.803] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Msfs") returned 38 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Msfs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.803] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.803] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.803] SetLastError (dwErrCode=0x0) [0137.804] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="msgpiowin32", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\msgpiowin32") returned 45 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\msgpiowin32", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mshidkmdf", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mshidkmdf") returned 43 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mshidkmdf", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mshidumdf", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mshidumdf") returned 43 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mshidumdf", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="msisadrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.804] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\msisadrv") returned 42 [0137.804] SetLastError (dwErrCode=0x0) [0137.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\msisadrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xe9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSiSCSI", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSiSCSI") returned 41 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSiSCSI", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xe, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xea, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="msiserver", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\msiserver") returned 43 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\msiserver", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xeb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSKSSRV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSKSSRV") returned 41 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSKSSRV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.805] SetLastError (dwErrCode=0x0) [0137.805] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xec, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MsLldp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.805] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MsLldp") returned 40 [0137.806] SetLastError (dwErrCode=0x0) [0137.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MsLldp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.806] SetLastError (dwErrCode=0x0) [0137.806] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.806] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.806] SetLastError (dwErrCode=0x0) [0137.806] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xed, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSPCLOCK", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.806] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSPCLOCK") returned 42 [0137.806] SetLastError (dwErrCode=0x0) [0137.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSPCLOCK", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.806] SetLastError (dwErrCode=0x0) [0137.806] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.806] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.806] SetLastError (dwErrCode=0x0) [0137.806] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xee, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSPQM", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.806] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSPQM") returned 39 [0137.806] SetLastError (dwErrCode=0x0) [0137.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSPQM", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.807] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xef, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MsRPC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.807] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MsRPC") returned 39 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MsRPC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.807] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSSCNTRS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.807] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSSCNTRS") returned 42 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSSCNTRS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.807] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.807] SetLastError (dwErrCode=0x0) [0137.807] GetLastError () returned 0x0 [0137.807] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mssmbios", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.807] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mssmbios") returned 42 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mssmbios", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSTEE", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MSTEE") returned 39 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MSTEE", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MTConfig", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\MTConfig") returned 42 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\MTConfig", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mup", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Mup") returned 37 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Mup", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.808] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.808] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.808] SetLastError (dwErrCode=0x0) [0137.809] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="mvumis", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\mvumis") returned 40 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\mvumis", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="napagent", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\napagent") returned 42 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\napagent", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] GetLastError () returned 0x0 [0137.809] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NativeWifiP", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NativeWifiP") returned 45 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NativeWifiP", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NcaSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.809] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NcaSvc") returned 40 [0137.809] SetLastError (dwErrCode=0x0) [0137.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NcaSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.809] SetLastError (dwErrCode=0x0) [0137.810] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xf9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NcbService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NcbService") returned 44 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NcbService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xfa, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NcdAutoSetup", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NcdAutoSetup") returned 46 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NcdAutoSetup", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xfb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ndfltr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ndfltr") returned 40 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ndfltr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.810] SetLastError (dwErrCode=0x0) [0137.810] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xfc, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NDIS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.810] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NDIS") returned 38 [0137.810] SetLastError (dwErrCode=0x0) [0137.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NDIS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xfd, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisCap", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisCap") returned 41 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisCap", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xfe, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisImPlatform", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisImPlatform") returned 48 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisImPlatform", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0xff, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisTapi", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisTapi") returned 42 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisTapi", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.811] SetLastError (dwErrCode=0x0) [0137.811] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.811] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x100, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Ndisuio", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Ndisuio") returned 41 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Ndisuio", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x101, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisVirtualBus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisVirtualBus") returned 48 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisVirtualBus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x102, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NdisWan", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NdisWan") returned 41 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NdisWan", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x103, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ndiswanlegacy", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.812] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ndiswanlegacy") returned 47 [0137.812] SetLastError (dwErrCode=0x0) [0137.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ndiswanlegacy", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x104, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ndproxy", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ndproxy") returned 41 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ndproxy", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x105, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Ndu", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Ndu") returned 37 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Ndu", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x106, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetBIOS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetBIOS") returned 41 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetBIOS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.813] SetLastError (dwErrCode=0x0) [0137.813] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x107, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetbiosSmb", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.813] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetbiosSmb") returned 44 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetbiosSmb", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] GetLastError () returned 0x0 [0137.814] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x108, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetBT", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetBT") returned 39 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetBT", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x109, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netlogon", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Netlogon") returned 42 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Netlogon", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netman", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Netman") returned 40 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Netman", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.814] SetLastError (dwErrCode=0x0) [0137.814] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.814] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="netprofm", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\netprofm") returned 42 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\netprofm", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetSetupSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetSetupSvc") returned 45 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetSetupSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NetTcpPortSharing", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NetTcpPortSharing") returned 51 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NetTcpPortSharing", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="netvsc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.815] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\netvsc") returned 40 [0137.815] SetLastError (dwErrCode=0x0) [0137.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\netvsc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x10f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NETVSCVFPP", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NETVSCVFPP") returned 44 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NETVSCVFPP", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x110, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NgcCtnrSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NgcCtnrSvc") returned 44 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NgcCtnrSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x111, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NgcSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NgcSvc") returned 40 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NgcSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.816] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.816] SetLastError (dwErrCode=0x0) [0137.816] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x112, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NlaSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NlaSvc") returned 40 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NlaSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x113, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Npfs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Npfs") returned 38 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Npfs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x114, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="npsvctrig", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\npsvctrig") returned 43 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\npsvctrig", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x115, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nsi", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.817] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nsi") returned 37 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nsi", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.817] SetLastError (dwErrCode=0x0) [0137.817] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x116, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nsiproxy", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nsiproxy") returned 42 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nsiproxy", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x117, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NTDS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NTDS") returned 38 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NTDS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] GetLastError () returned 0x0 [0137.818] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x118, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="NTFS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NTFS") returned 38 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NTFS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.818] SetLastError (dwErrCode=0x0) [0137.818] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.818] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x119, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Null", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Null") returned 38 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Null", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nvraid", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nvraid") returned 40 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nvraid", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nvstor", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nvstor") returned 40 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nvstor", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="nv_agp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.819] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\nv_agp") returned 40 [0137.819] SetLastError (dwErrCode=0x0) [0137.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\nv_agp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneSyncSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc") returned 44 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneSyncSvc_Session1", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc_Session1") returned 53 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\OneSyncSvc_Session1", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x11f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ose64", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ose64") returned 39 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ose64", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.820] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.820] SetLastError (dwErrCode=0x0) [0137.820] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x120, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="p2pimsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\p2pimsvc") returned 42 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\p2pimsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x121, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="p2psvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\p2psvc") returned 40 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\p2psvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x122, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Parport", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Parport") returned 41 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Parport", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x123, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="partmgr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.821] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\partmgr") returned 41 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\partmgr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.821] SetLastError (dwErrCode=0x0) [0137.821] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.822] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x124, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PcaSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.822] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PcaSvc") returned 40 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PcaSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.822] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x125, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pci", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.822] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pci") returned 37 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pci", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.822] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.822] SetLastError (dwErrCode=0x0) [0137.822] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x126, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pciide", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pciide") returned 40 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pciide", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x127, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pcmcia", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pcmcia") returned 40 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pcmcia", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x128, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pcw", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pcw") returned 37 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pcw", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.823] SetLastError (dwErrCode=0x0) [0137.823] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x129, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pdc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.823] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pdc") returned 37 [0137.823] SetLastError (dwErrCode=0x0) [0137.824] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pdc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.824] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PEAUTH", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.824] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PEAUTH") returned 40 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PEAUTH", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.824] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerDistSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.824] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PeerDistSvc") returned 45 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PeerDistSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.824] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="percsas2i", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.824] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\percsas2i") returned 43 [0137.824] SetLastError (dwErrCode=0x0) [0137.824] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\percsas2i", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.824] SetLastError (dwErrCode=0x0) [0137.825] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="percsas3i", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\percsas3i") returned 43 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\percsas3i", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfDisk", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfDisk") returned 42 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfDisk", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] GetLastError () returned 0x0 [0137.825] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x12f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfHost", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfHost") returned 42 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfHost", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.825] SetLastError (dwErrCode=0x0) [0137.825] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.825] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x130, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfNet", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.826] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfNet") returned 41 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfNet", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.826] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] GetLastError () returned 0x0 [0137.826] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x131, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfOS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.826] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfOS") returned 40 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfOS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.826] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] GetLastError () returned 0x0 [0137.826] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x132, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PerfProc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.826] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PerfProc") returned 42 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PerfProc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.826] SetLastError (dwErrCode=0x0) [0137.826] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.826] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] GetLastError () returned 0x0 [0137.827] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x133, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PimIndexMaintenanceSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.827] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc") returned 56 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.827] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x134, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PimIndexMaintenanceSvc_Session1", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.827] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc_Session1") returned 65 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PimIndexMaintenanceSvc_Session1", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.827] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x135, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="pla", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.827] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\pla") returned 37 [0137.827] SetLastError (dwErrCode=0x0) [0137.827] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\pla", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.827] SetLastError (dwErrCode=0x0) [0137.828] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.828] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x136, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PlugPlay", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.828] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PlugPlay") returned 42 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PlugPlay", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.828] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x137, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PNRPAutoReg", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.828] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PNRPAutoReg") returned 45 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PNRPAutoReg", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.828] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x138, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PNRPsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.828] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PNRPsvc") returned 41 [0137.828] SetLastError (dwErrCode=0x0) [0137.828] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PNRPsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.829] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x139, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PolicyAgent", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.829] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PolicyAgent") returned 45 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PolicyAgent", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.829] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PortProxy", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.829] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PortProxy") returned 43 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PortProxy", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.829] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] GetLastError () returned 0x0 [0137.829] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Power", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.829] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Power") returned 39 [0137.829] SetLastError (dwErrCode=0x0) [0137.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Power", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.830] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PptpMiniport", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.830] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PptpMiniport") returned 46 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PptpMiniport", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.830] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PrintNotify", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.830] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\PrintNotify") returned 45 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\PrintNotify", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.830] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Processor", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.830] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Processor") returned 43 [0137.830] SetLastError (dwErrCode=0x0) [0137.830] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Processor", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.831] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x13f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ProfSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.831] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ProfSvc") returned 41 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ProfSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.831] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x140, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Psched", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.831] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Psched") returned 40 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Psched", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.831] SetLastError (dwErrCode=0x0) [0137.831] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.831] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.831] SetLastError (dwErrCode=0x0) [0137.832] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x141, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="QWAVE", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.832] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\QWAVE") returned 39 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\QWAVE", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.832] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x142, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="QWAVEdrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.832] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\QWAVEdrv") returned 42 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\QWAVEdrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.832] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x143, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasAcd", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.832] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasAcd") returned 40 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasAcd", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.832] SetLastError (dwErrCode=0x0) [0137.832] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.832] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x144, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasAgileVpn", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.833] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasAgileVpn") returned 45 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasAgileVpn", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.833] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x145, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasAuto", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.833] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasAuto") returned 41 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasAuto", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.833] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x146, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Rasl2tp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.833] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Rasl2tp") returned 41 [0137.833] SetLastError (dwErrCode=0x0) [0137.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Rasl2tp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.833] SetLastError (dwErrCode=0x0) [0137.834] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.834] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x147, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasMan", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.834] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasMan") returned 40 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasMan", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.834] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x148, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasPppoe", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.834] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasPppoe") returned 42 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasPppoe", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.834] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x149, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RasSstp", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.834] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RasSstp") returned 41 [0137.834] SetLastError (dwErrCode=0x0) [0137.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RasSstp", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.835] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Razerlow", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.835] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Razerlow") returned 42 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Razerlow", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.835] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rdbss", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.835] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rdbss") returned 39 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rdbss", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.835] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.835] SetLastError (dwErrCode=0x0) [0137.835] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDMANDK", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.835] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDMANDK") returned 41 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDMANDK", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.836] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] GetLastError () returned 0x0 [0137.836] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rdpbus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.836] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rdpbus") returned 40 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rdpbus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.836] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDPDR", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.836] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDPDR") returned 39 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDPDR", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.836] SetLastError (dwErrCode=0x0) [0137.836] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.836] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.836] SetLastError (dwErrCode=0x0) [0137.837] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x14f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDPNP", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.837] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDPNP") returned 39 [0137.837] SetLastError (dwErrCode=0x0) [0137.837] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDPNP", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.837] SetLastError (dwErrCode=0x0) [0137.837] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.837] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.837] SetLastError (dwErrCode=0x0) [0137.837] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x150, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RDPUDD", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.837] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RDPUDD") returned 40 [0137.837] SetLastError (dwErrCode=0x0) [0137.837] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RDPUDD", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.837] SetLastError (dwErrCode=0x0) [0137.837] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.837] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.837] SetLastError (dwErrCode=0x0) [0137.837] GetLastError () returned 0x0 [0137.837] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x151, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RdpVideoMiniport", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.837] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RdpVideoMiniport") returned 50 [0137.839] SetLastError (dwErrCode=0x0) [0137.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RdpVideoMiniport", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.839] SetLastError (dwErrCode=0x0) [0137.839] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.839] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.839] SetLastError (dwErrCode=0x0) [0137.839] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x152, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rdyboost", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.839] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rdyboost") returned 42 [0137.839] SetLastError (dwErrCode=0x0) [0137.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rdyboost", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.840] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x153, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ReFSv1", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.840] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ReFSv1") returned 40 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ReFSv1", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.840] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x154, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RegFilter", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.840] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RegFilter") returned 43 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RegFilter", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.840] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.840] SetLastError (dwErrCode=0x0) [0137.840] GetLastError () returned 0x0 [0137.840] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x155, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RemoteAccess", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.841] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RemoteAccess") returned 46 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RemoteAccess", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.841] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x156, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RemoteRegistry", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.841] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RemoteRegistry") returned 48 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RemoteRegistry", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.841] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x157, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RetailDemo", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.841] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RetailDemo") returned 44 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RetailDemo", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.841] SetLastError (dwErrCode=0x0) [0137.841] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.841] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x158, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RpcEptMapper", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.842] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RpcEptMapper") returned 46 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RpcEptMapper", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.842] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x159, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RpcLocator", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.842] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RpcLocator") returned 44 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RpcLocator", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.842] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RpcSs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.842] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RpcSs") returned 39 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RpcSs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.842] SetLastError (dwErrCode=0x0) [0137.842] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.843] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="rspndr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.843] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\rspndr") returned 40 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\rspndr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.843] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="s3cap", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.843] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\s3cap") returned 39 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\s3cap", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.843] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SamSs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.843] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SamSs") returned 39 [0137.843] SetLastError (dwErrCode=0x0) [0137.843] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SamSs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.844] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sbp2port", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.844] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sbp2port") returned 42 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sbp2port", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.844] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x15f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SCardSvr", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.844] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SCardSvr") returned 42 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SCardSvr", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.844] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.844] SetLastError (dwErrCode=0x0) [0137.844] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x160, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ScDeviceEnum", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.845] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ScDeviceEnum") returned 46 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ScDeviceEnum", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.845] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x161, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="scfilter", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.845] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\scfilter") returned 42 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\scfilter", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.845] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x162, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Schedule", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.845] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Schedule") returned 42 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Schedule", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.845] SetLastError (dwErrCode=0x0) [0137.845] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.845] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.845] SetLastError (dwErrCode=0x0) [0137.846] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x163, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SCPolicySvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.846] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SCPolicySvc") returned 45 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SCPolicySvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.846] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x164, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sdbus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.846] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sdbus") returned 39 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sdbus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.846] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x165, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SDRSVC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.846] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SDRSVC") returned 40 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SDRSVC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.846] SetLastError (dwErrCode=0x0) [0137.846] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.846] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x166, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sdstor", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.847] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sdstor") returned 40 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sdstor", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.847] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x167, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="seclogon", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.847] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\seclogon") returned 42 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\seclogon", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.847] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x168, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SENS", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.847] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SENS") returned 38 [0137.847] SetLastError (dwErrCode=0x0) [0137.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SENS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.847] SetLastError (dwErrCode=0x0) [0137.848] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.848] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x169, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SensorDataService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.848] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SensorDataService") returned 51 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SensorDataService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.848] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SensorService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.848] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SensorService") returned 47 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SensorService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.848] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SensrSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.848] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SensrSvc") returned 42 [0137.848] SetLastError (dwErrCode=0x0) [0137.848] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SensrSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.848] SetLastError (dwErrCode=0x0) [0137.849] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.849] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SerCx", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.849] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SerCx") returned 39 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SerCx", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.849] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SerCx2", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.849] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SerCx2") returned 40 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SerCx2", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.849] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Serenum", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.849] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Serenum") returned 41 [0137.849] SetLastError (dwErrCode=0x0) [0137.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Serenum", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.850] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x16f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Serial", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.850] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Serial") returned 40 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Serial", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.850] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x170, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sermouse", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.850] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sermouse") returned 42 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sermouse", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.850] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x171, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ServiceModelEndpoint 3.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.850] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ServiceModelEndpoint 3.0.0.0") returned 62 [0137.850] SetLastError (dwErrCode=0x0) [0137.850] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ServiceModelEndpoint 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.851] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] GetLastError () returned 0x0 [0137.851] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x172, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ServiceModelOperation 3.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.851] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ServiceModelOperation 3.0.0.0") returned 63 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ServiceModelOperation 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.851] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] GetLastError () returned 0x0 [0137.851] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x173, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ServiceModelService 3.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.851] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ServiceModelService 3.0.0.0") returned 61 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ServiceModelService 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.851] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.851] SetLastError (dwErrCode=0x0) [0137.851] GetLastError () returned 0x0 [0137.851] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x174, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SessionEnv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.851] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SessionEnv") returned 44 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SessionEnv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.852] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x175, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sfloppy", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.852] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sfloppy") returned 41 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sfloppy", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.852] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x176, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SharedAccess", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.852] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SharedAccess") returned 46 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SharedAccess", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.852] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.852] SetLastError (dwErrCode=0x0) [0137.852] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x177, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ShellHWDetection", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.853] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ShellHWDetection") returned 50 [0137.853] SetLastError (dwErrCode=0x0) [0137.853] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ShellHWDetection", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.853] SetLastError (dwErrCode=0x0) [0137.853] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.853] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.853] SetLastError (dwErrCode=0x0) [0137.853] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x178, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SiSRaid2", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.853] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SiSRaid2") returned 42 [0137.853] SetLastError (dwErrCode=0x0) [0137.853] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SiSRaid2", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.853] SetLastError (dwErrCode=0x0) [0137.853] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.853] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x179, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SiSRaid4", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.854] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SiSRaid4") returned 42 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SiSRaid4", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.854] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="smphost", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.854] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\smphost") returned 41 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\smphost", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.854] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SmsRouter", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.854] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SmsRouter") returned 43 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SmsRouter", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.854] SetLastError (dwErrCode=0x0) [0137.854] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.855] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SMSvcHost 3.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.855] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 3.0.0.0") returned 51 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 3.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.855] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] GetLastError () returned 0x0 [0137.855] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SMSvcHost 4.0.0.0", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.855] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 4.0.0.0") returned 51 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SMSvcHost 4.0.0.0", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.855] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] GetLastError () returned 0x0 [0137.855] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SNMPTRAP", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.855] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SNMPTRAP") returned 42 [0137.855] SetLastError (dwErrCode=0x0) [0137.855] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SNMPTRAP", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.856] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x17f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="spaceport", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.856] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\spaceport") returned 43 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\spaceport", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.856] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x180, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SpbCx", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.856] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SpbCx") returned 39 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SpbCx", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.856] SetLastError (dwErrCode=0x0) [0137.856] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.856] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x181, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Spooler", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.857] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Spooler") returned 41 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Spooler", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.857] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x182, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="sppsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.857] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\sppsvc") returned 40 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\sppsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.857] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x183, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="srv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.857] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\srv") returned 37 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\srv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.857] SetLastError (dwErrCode=0x0) [0137.857] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.857] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x184, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="srv2", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.858] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\srv2") returned 38 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\srv2", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.858] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x185, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="srvnet", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.858] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\srvnet") returned 40 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\srvnet", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.858] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x186, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SSDPSRV", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.858] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SSDPSRV") returned 41 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SSDPSRV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.858] SetLastError (dwErrCode=0x0) [0137.858] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.858] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x187, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SstpSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.859] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SstpSvc") returned 41 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SstpSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.859] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x188, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="StateRepository", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.859] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\StateRepository") returned 49 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\StateRepository", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.859] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x189, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="stexstor", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.859] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\stexstor") returned 42 [0137.859] SetLastError (dwErrCode=0x0) [0137.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\stexstor", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.859] SetLastError (dwErrCode=0x0) [0137.860] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.860] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="stisvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.860] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\stisvc") returned 40 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\stisvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.860] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storahci", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.860] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storahci") returned 42 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storahci", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.860] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storflt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.860] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storflt") returned 41 [0137.860] SetLastError (dwErrCode=0x0) [0137.860] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storflt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.860] SetLastError (dwErrCode=0x0) [0137.861] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="stornvme", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\stornvme") returned 42 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\stornvme", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storqosflt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storqosflt") returned 44 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storqosflt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x18f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="StorSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\StorSvc") returned 41 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\StorSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.861] SetLastError (dwErrCode=0x0) [0137.861] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x190, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storufs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.861] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storufs") returned 41 [0137.861] SetLastError (dwErrCode=0x0) [0137.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storufs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x191, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="storvsc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\storvsc") returned 41 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\storvsc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x192, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="svsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\svsvc") returned 39 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\svsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x193, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="swenum", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\swenum") returned 40 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\swenum", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.862] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.862] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.862] SetLastError (dwErrCode=0x0) [0137.863] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x194, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="swprv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\swprv") returned 39 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\swprv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x195, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Synth3dVsc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Synth3dVsc") returned 44 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Synth3dVsc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x196, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SysMain", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SysMain") returned 41 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SysMain", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x197, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemEventsBroker", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.863] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\SystemEventsBroker") returned 52 [0137.863] SetLastError (dwErrCode=0x0) [0137.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\SystemEventsBroker", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.863] SetLastError (dwErrCode=0x0) [0137.864] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x198, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TabletInputService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TabletInputService") returned 52 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TabletInputService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x199, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TapiSrv", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TapiSrv") returned 41 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TapiSrv", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19a, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Tcpip", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Tcpip") returned 39 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Tcpip", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.864] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.864] SetLastError (dwErrCode=0x0) [0137.864] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19b, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Tcpip6", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Tcpip6") returned 40 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Tcpip6", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19c, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TCPIP6TUNNEL", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TCPIP6TUNNEL") returned 46 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TCPIP6TUNNEL", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19d, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tcpipreg", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tcpipreg") returned 42 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tcpipreg", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19e, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TCPIPTUNNEL", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TCPIPTUNNEL") returned 45 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TCPIPTUNNEL", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.865] SetLastError (dwErrCode=0x0) [0137.865] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.865] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x19f, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tdx", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tdx") returned 37 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tdx", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="terminpt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\terminpt") returned 42 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\terminpt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TermService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TermService") returned 45 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TermService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Themes", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.866] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Themes") returned 40 [0137.866] SetLastError (dwErrCode=0x0) [0137.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Themes", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tiledatamodelsvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tiledatamodelsvc") returned 50 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tiledatamodelsvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TimeBroker", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TimeBroker") returned 44 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TimeBroker", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TPM", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TPM") returned 37 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TPM", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.867] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.867] SetLastError (dwErrCode=0x0) [0137.867] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TrkWks", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TrkWks") returned 40 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TrkWks", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TrustedInstaller", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TrustedInstaller") returned 50 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TrustedInstaller", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xd, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TSDDD", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TSDDD") returned 39 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TSDDD", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] GetLastError () returned 0x0 [0137.868] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1a9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TsUsbFlt", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.868] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TsUsbFlt") returned 42 [0137.868] SetLastError (dwErrCode=0x0) [0137.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TsUsbFlt", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.868] SetLastError (dwErrCode=0x0) [0137.869] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.869] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.869] SetLastError (dwErrCode=0x0) [0137.869] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1aa, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TsUsbGD", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.869] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\TsUsbGD") returned 41 [0137.869] SetLastError (dwErrCode=0x0) [0137.869] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\TsUsbGD", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.869] SetLastError (dwErrCode=0x0) [0137.869] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.869] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.869] SetLastError (dwErrCode=0x0) [0137.869] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1ab, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="tunnel", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.869] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\tunnel") returned 40 [0137.869] SetLastError (dwErrCode=0x0) [0137.869] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\tunnel", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.869] SetLastError (dwErrCode=0x0) [0137.870] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1ac, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="uagp35", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\uagp35") returned 40 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\uagp35", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1ad, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UASPStor", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UASPStor") returned 42 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UASPStor", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1ae, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UcmCx0101", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UcmCx0101") returned 43 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UcmCx0101", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.870] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.870] SetLastError (dwErrCode=0x0) [0137.870] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1af, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UcmUcsi", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.871] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UcmUcsi") returned 41 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UcmUcsi", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.871] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Ucx01000", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.871] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Ucx01000") returned 42 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Ucx01000", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.871] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UdeCx", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.871] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UdeCx") returned 39 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UdeCx", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.871] SetLastError (dwErrCode=0x0) [0137.871] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x5, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.871] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="udfs", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\udfs") returned 38 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\udfs", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UEFI", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UEFI") returned 38 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UEFI", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x7, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b4, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Ufx01000", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Ufx01000") returned 42 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Ufx01000", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.872] SetLastError (dwErrCode=0x0) [0137.872] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b5, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UfxChipidea", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.872] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UfxChipidea") returned 45 [0137.872] SetLastError (dwErrCode=0x0) [0137.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UfxChipidea", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b6, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ufxsynopsys", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\ufxsynopsys") returned 45 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\ufxsynopsys", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b7, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UGatherer", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UGatherer") returned 43 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UGatherer", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] GetLastError () returned 0x0 [0137.873] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b8, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UGTHRSVC", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UGTHRSVC") returned 42 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UGTHRSVC", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.873] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.873] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.873] SetLastError (dwErrCode=0x0) [0137.874] GetLastError () returned 0x0 [0137.874] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1b9, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UI0Detect", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UI0Detect") returned 43 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UI0Detect", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1ba, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="uliagpkx", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\uliagpkx") returned 42 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\uliagpkx", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1bb, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="umbus", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\umbus") returned 39 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\umbus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1bc, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UmPass", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.874] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UmPass") returned 40 [0137.874] SetLastError (dwErrCode=0x0) [0137.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UmPass", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.874] SetLastError (dwErrCode=0x0) [0137.875] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1bd, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UmRdpService", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UmRdpService") returned 46 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UmRdpService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1be, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UnistoreSvc", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UnistoreSvc") returned 45 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UnistoreSvc", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xa, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1bf, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UnistoreSvc_Session1", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UnistoreSvc_Session1") returned 54 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UnistoreSvc_Session1", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.875] SetLastError (dwErrCode=0x0) [0137.875] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1c0, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="upnphost", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.875] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\upnphost") returned 42 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\upnphost", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0xb, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.876] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1c1, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UrsChipidea", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.876] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UrsChipidea") returned 45 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UrsChipidea", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x9, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.876] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1c2, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UrsCx01000", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.876] wvnsprintfW (in: pszDest=0xb2f32c, cchDest=259, pszFmt="%s\\%s", arglist=0xb2ed00 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\UrsCx01000") returned 44 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\UrsCx01000", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ecfc | out: phkResult=0xb2ecfc*=0x2f4) returned 0x0 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.876] RegCloseKey (hKey=0x2f4) returned 0x0 [0137.876] SetLastError (dwErrCode=0x0) [0137.876] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1c3, lpName=0xb2f534, lpcchName=0xb2f74c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="UrsSynopsys", lpcchName=0xb2f74c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] RegQueryInfoKeyA (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0xf, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.878] SetLastError (dwErrCode=0x0) [0137.878] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x98, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1194, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.879] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0xb, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.879] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x16, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0xf, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.880] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.880] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x98, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x1194, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0xb, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.881] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.881] SetLastError (dwErrCode=0x0) [0137.882] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x2, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.882] SetLastError (dwErrCode=0x0) [0137.882] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xb2ecf8*=0x16, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.882] SetLastError (dwErrCode=0x0) [0137.882] RegQueryInfoKeyA (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xb2ecf8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xb2ecf8*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0137.882] SetLastError (dwErrCode=0x0) [0137.882] GetWindowsDirectoryW (in: lpBuffer=0xb2f560, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0137.882] GetCommandLineW () returned="C:\\Windows\\SysWOW64\\explorer.exe" [0137.882] CharLowerBuffW (in: lpsz="C:\\Windows\\SysWOW64\\explorer.exe", cchLength=0x20 | out: lpsz="c:\\windows\\syswow64\\explorer.exe") returned 0x20 [0137.882] CommandLineToArgvW (in: lpCmdLine="c:\\windows\\syswow64\\explorer.exe", pNumArgs=0xb2f76c | out: pNumArgs=0xb2f76c) returned 0xbf72b0*="c:\\windows\\syswow64\\explorer.exe" [0137.882] LocalFree (hMem=0xbf72b0) returned 0x0 [0137.882] GetTickCount () returned 0x2f67b [0137.882] GetCurrentThreadId () returned 0x7a0 [0137.882] RtlRandom (in: Seed=0xb2f728 | out: Seed=0xb2f728) returned 0xa35420cc [0137.882] Sleep (dwMilliseconds=0x148) [0138.214] wvnsprintfA (in: pszDest=0xb2f74c, cchDest=2147483647, pszFmt="%08x", arglist=0xb2f730 | out: pszDest="11671243") returned 8 [0138.214] SetLastError (dwErrCode=0x0) [0138.214] wvnsprintfA (in: pszDest=0xb2f4f8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f4e0 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_I:11671243_v1$") returned 60 [0138.214] SetLastError (dwErrCode=0x0) [0138.214] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_I:11671243_v1$") returned 0x0 [0138.214] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc00580, dwRevision=0x1 | out: pSecurityDescriptor=0xc00580) returned 1 [0138.214] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc00580, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0138.214] GetLastError () returned 0x2 [0138.214] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc00580, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc00580) returned 1 [0138.214] GetLastError () returned 0x2 [0138.214] SetLastError (dwErrCode=0x2) [0138.214] CreateEventA (lpEventAttributes=0xb2f5f4, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_I:11671243_v1$") returned 0x2f0 [0138.214] GetLastError () returned 0x0 [0138.214] SetLastError (dwErrCode=0x0) [0138.214] CsrGetProcessId () returned 0x1a0 [0138.215] wvnsprintfA (in: pszDest=0xb2f320, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f208 | out: pszDest="CG1CG1_11980343") returned 15 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f220, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f204 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f5c4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f4a0 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f430, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f318 | out: pszDest="LSFLSF_11980343") returned 15 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f330, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f314 | out: pszDest="cb7bbbee06636e535c7c377204c5eb13") returned 32 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f5c4, cbMultiByte=95, lpWideCharStr=0xbf5c58, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0138.215] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f5a4 | out: phkResult=0xb2f5a4*=0x2f4) returned 0x0 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] SetLastError (dwErrCode=0x0) [0138.215] RegQueryValueExA (in: hKey=0x2f4, lpValueName="cb7bbbee06636e5", lpReserved=0x0, lpType=0xb2f59c, lpData=0xb2f760, lpcbData=0xb2f5a0*=0x4 | out: lpType=0xb2f59c*=0x0, lpData=0xb2f760*=0x0, lpcbData=0xb2f5a0*=0x4) returned 0x2 [0138.215] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.215] SetLastError (dwErrCode=0x2) [0138.215] GetLastError () returned 0x2 [0138.215] SetLastError (dwErrCode=0x2) [0138.215] wvnsprintfA (in: pszDest=0xb2f320, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f208 | out: pszDest="CG1CG1_11980343") returned 15 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f220, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f204 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f5c4, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f4a0 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f430, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f318 | out: pszDest="LMSFLMSF_11980343") returned 17 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] wvnsprintfA (in: pszDest=0xb2f330, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f314 | out: pszDest="ee74df35871eda7df7d8fe6f1c5f8ba5") returned 32 [0138.215] SetLastError (dwErrCode=0x0) [0138.215] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f5c4, cbMultiByte=95, lpWideCharStr=0xbf5c58, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0138.215] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f5a4 | out: phkResult=0xb2f5a4*=0x2f4) returned 0x0 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] SetLastError (dwErrCode=0x0) [0138.216] RegQueryValueExA (in: hKey=0x2f4, lpValueName="ee74df3587", lpReserved=0x0, lpType=0xb2f59c, lpData=0xb2f760, lpcbData=0xb2f5a0*=0x4 | out: lpType=0xb2f59c*=0x0, lpData=0xb2f760*=0x0, lpcbData=0xb2f5a0*=0x4) returned 0x2 [0138.216] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.216] SetLastError (dwErrCode=0x2) [0138.216] GetLastError () returned 0x2 [0138.216] SetLastError (dwErrCode=0x2) [0138.216] wvnsprintfA (in: pszDest=0xb2f328, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f210 | out: pszDest="CG1CG1_11980343") returned 15 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] wvnsprintfA (in: pszDest=0xb2f228, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f20c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] wvnsprintfA (in: pszDest=0xb2f5cc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f4a8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] wvnsprintfA (in: pszDest=0xb2f438, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f320 | out: pszDest="LISFLISF_11980343") returned 17 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] wvnsprintfA (in: pszDest=0xb2f338, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f31c | out: pszDest="41f5ddd483f58c61f8166d82114eead6") returned 32 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f5cc, cbMultiByte=95, lpWideCharStr=0xbf5c58, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0138.216] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f5ac | out: phkResult=0xb2f5ac*=0x2f4) returned 0x0 [0138.216] SetLastError (dwErrCode=0x0) [0138.216] SetLastError (dwErrCode=0x0) [0138.216] RegQueryValueExA (in: hKey=0x2f4, lpValueName="41f5ddd483f58", lpReserved=0x0, lpType=0xb2f5a4, lpData=0xb2f768, lpcbData=0xb2f5a8*=0x4 | out: lpType=0xb2f5a4*=0x0, lpData=0xb2f768*=0x0, lpcbData=0xb2f5a8*=0x4) returned 0x2 [0138.216] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.216] SetLastError (dwErrCode=0x2) [0138.216] GetLastError () returned 0x2 [0138.216] SetLastError (dwErrCode=0x2) [0138.216] GetShellWindow () returned 0x100c8 [0138.216] IsWindow (hWnd=0x100c8) returned 1 [0138.216] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0xb2f504 | out: lpdwProcessId=0xb2f504) returned 0x55c [0138.216] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x0, ProcessInformation=0xb2f724, ProcessInformationLength=0x18, ReturnLength=0xb2f73c | out: ProcessInformation=0xb2f724, ReturnLength=0xb2f73c) returned 0x0 [0138.216] NtOpenProcess (in: ProcessHandle=0xb2f4fc, DesiredAccess=0x400, ObjectAttributes=0xb2f4dc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xb2f4f4*(UniqueProcess=0x73c, UniqueThread=0x0) | out: ProcessHandle=0xb2f4fc*=0x2f4) returned 0x0 [0138.217] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0138.217] SetLastError (dwErrCode=0x0) [0138.217] NtQueryInformationProcess (in: ProcessHandle=0x2f4, ProcessInformationClass=0x2b, ProcessInformation=0xc00580, ProcessInformationLength=0x826, ReturnLength=0xb2f4fc | out: ProcessInformation=0xc00580, ReturnLength=0xb2f4fc) returned 0xc0000001 [0138.217] RtlNtStatusToDosError (Status=0xc0000001) returned 0x1f [0138.217] SetLastError (dwErrCode=0x1f) [0138.217] CloseHandle (hObject=0x2f4) returned 1 [0138.217] SetLastError (dwErrCode=0x0) [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5100000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5100000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5100400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5100000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5100800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5100000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5100c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5100000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.217] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.218] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ac00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510bc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510cc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510dc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.219] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ec00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510fc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.220] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.221] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ac00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511bc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511cc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511dc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.222] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ec00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511fc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5120000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5120000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5120400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5120000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5120800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5120000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5120c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5120000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5121000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5121000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5121400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5121000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5121800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5121000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5121c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5121000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5122000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5122000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5122400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5122000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5122800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5122000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5122c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5122000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5123000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5123000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5123400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5123000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5123800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5123000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5123c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5123000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5124000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5124000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5124400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5124000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.223] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5124800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5124000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5124c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5124000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5125000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5125000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5125400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5125000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5125800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5125000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5125c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5125000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5126000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5126000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5126400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5126000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5126800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5126000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5126c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5126000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5127000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5127000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5127400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5127000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5127800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5127000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5127c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5127000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5128000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5128000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5128400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5128000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5128800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5128000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5128c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5128000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5129000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5129000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5129400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5129000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5129800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5129000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5129c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5129000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512a000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512a400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.224] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512a800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512ac00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x19a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512b000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x199000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512b400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x199000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512b800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x199000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512bc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x199000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512c000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x198000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512c400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x198000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512c800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x198000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512cc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x198000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512d000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x197000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512d400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x197000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512d800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x197000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512dc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x197000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512e000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x196000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512e400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x196000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512e800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x196000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512ec00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x196000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512f000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x195000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512f400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x195000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512f800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x195000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x512fc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x512f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x195000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5130000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5130000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x194000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.225] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5130400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5130000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x194000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5130800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5130000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x194000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5130c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5130000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x194000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5131000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5131000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x193000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5131400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5131000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x193000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5131800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5131000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x193000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5131c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5131000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x193000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5132000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5132000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x192000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5132400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5132000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x192000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5132800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5132000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x192000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5132c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5132000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x192000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5133000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5133000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x191000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5133400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5133000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x191000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5133800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5133000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x191000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5133c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5133000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x191000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5134000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5134000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x190000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5134400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5134000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x190000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5134800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5134000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x190000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5134c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5134000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x190000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5135000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5135000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5135400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5135000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5135800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5135000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5135c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5135000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18f000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5136000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5136000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.226] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5136400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5136000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5136800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5136000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5136c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5136000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18e000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5137000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5137000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5137400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5137000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5137800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5137000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5137c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5137000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18d000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5138000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5138000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5138400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5138000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5138800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5138000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5138c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5138000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18c000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5139000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5139000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5139400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5139000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5139800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5139000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5139c00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x5139000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18b000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513a000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513a400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513a800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513ac00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x18a000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513b000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x189000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513b400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x189000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513b800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x189000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513bc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x189000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513c000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x188000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.227] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513c400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x188000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513c800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x188000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513cc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x188000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513d000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x187000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513d400, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x187000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513d800, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x187000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513dc00, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x187000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.228] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x513e000, lpBuffer=0xb2f6d0, dwLength=0x1c | out: lpBuffer=0xb2f6d0*(BaseAddress=0x513e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x186000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0138.229] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe")) returned 0x2003 [0138.229] wvnsprintfW (in: pszDest=0xb2f230, cchDest=2147483647, pszFmt="\"%s\"", arglist=0xb2f204 | out: pszDest="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 50 [0138.229] SetLastError (dwErrCode=0x0) [0138.229] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2efd4, lpdwDisposition=0x0 | out: phkResult=0xb2efd4*=0x2f4, lpdwDisposition=0x0) returned 0x0 [0138.229] SetLastError (dwErrCode=0x0) [0138.229] RtlInitUnicodeString (in: DestinationString=0xb2efa0, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0138.229] NtSetValueKey (in: KeyHandle=0x2f4, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", DataSize=0x62 | out: Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 0x0 [0138.229] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0138.229] SetLastError (dwErrCode=0x0) [0138.229] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.229] SetLastError (dwErrCode=0x0) [0138.229] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", ulOptions=0x0, samDesired=0x101, phkResult=0xb2efd4 | out: phkResult=0xb2efd4*=0x2f4) returned 0x0 [0138.229] SetLastError (dwErrCode=0x0) [0138.229] RegQueryValueExW (in: hKey=0x2f4, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0xb2efcc, lpData=0xb2eff0, lpcbData=0xb2efd0*=0x207 | out: lpType=0xb2efcc*=0x1, lpData="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpcbData=0xb2efd0*=0x62) returned 0x0 [0138.229] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.229] SetLastError (dwErrCode=0x0) [0138.229] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2efd4, lpdwDisposition=0x0 | out: phkResult=0xb2efd4*=0x2f4, lpdwDisposition=0x0) returned 0x0 [0138.230] SetLastError (dwErrCode=0x0) [0138.230] RtlInitUnicodeString (in: DestinationString=0xb2efa0, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0138.230] NtSetValueKey (in: KeyHandle=0x2f4, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", DataSize=0x66 | out: Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 0x0 [0138.231] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0138.231] SetLastError (dwErrCode=0x0) [0138.231] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.231] SetLastError (dwErrCode=0x0) [0138.231] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x101, phkResult=0xb2efd4 | out: phkResult=0xb2efd4*=0x2f4) returned 0x0 [0138.231] SetLastError (dwErrCode=0x0) [0138.231] RegQueryValueExW (in: hKey=0x2f4, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0xb2efcc, lpData=0xb2eff0, lpcbData=0xb2efd0*=0x207 | out: lpType=0xb2efcc*=0x1, lpData="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", lpcbData=0xb2efd0*=0x66) returned 0x0 [0138.231] RegCloseKey (hKey=0x2f4) returned 0x0 [0138.231] SetLastError (dwErrCode=0x0) [0138.231] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="HTTP\\shell\\open\\command", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f47c | out: phkResult=0xb2f47c*=0x2fa) returned 0x0 [0138.231] SetLastError (dwErrCode=0x0) [0138.231] RegQueryValueExW (in: hKey=0x2fa, lpValueName=0x0, lpReserved=0x0, lpType=0xb2f474, lpData=0xb2f4a0, lpcbData=0xb2f478*=0x207 | out: lpType=0xb2f474*=0x1, lpData="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1", lpcbData=0xb2f478*=0x6a) returned 0x0 [0138.231] RegCloseKey (hKey=0x2fa) returned 0x0 [0138.231] SetLastError (dwErrCode=0x0) [0138.231] CharLowerBuffW (in: lpsz="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1", cchLength=0x104 | out: lpsz="\"c:\\program files\\internet explorer\\iexplore.exe\" %1") returned 0x104 [0138.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5149340, cbMultiByte=42, lpWideCharStr=0xbf4570, cchWideChar=42 | out: lpWideCharStr="SOFTWARE\\Microsoft\\NET Framework Setup\\NDP") returned 42 [0138.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\NET Framework Setup\\NDP", ulOptions=0x0, samDesired=0x8, phkResult=0xb2f6ac | out: phkResult=0xb2f6ac*=0x2f8) returned 0x0 [0138.232] SetLastError (dwErrCode=0x0) [0138.232] SetLastError (dwErrCode=0x0) [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x0, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CDF", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x1, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="v2.0.50727", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x2, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="v3.0", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x3, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="v3.5", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x4, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="v4", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x5, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="v4.0", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0138.232] RegEnumKeyExA (in: hKey=0x2f8, dwIndex=0x6, lpName=0xb2f684, lpcchName=0xb2f6a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0xb2f6a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0138.232] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5149378, cbMultiByte=26, lpWideCharStr=0xbe7e28, cchWideChar=26 | out: lpWideCharStr="jarfile\\shell\\open\\command") returned 26 [0138.232] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="jarfile\\shell\\open\\command", ulOptions=0x0, samDesired=0x1, phkResult=0xb2f6ac | out: phkResult=0xb2f6ac*=0x2fa) returned 0x0 [0138.232] SetLastError (dwErrCode=0x0) [0138.232] SetLastError (dwErrCode=0x0) [0138.232] RegCloseKey (hKey=0x2fa) returned 0x0 [0138.232] SetLastError (dwErrCode=0x0) [0138.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c50c, cbMultiByte=20, lpWideCharStr=0xbea6a0, cchWideChar=20 | out: lpWideCharStr="Software\\Valve\\Steam") returned 20 [0138.232] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Valve\\Steam", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f6a0 | out: phkResult=0xb2f6a0*=0x0) returned 0x2 [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x2) [0138.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c52c, cbMultiByte=49, lpWideCharStr=0xbf72b0, cchWideChar=49 | out: lpWideCharStr="Software\\Microsoft\\Terminal Server Client\\Default") returned 49 [0138.233] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Terminal Server Client\\Default", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f6a0 | out: phkResult=0xb2f6a0*=0x0) returned 0x2 [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x57) [0138.233] wvnsprintfW (in: pszDest=0xb2f07c, cchDest=2147483647, pszFmt="SYSTEM\\CurrentControlSet\\services\\%s", arglist=0xb2f070 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\dg_ssudbus") returned 44 [0138.233] SetLastError (dwErrCode=0x0) [0138.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\dg_ssudbus", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f060 | out: phkResult=0xb2f060*=0x0) returned 0x2 [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x57) [0138.233] wvnsprintfW (in: pszDest=0xb2f07c, cchDest=2147483647, pszFmt="SYSTEM\\CurrentControlSet\\services\\%s", arglist=0xb2f070 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\Apple Mobile Device") returned 53 [0138.233] SetLastError (dwErrCode=0x0) [0138.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\Apple Mobile Device", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f060 | out: phkResult=0xb2f060*=0x0) returned 0x2 [0138.233] SetLastError (dwErrCode=0x2) [0138.233] SetLastError (dwErrCode=0x2) [0138.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c430, cbMultiByte=19, lpWideCharStr=0xbe6248, cchWideChar=19 | out: lpWideCharStr="SOFTWARE\\AdwCleaner") returned 19 [0138.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\AdwCleaner", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f440 | out: phkResult=0xb2f440*=0x0) returned 0x2 [0138.234] SetLastError (dwErrCode=0x2) [0138.234] SetLastError (dwErrCode=0x2) [0138.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c430, cbMultiByte=19, lpWideCharStr=0xbe6248, cchWideChar=19 | out: lpWideCharStr="SOFTWARE\\AdwCleaner") returned 19 [0138.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\AdwCleaner", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f440 | out: phkResult=0xb2f440*=0x0) returned 0x2 [0138.234] SetLastError (dwErrCode=0x2) [0138.234] SetLastError (dwErrCode=0x2) [0138.234] SetLastError (dwErrCode=0x2) [0138.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c444, cbMultiByte=61, lpWideCharStr=0xbf72b0, cchWideChar=61 | out: lpWideCharStr="SOFTWARE\\Safer Networking Limited\\Spybot - Search & Destroy 2") returned 61 [0138.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Safer Networking Limited\\Spybot - Search & Destroy 2", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f440 | out: phkResult=0xb2f440*=0x0) returned 0x2 [0138.234] SetLastError (dwErrCode=0x2) [0138.234] SetLastError (dwErrCode=0x2) [0138.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c444, cbMultiByte=61, lpWideCharStr=0xbf72b0, cchWideChar=61 | out: lpWideCharStr="SOFTWARE\\Safer Networking Limited\\Spybot - Search & Destroy 2") returned 61 [0138.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Safer Networking Limited\\Spybot - Search & Destroy 2", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f440 | out: phkResult=0xb2f440*=0x0) returned 0x2 [0138.234] SetLastError (dwErrCode=0x2) [0138.234] SetLastError (dwErrCode=0x2) [0138.234] SetLastError (dwErrCode=0x2) [0138.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c488, cbMultiByte=68, lpWideCharStr=0xbf72b0, cchWideChar=68 | out: lpWideCharStr="Software\\Classes\\VirtualStore\\MACHINE\\SOFTWARE\\TrendMicro\\HijackThis") returned 68 [0138.235] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\VirtualStore\\MACHINE\\SOFTWARE\\TrendMicro\\HijackThis", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f440 | out: phkResult=0xb2f440*=0x0) returned 0x2 [0138.235] SetLastError (dwErrCode=0x2) [0138.235] SetLastError (dwErrCode=0x2) [0138.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c488, cbMultiByte=68, lpWideCharStr=0xbf72b0, cchWideChar=68 | out: lpWideCharStr="Software\\Classes\\VirtualStore\\MACHINE\\SOFTWARE\\TrendMicro\\HijackThis") returned 68 [0138.235] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\VirtualStore\\MACHINE\\SOFTWARE\\TrendMicro\\HijackThis", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f440 | out: phkResult=0xb2f440*=0x0) returned 0x2 [0138.235] SetLastError (dwErrCode=0x2) [0138.235] SetLastError (dwErrCode=0x2) [0138.235] SetLastError (dwErrCode=0x2) [0138.235] GetWindowsDirectoryA (in: lpBuffer=0xb2f668, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0138.235] GetFileAttributesA (lpFileName="C:\\ComboFix" (normalized: "c:\\combofix")) returned 0xffffffff [0138.235] GetLastError () returned 0x2 [0138.235] GetWindowsDirectoryA (in: lpBuffer=0xb2f668, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0138.235] GetFileAttributesA (lpFileName="C:\\LinhaDefensiva" (normalized: "c:\\linhadefensiva")) returned 0xffffffff [0138.235] GetLastError () returned 0x2 [0138.235] GetTempPathW (in: nBufferLength=0xf8, lpBuffer=0xb2f460 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0138.235] PathAppendW (in: pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\", pMore="HouseCall" | out: pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\HouseCall") returned 1 [0138.235] GetFileAttributesW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\HouseCall" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\housecall")) returned 0xffffffff [0138.235] GetLastError () returned 0x2 [0138.235] SetLastError (dwErrCode=0x57) [0138.236] wvnsprintfW (in: pszDest=0xb2ee30, cchDest=2147483647, pszFmt="SYSTEM\\CurrentControlSet\\services\\%s", arglist=0xb2ee24 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\RapportMgmtService") returned 52 [0138.236] SetLastError (dwErrCode=0x0) [0138.236] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\RapportMgmtService", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ee14 | out: phkResult=0xb2ee14*=0x0) returned 0x2 [0138.236] SetLastError (dwErrCode=0x2) [0138.236] SetLastError (dwErrCode=0x2) [0138.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c35c, cbMultiByte=23, lpWideCharStr=0xbea588, cchWideChar=23 | out: lpWideCharStr="SOFTWARE\\Classes\\origin") returned 23 [0138.236] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\origin", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.236] SetLastError (dwErrCode=0x2) [0138.236] SetLastError (dwErrCode=0x2) [0138.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c35c, cbMultiByte=23, lpWideCharStr=0xbea588, cchWideChar=23 | out: lpWideCharStr="SOFTWARE\\Classes\\origin") returned 23 [0138.236] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\origin", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.236] SetLastError (dwErrCode=0x2) [0138.236] SetLastError (dwErrCode=0x2) [0138.236] SetLastError (dwErrCode=0x2) [0138.236] PathAppendW (in: pszPath="C:\\Users\\CIiHmnxMn6Ps", pMore="jagexcache" | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\jagexcache") returned 1 [0138.236] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\jagexcache" (normalized: "c:\\users\\ciihmnxmn6ps\\jagexcache")) returned 0xffffffff [0138.236] GetLastError () returned 0x2 [0138.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c38c, cbMultiByte=31, lpWideCharStr=0xbe6760, cchWideChar=31 | out: lpWideCharStr="SOFTWARE\\Blizzard Entertainment") returned 31 [0138.236] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Blizzard Entertainment", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.236] SetLastError (dwErrCode=0x2) [0138.237] SetLastError (dwErrCode=0x2) [0138.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c38c, cbMultiByte=31, lpWideCharStr=0xbe6760, cchWideChar=31 | out: lpWideCharStr="SOFTWARE\\Blizzard Entertainment") returned 31 [0138.237] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Blizzard Entertainment", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.237] SetLastError (dwErrCode=0x2) [0138.237] SetLastError (dwErrCode=0x2) [0138.237] SetLastError (dwErrCode=0x2) [0138.237] PathAppendW (in: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", pMore=".minecraft" | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\.minecraft") returned 1 [0138.237] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\.minecraft" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\.minecraft")) returned 0xffffffff [0138.237] GetLastError () returned 0x2 [0138.237] PathAppendW (in: pszPath="C:\\Program Files (x86)", pMore="League of Legends" | out: pszPath="C:\\Program Files (x86)\\League of Legends") returned 1 [0138.237] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\League of Legends" (normalized: "c:\\program files (x86)\\league of legends")) returned 0xffffffff [0138.237] GetLastError () returned 0x2 [0138.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c3e8, cbMultiByte=14, lpWideCharStr=0xbe5a28, cchWideChar=14 | out: lpWideCharStr="Software\\Skype") returned 14 [0138.237] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Skype", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.237] SetLastError (dwErrCode=0x2) [0138.237] SetLastError (dwErrCode=0x2) [0138.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c3e8, cbMultiByte=14, lpWideCharStr=0xbe5a28, cchWideChar=14 | out: lpWideCharStr="Software\\Skype") returned 14 [0138.237] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Skype", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.237] SetLastError (dwErrCode=0x2) [0138.237] SetLastError (dwErrCode=0x2) [0138.237] SetLastError (dwErrCode=0x2) [0138.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c3f8, cbMultiByte=31, lpWideCharStr=0xbe6760, cchWideChar=31 | out: lpWideCharStr="Software\\Microsoft\\VisualStudio") returned 31 [0138.237] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\VisualStudio", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.238] SetLastError (dwErrCode=0x2) [0138.238] SetLastError (dwErrCode=0x2) [0138.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c3f8, cbMultiByte=31, lpWideCharStr=0xbe6520, cchWideChar=31 | out: lpWideCharStr="Software\\Microsoft\\VisualStudio") returned 31 [0138.238] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\VisualStudio", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.238] SetLastError (dwErrCode=0x2) [0138.238] SetLastError (dwErrCode=0x2) [0138.238] SetLastError (dwErrCode=0x2) [0138.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c418, cbMultiByte=21, lpWideCharStr=0xbea780, cchWideChar=21 | out: lpWideCharStr="Software\\VMware, Inc.") returned 21 [0138.238] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\VMware, Inc.", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.238] SetLastError (dwErrCode=0x2) [0138.238] SetLastError (dwErrCode=0x2) [0138.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x514c418, cbMultiByte=21, lpWideCharStr=0xbea588, cchWideChar=21 | out: lpWideCharStr="Software\\VMware, Inc.") returned 21 [0138.238] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\VMware, Inc.", ulOptions=0x0, samDesired=0x201, phkResult=0xb2f134 | out: phkResult=0xb2f134*=0x0) returned 0x2 [0138.238] SetLastError (dwErrCode=0x2) [0138.238] SetLastError (dwErrCode=0x2) [0138.238] SetLastError (dwErrCode=0x2) [0138.238] GetTickCount () returned 0x2f7e3 [0138.238] GetTickCount () returned 0x2f7e3 [0138.238] GetCurrentThreadId () returned 0x7a0 [0138.238] RtlRandom (in: Seed=0xb2f6c8 | out: Seed=0xb2f6c8) returned 0x25111ee1 [0138.238] RtlRandom (in: Seed=0xb2f6e4 | out: Seed=0xb2f6e4) returned 0xb583b405 [0138.238] RtlRandom (in: Seed=0xb2f6e4 | out: Seed=0xb2f6e4) returned 0x2a450acb [0138.238] RtlRandom (in: Seed=0xb2f6e4 | out: Seed=0xb2f6e4) returned 0xf6ba089e [0138.238] RtlRandom (in: Seed=0xb2f6e4 | out: Seed=0xb2f6e4) returned 0xaaca46e3 [0138.238] RtlRandom (in: Seed=0xb2f6e4 | out: Seed=0xb2f6e4) returned 0x6227e55c [0138.238] RtlRandom (in: Seed=0xb2f6e4 | out: Seed=0xb2f6e4) returned 0xea82ab76 [0138.238] wvnsprintfW (in: pszDest=0xb2f4ec, cchDest=2147483647, pszFmt="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\%s", arglist=0xb2f4e0 | out: pszDest="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rstrui.exe") returned 84 [0138.238] SetLastError (dwErrCode=0x0) [0138.239] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rstrui.exe", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f4cc, lpdwDisposition=0x0 | out: phkResult=0xb2f4cc*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.239] SetLastError (dwErrCode=0x0) [0138.239] RtlInitUnicodeString (in: DestinationString=0xb2f498, SourceString="Debugger" | out: DestinationString="Debugger") [0138.239] NtSetValueKey (in: KeyHandle=0x2f8, ValueName="Debugger", TitleIndex=0x0, Type=0x1, Data="plybkq.exe", DataSize=0x16 | out: Data="plybkq.exe") returned 0x0 [0138.239] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0138.239] SetLastError (dwErrCode=0x0) [0138.239] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.239] SetLastError (dwErrCode=0x0) [0138.239] wvnsprintfA (in: pszDest=0xb2f634, cchDest=2147483647, pszFmt="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\%u", arglist=0xb2f628 | out: pszDest="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1") returned 67 [0138.239] SetLastError (dwErrCode=0x0) [0138.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f634, cbMultiByte=67, lpWideCharStr=0xbf72b0, cchWideChar=67 | out: lpWideCharStr="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1") returned 67 [0138.239] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f618, lpdwDisposition=0x0 | out: phkResult=0xb2f618*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.239] SetLastError (dwErrCode=0x0) [0138.239] SetLastError (dwErrCode=0x0) [0138.239] RegSetValueExA (in: hKey=0x2f8, lpValueName="2500", Reserved=0x0, dwType=0x4, lpData=0xb2f614*=0x3, cbData=0x4 | out: lpData=0xb2f614*=0x3) returned 0x0 [0138.240] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] wvnsprintfA (in: pszDest=0xb2f634, cchDest=2147483647, pszFmt="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\%u", arglist=0xb2f628 | out: pszDest="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2") returned 67 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f634, cbMultiByte=67, lpWideCharStr=0xbf72b0, cchWideChar=67 | out: lpWideCharStr="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2") returned 67 [0138.240] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f618, lpdwDisposition=0x0 | out: phkResult=0xb2f618*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] SetLastError (dwErrCode=0x0) [0138.240] RegSetValueExA (in: hKey=0x2f8, lpValueName="2500", Reserved=0x0, dwType=0x4, lpData=0xb2f614*=0x3, cbData=0x4 | out: lpData=0xb2f614*=0x3) returned 0x0 [0138.240] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] wvnsprintfA (in: pszDest=0xb2f634, cchDest=2147483647, pszFmt="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\%u", arglist=0xb2f628 | out: pszDest="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3") returned 67 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f634, cbMultiByte=67, lpWideCharStr=0xbf72b0, cchWideChar=67 | out: lpWideCharStr="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3") returned 67 [0138.240] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f618, lpdwDisposition=0x0 | out: phkResult=0xb2f618*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] SetLastError (dwErrCode=0x0) [0138.240] RegSetValueExA (in: hKey=0x2f8, lpValueName="2500", Reserved=0x0, dwType=0x4, lpData=0xb2f614*=0x3, cbData=0x4 | out: lpData=0xb2f614*=0x3) returned 0x0 [0138.240] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] wvnsprintfA (in: pszDest=0xb2f634, cchDest=2147483647, pszFmt="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\%u", arglist=0xb2f628 | out: pszDest="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4") returned 67 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f634, cbMultiByte=67, lpWideCharStr=0xbf72b0, cchWideChar=67 | out: lpWideCharStr="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4") returned 67 [0138.240] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f618, lpdwDisposition=0x0 | out: phkResult=0xb2f618*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.240] SetLastError (dwErrCode=0x0) [0138.240] SetLastError (dwErrCode=0x0) [0138.241] RegSetValueExA (in: hKey=0x2f8, lpValueName="2500", Reserved=0x0, dwType=0x4, lpData=0xb2f614*=0x3, cbData=0x4 | out: lpData=0xb2f614*=0x3) returned 0x0 [0138.241] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.241] SetLastError (dwErrCode=0x0) [0138.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51485ec, cbMultiByte=41, lpWideCharStr=0xbf4390, cchWideChar=41 | out: lpWideCharStr="Software\\Microsoft\\Internet Explorer\\Main") returned 41 [0138.241] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f610 | out: phkResult=0xb2f610*=0x2f8) returned 0x0 [0138.241] SetLastError (dwErrCode=0x0) [0138.241] SetLastError (dwErrCode=0x0) [0138.241] RegQueryValueExA (in: hKey=0x2f8, lpValueName="Isolation", lpReserved=0x0, lpType=0xb2f608, lpData=0xb2f738, lpcbData=0xb2f60c*=0x1f | out: lpType=0xb2f608*=0x1, lpData="PMIL", lpcbData=0xb2f60c*=0x5) returned 0x0 [0138.241] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.241] SetLastError (dwErrCode=0x0) [0138.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51485ec, cbMultiByte=41, lpWideCharStr=0xbf4870, cchWideChar=41 | out: lpWideCharStr="Software\\Microsoft\\Internet Explorer\\Main") returned 41 [0138.241] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f614, lpdwDisposition=0x0 | out: phkResult=0xb2f614*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.241] SetLastError (dwErrCode=0x0) [0138.241] SetLastError (dwErrCode=0x0) [0138.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148668, cbMultiByte=9, lpWideCharStr=0xbd5da0, cchWideChar=9 | out: lpWideCharStr="Isolation") returned 9 [0138.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148674, cbMultiByte=4, lpWideCharStr=0xbe77c8, cchWideChar=4 | out: lpWideCharStr="PMIL") returned 4 [0138.241] RtlInitUnicodeString (in: DestinationString=0xb2f5b0, SourceString="Isolation" | out: DestinationString="Isolation") [0138.241] NtSetValueKey (in: KeyHandle=0x2f8, ValueName="Isolation", TitleIndex=0x0, Type=0x1, Data="PMIL", DataSize=0xa | out: Data="PMIL") returned 0x0 [0138.241] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0138.241] SetLastError (dwErrCode=0x0) [0138.241] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.241] SetLastError (dwErrCode=0x0) [0138.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x51485ec, cbMultiByte=41, lpWideCharStr=0xbf4750, cchWideChar=41 | out: lpWideCharStr="Software\\Microsoft\\Internet Explorer\\Main") returned 41 [0138.242] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2f618, lpdwDisposition=0x0 | out: phkResult=0xb2f618*=0x2f8, lpdwDisposition=0x0) returned 0x0 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] SetLastError (dwErrCode=0x0) [0138.242] RegSetValueExA (in: hKey=0x2f8, lpValueName="NoProtectedModeBanner", Reserved=0x0, dwType=0x4, lpData=0xb2f614*=0x1, cbData=0x4 | out: lpData=0xb2f614*=0x1) returned 0x0 [0138.242] RegCloseKey (hKey=0x2f8) returned 0x0 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] wvnsprintfA (in: pszDest=0xb2f2f8, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f1e0 | out: pszDest="CS1CS1_11980343") returned 15 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] wvnsprintfA (in: pszDest=0xb2f1f8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f1dc | out: pszDest="5559d2db9daca3e4ef76d1ff6da7fa17") returned 32 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] wvnsprintfA (in: pszDest=0xb2f5a0, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f478 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7") returned 96 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] wvnsprintfA (in: pszDest=0xb2f40c, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f2f4 | out: pszDest="SO3SO3_11980343") returned 15 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] wvnsprintfA (in: pszDest=0xb2f30c, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f2f0 | out: pszDest="e70911e56243c4221d5685f552eaa9c4") returned 32 [0138.242] SetLastError (dwErrCode=0x0) [0138.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f5a0, cbMultiByte=96, lpWideCharStr=0xbd8108, cchWideChar=96 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7") returned 96 [0138.242] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f588 | out: phkResult=0xb2f588*=0x0) returned 0x2 [0138.242] SetLastError (dwErrCode=0x2) [0138.242] SetLastError (dwErrCode=0x2) [0138.242] SetLastError (dwErrCode=0x2) [0138.246] wvnsprintfA (in: pszDest=0xb2f1dc, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f0c4 | out: pszDest="CS1CS1_11980343") returned 15 [0138.246] SetLastError (dwErrCode=0x0) [0138.246] wvnsprintfA (in: pszDest=0xb2f0dc, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f0c0 | out: pszDest="5559d2db9daca3e4ef76d1ff6da7fa17") returned 32 [0138.246] SetLastError (dwErrCode=0x0) [0138.246] wvnsprintfA (in: pszDest=0xb2f484, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f35c | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7") returned 96 [0138.246] SetLastError (dwErrCode=0x0) [0138.246] wvnsprintfA (in: pszDest=0xb2f2f0, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f1d8 | out: pszDest="SO2SO2_11980343") returned 15 [0138.247] SetLastError (dwErrCode=0x0) [0138.247] wvnsprintfA (in: pszDest=0xb2f1f0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f1d4 | out: pszDest="46cedbf4000b61de2c6b4e541e69510e") returned 32 [0138.247] SetLastError (dwErrCode=0x0) [0138.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f484, cbMultiByte=96, lpWideCharStr=0xbd82a8, cchWideChar=96 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7") returned 96 [0138.247] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f46c | out: phkResult=0xb2f46c*=0x0) returned 0x2 [0138.247] SetLastError (dwErrCode=0x2) [0138.247] SetLastError (dwErrCode=0x2) [0138.247] SetLastError (dwErrCode=0x2) [0138.247] wvnsprintfA (in: pszDest=0xb2f520, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0xb2f508 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SS_v1$") returned 54 [0138.247] SetLastError (dwErrCode=0x0) [0138.247] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SS_v1$") returned 0x0 [0138.247] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc4a898, dwRevision=0x1 | out: pSecurityDescriptor=0xc4a898) returned 1 [0138.247] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc4a898, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc4a898) returned 1 [0138.247] GetLastError () returned 0x2 [0138.247] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc4a898, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc4a898) returned 1 [0138.247] GetLastError () returned 0x2 [0138.247] SetLastError (dwErrCode=0x2) [0138.247] CreateEventA (lpEventAttributes=0xb2f61c, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SS_v1$") returned 0x2f8 [0138.247] GetLastError () returned 0x0 [0138.247] SetLastError (dwErrCode=0x0) [0138.247] GetWindowsDirectoryW (in: lpBuffer=0x515a1a8, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0138.247] wvnsprintfA (in: pszDest=0xb2f2ec, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f1d4 | out: pszDest="CS1CS1_11980343") returned 15 [0138.247] SetLastError (dwErrCode=0x0) [0138.247] wvnsprintfA (in: pszDest=0xb2f1ec, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f1d0 | out: pszDest="5559d2db9daca3e4ef76d1ff6da7fa17") returned 32 [0138.247] SetLastError (dwErrCode=0x0) [0138.248] wvnsprintfA (in: pszDest=0xb2f594, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f46c | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7") returned 96 [0138.248] SetLastError (dwErrCode=0x0) [0138.248] wvnsprintfA (in: pszDest=0xb2f400, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f2e8 | out: pszDest="S05S05_11980343") returned 15 [0138.248] SetLastError (dwErrCode=0x0) [0138.248] wvnsprintfA (in: pszDest=0xb2f300, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f2e4 | out: pszDest="89303d128572831486e22408d54191b6") returned 32 [0138.248] SetLastError (dwErrCode=0x0) [0138.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f594, cbMultiByte=96, lpWideCharStr=0xbd8788, cchWideChar=96 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7") returned 96 [0138.248] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\5559d2db9daca3e4ef7", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f57c | out: phkResult=0xb2f57c*=0x0) returned 0x2 [0138.248] SetLastError (dwErrCode=0x2) [0138.248] SetLastError (dwErrCode=0x2) [0138.248] SetLastError (dwErrCode=0x2) [0138.248] GetTickCount () returned 0x2f7f2 [0138.248] GetCurrentThreadId () returned 0x7a0 [0138.248] RtlRandom (in: Seed=0xb2f6f4 | out: Seed=0xb2f6f4) returned 0xb5f4b65d [0138.248] GetTickCount () returned 0x2f7f2 [0138.248] GetCurrentThreadId () returned 0x7a0 [0138.248] RtlRandom (in: Seed=0xb2f6f4 | out: Seed=0xb2f6f4) returned 0x5b0e1980 [0138.248] GetTickCount () returned 0x2f7f2 [0138.248] GetCurrentThreadId () returned 0x7a0 [0138.248] RtlRandom (in: Seed=0xb2f6f4 | out: Seed=0xb2f6f4) returned 0x21107966 [0138.248] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc [0138.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77d64db6, lpParameter=0xbf6558, dwCreationFlags=0x4, lpThreadId=0xb2f718 | out: lpThreadId=0xb2f718*=0xa84) returned 0x300 [0138.249] NtGetContextThread (in: ThreadHandle=0x300, Context=0xb2f428 | out: Context=0xb2f428*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xbf6558, Edx=0x0, Ecx=0x0, Eax=0x77d64db6, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x709faf8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.251] NtSetContextThread (ThreadHandle=0x300, Context=0xb2f428*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xbf6558, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x709faf8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.251] NtResumeThread (in: ThreadHandle=0x300, SuspendCount=0xb2f70c | out: SuspendCount=0xb2f70c*=0x1) returned 0x0 [0138.254] WaitForSingleObject (hHandle=0x2fc, dwMilliseconds=0x7d0) returned 0x0 [0138.255] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0xa84) returned 0x310 [0138.255] BuildExplicitAccessWithNameA () returned 0x0 [0138.255] SetEntriesInAclA () returned 0x0 [0138.255] SetSecurityInfo () returned 0x0 [0138.255] LocalFree (hMem=0xbe5b18) returned 0x0 [0138.255] CloseHandle (hObject=0x2fc) returned 1 [0138.255] GetModuleHandleW (lpModuleName=0x0) returned 0xd20000 [0138.279] GetModuleFileNameW (in: hModule=0xd20000, lpFilename=0xb2f550, nSize=0x103 | out: lpFilename="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20 [0138.279] CharLowerBuffW (in: lpsz="C:\\Windows\\SysWOW64\\explorer.exe", cchLength=0x103 | out: lpsz="c:\\windows\\syswow64\\explorer.exe") returned 0x103 [0138.279] GetTickCount () returned 0x2f812 [0138.279] GetCurrentThreadId () returned 0x7a0 [0138.279] RtlRandom (in: Seed=0xb2f6fc | out: Seed=0xb2f6fc) returned 0xee2dfe22 [0138.279] GetTickCount () returned 0x2f812 [0138.279] GetCurrentThreadId () returned 0x7a0 [0138.279] RtlRandom (in: Seed=0xb2f6fc | out: Seed=0xb2f6fc) returned 0xfcc3fabf [0138.279] GetTickCount () returned 0x2f812 [0138.279] GetCurrentThreadId () returned 0x7a0 [0138.279] RtlRandom (in: Seed=0xb2f6fc | out: Seed=0xb2f6fc) returned 0x83c75e7b [0138.279] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc [0138.279] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77ddb6ab, lpParameter=0xbf6a28, dwCreationFlags=0x4, lpThreadId=0xb2f720 | out: lpThreadId=0xb2f720*=0xa78) returned 0x314 [0138.280] NtGetContextThread (in: ThreadHandle=0x314, Context=0xb2f430 | out: Context=0xb2f430*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xbf6a28, Edx=0x0, Ecx=0x0, Eax=0x77ddb6ab, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x711fb08, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.280] NtSetContextThread (ThreadHandle=0x314, Context=0xb2f430*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xbf6a28, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x711fb08, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.280] NtResumeThread (in: ThreadHandle=0x314, SuspendCount=0xb2f714 | out: SuspendCount=0xb2f714*=0x1) returned 0x0 [0138.280] WaitForSingleObject (hHandle=0x2fc, dwMilliseconds=0x7d0) returned 0x0 [0138.295] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0xa78) returned 0x334 [0138.295] BuildExplicitAccessWithNameA () returned 0x0 [0138.295] SetEntriesInAclA () returned 0x0 [0138.296] SetSecurityInfo () returned 0x0 [0138.296] LocalFree (hMem=0xbe5b90) returned 0x0 [0138.296] CloseHandle (hObject=0x2fc) returned 1 [0138.296] Sleep (dwMilliseconds=0xfa) [0139.197] NtSetInformationThread (ThreadHandle=0x314, ThreadInformationClass=0x3, ThreadInformation=0xb2f738, ThreadInformationLength=0x4) returned 0x0 [0139.197] Sleep (dwMilliseconds=0x32) [0139.260] EnumWindows (lpEnumFunc=0x5137f24, lParam=0xbd5e60) returned 1 [0139.260] GetClassNameA (in: hWnd=0x100d6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Worker Window") returned 13 [0139.260] lstrcmpiA (lpString1="Worker Window", lpString2="tooltips_class32") returned 1 [0139.260] GetClassNameA (in: hWnd=0x1011c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ForegroundStaging") returned 17 [0139.260] lstrcmpiA (lpString1="ForegroundStaging", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x100fa, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ForegroundStaging") returned 17 [0139.260] lstrcmpiA (lpString1="ForegroundStaging", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x10106, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x1010a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x1010c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x10108, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x10104, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x10102, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0139.260] lstrcmpiA (lpString1="EdgeUiInputTopWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x10100, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x100fe, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.260] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.260] GetClassNameA (in: hWnd=0x2016c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0139.261] lstrcmpiA (lpString1="Windows.UI.Core.CoreWindow", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x10152, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0139.261] lstrcmpiA (lpString1="Windows.UI.Core.CoreWindow", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x10142, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0139.261] lstrcmpiA (lpString1="Windows.UI.Core.CoreWindow", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x100fc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.261] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x100e8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0139.261] lstrcmpiA (lpString1="ApplicationManager_ImmersiveShellWindow", lpString2="tooltips_class32") returned -1 [0139.261] GetClassNameA (in: hWnd=0x2003a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="URL Moniker Notification Window") returned 31 [0139.261] lstrcmpiA (lpString1="URL Moniker Notification Window", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x20038, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="VSyncHelper-0000000543468D70-1440668") returned 36 [0139.261] lstrcmpiA (lpString1="VSyncHelper-0000000543468D70-1440668", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x20020, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="RawInputClass") returned 13 [0139.261] lstrcmpiA (lpString1="RawInputClass", lpString2="tooltips_class32") returned -1 [0139.261] GetClassNameA (in: hWnd=0x10182, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="URL Moniker Notification Window") returned 31 [0139.261] lstrcmpiA (lpString1="URL Moniker Notification Window", lpString2="tooltips_class32") returned 1 [0139.261] GetClassNameA (in: hWnd=0x40018, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0139.261] lstrcmpiA (lpString1="Internet Explorer_Hidden", lpString2="tooltips_class32") returned -1 [0139.261] GetClassNameA (in: hWnd=0x100c2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.261] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.261] GetWindowLongA (hWnd=0x100c2, nIndex=-21) returned 0 [0139.261] GetClassNameA (in: hWnd=0x10098, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.261] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.261] GetWindowLongA (hWnd=0x10098, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x1009c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x1009c, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x100ac, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x100ac, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x100b6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x100b6, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x100ba, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x100ba, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x100b4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x100b4, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x1007a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Shell_TrayWnd") returned 13 [0139.262] lstrcmpiA (lpString1="Shell_TrayWnd", lpString2="tooltips_class32") returned -1 [0139.262] GetClassNameA (in: hWnd=0x101b0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ATL:00007FF8D7893120") returned 20 [0139.262] lstrcmpiA (lpString1="ATL:00007FF8D7893120", lpString2="tooltips_class32") returned -1 [0139.262] GetClassNameA (in: hWnd=0x100ce, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x100ce, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x100c4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0139.262] lstrcmpiA (lpString1="TaskListThumbnailWnd", lpString2="tooltips_class32") returned -1 [0139.262] GetClassNameA (in: hWnd=0x301be, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.262] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.262] GetWindowLongA (hWnd=0x301be, nIndex=-21) returned 0 [0139.262] GetClassNameA (in: hWnd=0x301ea, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0139.262] lstrcmpiA (lpString1="COMTASKSWINDOWCLASS", lpString2="tooltips_class32") returned -1 [0139.262] GetClassNameA (in: hWnd=0x901ec, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Colin_Installations_window") returned 26 [0139.262] lstrcmpiA (lpString1="Colin_Installations_window", lpString2="tooltips_class32") returned -1 [0139.262] GetClassNameA (in: hWnd=0x201de, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="readingsuntowin") returned 15 [0139.262] lstrcmpiA (lpString1="readingsuntowin", lpString2="tooltips_class32") returned -1 [0139.262] GetClassNameA (in: hWnd=0x201dc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="matchingwindow") returned 14 [0139.263] lstrcmpiA (lpString1="matchingwindow", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x201da, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="touring_Continued_Russia_class") returned 30 [0139.263] lstrcmpiA (lpString1="touring_Continued_Russia_class", lpString2="tooltips_class32") returned 1 [0139.263] GetClassNameA (in: hWnd=0x201d4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="likesSkiingwindow") returned 17 [0139.263] lstrcmpiA (lpString1="likesSkiingwindow", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x201d0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Solo") returned 4 [0139.263] lstrcmpiA (lpString1="Solo", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x50032, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="disorderwin") returned 11 [0139.263] lstrcmpiA (lpString1="disorderwin", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x30190, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Batteries_dirty_wnd") returned 19 [0139.263] lstrcmpiA (lpString1="Batteries_dirty_wnd", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x301c6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Uncertainty_Furnishings_Tramadol_window") returned 39 [0139.263] lstrcmpiA (lpString1="Uncertainty_Furnishings_Tramadol_window", lpString2="tooltips_class32") returned 1 [0139.263] GetClassNameA (in: hWnd=0x301c2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ranges_tremendous_wnd") returned 21 [0139.263] lstrcmpiA (lpString1="ranges_tremendous_wnd", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x401c4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="pdfincomingTrackedclass") returned 23 [0139.263] lstrcmpiA (lpString1="pdfincomingTrackedclass", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x301ca, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="handling_investing_Experimental_window") returned 38 [0139.263] lstrcmpiA (lpString1="handling_investing_Experimental_window", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x30158, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ScienceOldwnd") returned 13 [0139.263] lstrcmpiA (lpString1="ScienceOldwnd", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x20134, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Amateurdishesapp") returned 16 [0139.263] lstrcmpiA (lpString1="Amateurdishesapp", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x501b6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="cambridge_") returned 10 [0139.263] lstrcmpiA (lpString1="cambridge_", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x30130, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="engagement_cologne_class") returned 24 [0139.263] lstrcmpiA (lpString1="engagement_cologne_class", lpString2="tooltips_class32") returned -1 [0139.263] GetClassNameA (in: hWnd=0x3012a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="gpblankwin") returned 10 [0139.263] lstrcmpiA (lpString1="gpblankwin", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x401c0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tenclass") returned 8 [0139.264] lstrcmpiA (lpString1="tenclass", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x401ce, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="uniapp") returned 6 [0139.264] lstrcmpiA (lpString1="uniapp", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x101b2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0139.264] lstrcmpiA (lpString1="BluetoothNotificationAreaIconWindowClass", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x101ae, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="PNIHiddenWnd") returned 12 [0139.264] lstrcmpiA (lpString1="PNIHiddenWnd", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x101aa, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.264] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x101a8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.264] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x101a4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.264] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x10198, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ATL:00007FF8DEC47080") returned 20 [0139.264] lstrcmpiA (lpString1="ATL:00007FF8DEC47080", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x1017e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="SystemTray_Main") returned 15 [0139.264] lstrcmpiA (lpString1="SystemTray_Main", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x1017a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.264] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x10178, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="OleDdeWndClass") returned 14 [0139.264] lstrcmpiA (lpString1="OleDdeWndClass", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x1011a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="TabletModeCoverWindow") returned 21 [0139.264] lstrcmpiA (lpString1="TabletModeCoverWindow", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x1015a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.264] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x1015c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.264] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.264] GetClassNameA (in: hWnd=0x1010e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0139.264] lstrcmpiA (lpString1="EdgeUiInputTopWndClass", lpString2="tooltips_class32") returned -1 [0139.264] GetClassNameA (in: hWnd=0x100f6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0139.264] lstrcmpiA (lpString1="PushNotificationsPowerManagement", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x100f2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="OleDdeWndClass") returned 14 [0139.265] lstrcmpiA (lpString1="OleDdeWndClass", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x100e6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0139.265] lstrcmpiA (lpString1="ApplicationManager_DesktopShellWindow", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x100e2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.265] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.265] GetClassNameA (in: hWnd=0x100de, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.265] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.265] GetClassNameA (in: hWnd=0x100dc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.265] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.265] GetClassNameA (in: hWnd=0x100d2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.265] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.265] GetClassNameA (in: hWnd=0x100c6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.265] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.265] GetClassNameA (in: hWnd=0x100b8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.265] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.265] GetWindowLongA (hWnd=0x100b8, nIndex=-21) returned 0 [0139.265] GetClassNameA (in: hWnd=0x20030, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0139.265] lstrcmpiA (lpString1="MS_WebcheckMonitor", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x100a2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0139.265] lstrcmpiA (lpString1="NotifyIconOverflowWindow", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x1006e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="DDEMLEvent") returned 10 [0139.265] lstrcmpiA (lpString1="DDEMLEvent", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x1006a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="DDEMLMom") returned 8 [0139.265] lstrcmpiA (lpString1="DDEMLMom", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x3005e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0139.265] lstrcmpiA (lpString1="COMTASKSWINDOWCLASS", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x10016, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Dwm") returned 3 [0139.265] lstrcmpiA (lpString1="Dwm", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x10166, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="CicLoaderWndClass") returned 17 [0139.265] lstrcmpiA (lpString1="CicLoaderWndClass", lpString2="tooltips_class32") returned -1 [0139.265] GetClassNameA (in: hWnd=0x100c8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Progman") returned 7 [0139.265] lstrcmpiA (lpString1="Progman", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x1011e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x10176, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x10154, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x10146, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x20022, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x10184, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x2008e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="MSCTFIME UI") returned 11 [0139.266] lstrcmpiA (lpString1="MSCTFIME UI", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x1007c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x50074, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0xf01f0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x201ee, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x101e4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x101e2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x201e0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x301d8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.266] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.266] GetClassNameA (in: hWnd=0x101d6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x101d2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x20124, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x20144, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x501b8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x40136, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x201cc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x201c8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x20138, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x20076, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x2012c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x2012e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x20122, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x20120, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x101a6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x1019a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.267] GetClassNameA (in: hWnd=0x1017c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.267] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x100f8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.268] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x100e4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.268] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x100e0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="MSCTFIME UI") returned 11 [0139.268] lstrcmpiA (lpString1="MSCTFIME UI", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x100d4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.268] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x1006c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.268] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x10060, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.268] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.268] EnumWindows (lpEnumFunc=0x5137f24, lParam=0xbd5e60) returned 1 [0139.268] GetClassNameA (in: hWnd=0x100d6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Worker Window") returned 13 [0139.268] lstrcmpiA (lpString1="Worker Window", lpString2="tooltips_class32") returned 1 [0139.268] GetClassNameA (in: hWnd=0x1011c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ForegroundStaging") returned 17 [0139.268] lstrcmpiA (lpString1="ForegroundStaging", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x100fa, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ForegroundStaging") returned 17 [0139.268] lstrcmpiA (lpString1="ForegroundStaging", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x10106, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.268] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x1010a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.268] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x1010c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.268] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x10108, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.268] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x10104, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.268] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.268] GetClassNameA (in: hWnd=0x10102, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0139.269] lstrcmpiA (lpString1="EdgeUiInputTopWndClass", lpString2="tooltips_class32") returned -1 [0139.269] GetClassNameA (in: hWnd=0x10100, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.269] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.269] GetClassNameA (in: hWnd=0x100fe, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.269] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.269] GetClassNameA (in: hWnd=0x2016c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0139.269] lstrcmpiA (lpString1="Windows.UI.Core.CoreWindow", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x10152, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0139.269] lstrcmpiA (lpString1="Windows.UI.Core.CoreWindow", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x10142, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0139.269] lstrcmpiA (lpString1="Windows.UI.Core.CoreWindow", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x100fc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.269] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x100e8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0139.269] lstrcmpiA (lpString1="ApplicationManager_ImmersiveShellWindow", lpString2="tooltips_class32") returned -1 [0139.269] GetClassNameA (in: hWnd=0x2003a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="URL Moniker Notification Window") returned 31 [0139.269] lstrcmpiA (lpString1="URL Moniker Notification Window", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x20038, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="VSyncHelper-0000000543468D70-1440668") returned 36 [0139.269] lstrcmpiA (lpString1="VSyncHelper-0000000543468D70-1440668", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x20020, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="RawInputClass") returned 13 [0139.269] lstrcmpiA (lpString1="RawInputClass", lpString2="tooltips_class32") returned -1 [0139.269] GetClassNameA (in: hWnd=0x10182, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="URL Moniker Notification Window") returned 31 [0139.269] lstrcmpiA (lpString1="URL Moniker Notification Window", lpString2="tooltips_class32") returned 1 [0139.269] GetClassNameA (in: hWnd=0x40018, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0139.269] lstrcmpiA (lpString1="Internet Explorer_Hidden", lpString2="tooltips_class32") returned -1 [0139.269] GetClassNameA (in: hWnd=0x100c2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.269] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.269] GetWindowLongA (hWnd=0x100c2, nIndex=-21) returned 0 [0139.269] GetClassNameA (in: hWnd=0x10098, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.269] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.269] GetWindowLongA (hWnd=0x10098, nIndex=-21) returned 0 [0139.269] GetClassNameA (in: hWnd=0x1009c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.269] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x1009c, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x100ac, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.270] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x100ac, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x100b6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.270] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x100b6, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x100ba, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.270] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x100ba, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x100b4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.270] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x100b4, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x1007a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Shell_TrayWnd") returned 13 [0139.270] lstrcmpiA (lpString1="Shell_TrayWnd", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x101b0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ATL:00007FF8D7893120") returned 20 [0139.270] lstrcmpiA (lpString1="ATL:00007FF8D7893120", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x100ce, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.270] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x100ce, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x100c4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0139.270] lstrcmpiA (lpString1="TaskListThumbnailWnd", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x301be, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.270] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.270] GetWindowLongA (hWnd=0x301be, nIndex=-21) returned 0 [0139.270] GetClassNameA (in: hWnd=0x301ea, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0139.270] lstrcmpiA (lpString1="COMTASKSWINDOWCLASS", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x901ec, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Colin_Installations_window") returned 26 [0139.270] lstrcmpiA (lpString1="Colin_Installations_window", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x201de, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="readingsuntowin") returned 15 [0139.270] lstrcmpiA (lpString1="readingsuntowin", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x201dc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="matchingwindow") returned 14 [0139.270] lstrcmpiA (lpString1="matchingwindow", lpString2="tooltips_class32") returned -1 [0139.270] GetClassNameA (in: hWnd=0x201da, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="touring_Continued_Russia_class") returned 30 [0139.271] lstrcmpiA (lpString1="touring_Continued_Russia_class", lpString2="tooltips_class32") returned 1 [0139.271] GetClassNameA (in: hWnd=0x201d4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="likesSkiingwindow") returned 17 [0139.271] lstrcmpiA (lpString1="likesSkiingwindow", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x201d0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Solo") returned 4 [0139.271] lstrcmpiA (lpString1="Solo", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x50032, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="disorderwin") returned 11 [0139.271] lstrcmpiA (lpString1="disorderwin", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x30190, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Batteries_dirty_wnd") returned 19 [0139.271] lstrcmpiA (lpString1="Batteries_dirty_wnd", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x301c6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Uncertainty_Furnishings_Tramadol_window") returned 39 [0139.271] lstrcmpiA (lpString1="Uncertainty_Furnishings_Tramadol_window", lpString2="tooltips_class32") returned 1 [0139.271] GetClassNameA (in: hWnd=0x301c2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ranges_tremendous_wnd") returned 21 [0139.271] lstrcmpiA (lpString1="ranges_tremendous_wnd", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x401c4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="pdfincomingTrackedclass") returned 23 [0139.271] lstrcmpiA (lpString1="pdfincomingTrackedclass", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x301ca, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="handling_investing_Experimental_window") returned 38 [0139.271] lstrcmpiA (lpString1="handling_investing_Experimental_window", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x30158, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ScienceOldwnd") returned 13 [0139.271] lstrcmpiA (lpString1="ScienceOldwnd", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x20134, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Amateurdishesapp") returned 16 [0139.271] lstrcmpiA (lpString1="Amateurdishesapp", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x501b6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="cambridge_") returned 10 [0139.271] lstrcmpiA (lpString1="cambridge_", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x30130, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="engagement_cologne_class") returned 24 [0139.271] lstrcmpiA (lpString1="engagement_cologne_class", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x3012a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="gpblankwin") returned 10 [0139.271] lstrcmpiA (lpString1="gpblankwin", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x401c0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tenclass") returned 8 [0139.271] lstrcmpiA (lpString1="tenclass", lpString2="tooltips_class32") returned -1 [0139.271] GetClassNameA (in: hWnd=0x401ce, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="uniapp") returned 6 [0139.271] lstrcmpiA (lpString1="uniapp", lpString2="tooltips_class32") returned 1 [0139.271] GetClassNameA (in: hWnd=0x101b2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0139.272] lstrcmpiA (lpString1="BluetoothNotificationAreaIconWindowClass", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x101ae, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="PNIHiddenWnd") returned 12 [0139.272] lstrcmpiA (lpString1="PNIHiddenWnd", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x101aa, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.272] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.272] GetClassNameA (in: hWnd=0x101a8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.272] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.272] GetClassNameA (in: hWnd=0x101a4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.272] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.272] GetClassNameA (in: hWnd=0x10198, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ATL:00007FF8DEC47080") returned 20 [0139.272] lstrcmpiA (lpString1="ATL:00007FF8DEC47080", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x1017e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="SystemTray_Main") returned 15 [0139.272] lstrcmpiA (lpString1="SystemTray_Main", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x1017a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.272] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.272] GetClassNameA (in: hWnd=0x10178, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="OleDdeWndClass") returned 14 [0139.272] lstrcmpiA (lpString1="OleDdeWndClass", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x1011a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="TabletModeCoverWindow") returned 21 [0139.272] lstrcmpiA (lpString1="TabletModeCoverWindow", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x1015a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.272] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.272] GetClassNameA (in: hWnd=0x1015c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.272] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.272] GetClassNameA (in: hWnd=0x1010e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0139.272] lstrcmpiA (lpString1="EdgeUiInputTopWndClass", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x100f6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0139.272] lstrcmpiA (lpString1="PushNotificationsPowerManagement", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x100f2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="OleDdeWndClass") returned 14 [0139.272] lstrcmpiA (lpString1="OleDdeWndClass", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x100e6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0139.272] lstrcmpiA (lpString1="ApplicationManager_DesktopShellWindow", lpString2="tooltips_class32") returned -1 [0139.272] GetClassNameA (in: hWnd=0x100e2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.273] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.273] GetClassNameA (in: hWnd=0x100de, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.273] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.273] GetClassNameA (in: hWnd=0x100dc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.273] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.273] GetClassNameA (in: hWnd=0x100d2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.273] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.273] GetClassNameA (in: hWnd=0x100c6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="WorkerW") returned 7 [0139.273] lstrcmpiA (lpString1="WorkerW", lpString2="tooltips_class32") returned 1 [0139.273] GetClassNameA (in: hWnd=0x100b8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="tooltips_class32") returned 16 [0139.273] lstrcmpiA (lpString1="tooltips_class32", lpString2="tooltips_class32") returned 0 [0139.273] GetWindowLongA (hWnd=0x100b8, nIndex=-21) returned 0 [0139.273] GetClassNameA (in: hWnd=0x20030, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0139.273] lstrcmpiA (lpString1="MS_WebcheckMonitor", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x100a2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0139.273] lstrcmpiA (lpString1="NotifyIconOverflowWindow", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x1006e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="DDEMLEvent") returned 10 [0139.273] lstrcmpiA (lpString1="DDEMLEvent", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x1006a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="DDEMLMom") returned 8 [0139.273] lstrcmpiA (lpString1="DDEMLMom", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x3005e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0139.273] lstrcmpiA (lpString1="COMTASKSWINDOWCLASS", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x10016, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Dwm") returned 3 [0139.273] lstrcmpiA (lpString1="Dwm", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x10166, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="CicLoaderWndClass") returned 17 [0139.273] lstrcmpiA (lpString1="CicLoaderWndClass", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x100c8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Progman") returned 7 [0139.273] lstrcmpiA (lpString1="Progman", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x1011e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.273] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x10176, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.273] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.273] GetClassNameA (in: hWnd=0x10154, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x10146, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x20022, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x10184, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x2008e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="MSCTFIME UI") returned 11 [0139.274] lstrcmpiA (lpString1="MSCTFIME UI", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x1007c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x50074, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0xf01f0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x201ee, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x101e4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x101e2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x201e0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x301d8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x101d6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x101d2, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x20124, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.274] GetClassNameA (in: hWnd=0x20144, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.274] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x501b8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x40136, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x201cc, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x201c8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x20138, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x20076, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x2012c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x2012e, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.275] GetClassNameA (in: hWnd=0x20122, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.275] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x20120, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x101a6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x1019a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x1017c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x100f8, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x100e4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x100e0, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="MSCTFIME UI") returned 11 [0139.276] lstrcmpiA (lpString1="MSCTFIME UI", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x100d4, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x1006c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x10060, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="IME") returned 3 [0139.276] lstrcmpiA (lpString1="IME", lpString2="tooltips_class32") returned -1 [0139.276] EnumWindows (lpEnumFunc=0x5137f24, lParam=0xbd5e60) [0139.276] GetClassNameA (in: hWnd=0x100d6, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="Worker Window") returned 13 [0139.276] lstrcmpiA (lpString1="Worker Window", lpString2="tooltips_class32") returned 1 [0139.276] GetClassNameA (in: hWnd=0x1011c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ForegroundStaging") returned 17 [0139.276] lstrcmpiA (lpString1="ForegroundStaging", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x100fa, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="ForegroundStaging") returned 17 [0139.276] lstrcmpiA (lpString1="ForegroundStaging", lpString2="tooltips_class32") returned -1 [0139.276] GetClassNameA (in: hWnd=0x10106, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.276] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.277] GetClassNameA (in: hWnd=0x1010a, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.277] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.277] GetClassNameA (in: hWnd=0x1010c, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.277] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.277] GetClassNameA (in: hWnd=0x10108, lpClassName=0xb2f5ec, nMaxCount=255 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0139.277] lstrcmpiA (lpString1="EdgeUiInputWndClass", lpString2="tooltips_class32") returned -1 [0139.277] GetWindowLongA (hWnd=0x100c2, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x10098, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x1009c, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x100ac, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x100b6, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x100ba, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x100b4, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x100ce, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x301be, nIndex=-21) returned 0 [0139.277] GetWindowLongA (hWnd=0x100b8, nIndex=-21) returned 0 [0139.277] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x348 [0139.282] Thread32First (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.282] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.283] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.283] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.284] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.284] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.285] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.285] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.286] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.286] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.287] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.287] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.288] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.288] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.289] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.289] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.290] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.290] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.291] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.291] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.292] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.293] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.293] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.294] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.294] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.295] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.295] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.296] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.296] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.297] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.297] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.298] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.298] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.299] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.299] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.300] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.300] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.301] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.301] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.302] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.302] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.303] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.303] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.304] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.304] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.305] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.306] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.307] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.307] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.308] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.308] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.309] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.309] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.310] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.310] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.311] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.312] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.313] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.314] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.314] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.315] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.315] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.316] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.316] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.317] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.317] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.318] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.318] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.319] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.321] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.322] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.322] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.323] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.324] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.324] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.325] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.325] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.326] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.326] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.327] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.327] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.328] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.328] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.329] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.330] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.330] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.331] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.331] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.332] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.333] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.333] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.334] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.334] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.335] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.335] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.336] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.336] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.337] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.337] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.407] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.408] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.408] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.409] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.409] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.410] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.410] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.411] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.411] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.412] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.412] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.413] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.413] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.414] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.414] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.415] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.416] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.416] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.417] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.417] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.418] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.418] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.419] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.419] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.420] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.420] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.421] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.421] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.422] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.422] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.423] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.423] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.424] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.424] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.425] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.425] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.426] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.426] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.427] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.427] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.428] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.428] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.429] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.430] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.430] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.431] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.431] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.439] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.439] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.440] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.440] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.441] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.441] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.442] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.443] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.444] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.444] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.445] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.445] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.446] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.446] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.447] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.448] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.448] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.449] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.449] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.450] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.450] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.451] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.451] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.452] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.452] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.453] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.453] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.454] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.454] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.455] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.456] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.456] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.457] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.457] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.458] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.458] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.459] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.459] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.460] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.460] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.461] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.461] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.462] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.462] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.463] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.463] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.464] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.464] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.465] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.465] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.466] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.466] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.467] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.467] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.468] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.468] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.469] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.469] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.470] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.470] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.471] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.471] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.472] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.473] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.473] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.474] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.474] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.475] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.475] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.476] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.476] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.477] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.477] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.478] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.485] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.485] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.486] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.486] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.487] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.487] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.488] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.488] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.489] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.489] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.490] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.490] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.491] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.492] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.492] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.493] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.493] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.494] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.495] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.495] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.496] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.496] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.497] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.497] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.498] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.498] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.499] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.499] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.500] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.500] Thread32Next (hSnapshot=0x348, lpte=0xb2ecc0) returned 1 [0139.599] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0x7a0) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.600] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.600] SetLastError (dwErrCode=0x0) [0139.600] BuildExplicitAccessWithNameA () returned 0x0 [0139.600] BuildExplicitAccessWithNameA () returned 0x0 [0139.600] SetEntriesInAclA () returned 0x0 [0139.601] SetSecurityInfo () returned 0x0 [0139.601] LocalFree (hMem=0xbea780) returned 0x0 [0139.601] CloseHandle (hObject=0x348) returned 1 [0139.601] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0xa48) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.602] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.602] SetLastError (dwErrCode=0x0) [0139.602] BuildExplicitAccessWithNameA () returned 0x0 [0139.602] BuildExplicitAccessWithNameA () returned 0x0 [0139.602] SetEntriesInAclA () returned 0x0 [0139.603] SetSecurityInfo () returned 0x0 [0139.603] LocalFree (hMem=0xbea780) returned 0x0 [0139.603] CloseHandle (hObject=0x348) returned 1 [0139.603] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0xa98) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.603] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.603] SetLastError (dwErrCode=0x0) [0139.603] BuildExplicitAccessWithNameA () returned 0x0 [0139.603] BuildExplicitAccessWithNameA () returned 0x0 [0139.603] SetEntriesInAclA () returned 0x0 [0139.604] SetSecurityInfo () returned 0x0 [0139.605] LocalFree (hMem=0xbea780) returned 0x0 [0139.605] CloseHandle (hObject=0x348) returned 1 [0139.605] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0x928) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.605] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.605] SetLastError (dwErrCode=0x0) [0139.605] BuildExplicitAccessWithNameA () returned 0x0 [0139.605] BuildExplicitAccessWithNameA () returned 0x0 [0139.605] SetEntriesInAclA () returned 0x0 [0139.606] SetSecurityInfo () returned 0x0 [0139.606] LocalFree (hMem=0xbea780) returned 0x0 [0139.606] CloseHandle (hObject=0x348) returned 1 [0139.606] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0xa9c) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.606] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.606] SetLastError (dwErrCode=0x0) [0139.606] BuildExplicitAccessWithNameA () returned 0x0 [0139.606] BuildExplicitAccessWithNameA () returned 0x0 [0139.606] SetEntriesInAclA () returned 0x0 [0139.607] SetSecurityInfo () returned 0x0 [0139.607] LocalFree (hMem=0xbea780) returned 0x0 [0139.607] CloseHandle (hObject=0x348) returned 1 [0139.607] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0xa84) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.608] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.608] SetLastError (dwErrCode=0x0) [0139.608] BuildExplicitAccessWithNameA () returned 0x0 [0139.608] BuildExplicitAccessWithNameA () returned 0x0 [0139.608] SetEntriesInAclA () returned 0x0 [0139.609] SetSecurityInfo () returned 0x0 [0139.609] LocalFree (hMem=0xbea780) returned 0x0 [0139.609] CloseHandle (hObject=0x348) returned 1 [0139.609] NtOpenThread (in: ThreadHandle=0xb2ecdc, DesiredAccess=0x40000, ObjectAttributes=0xb2ecbc, ClientId=0xb2ecd4*(UniqueProcess=0x0, UniqueThread=0xa78) | out: ThreadHandle=0xb2ecdc*=0x348) returned 0x0 [0139.609] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.609] SetLastError (dwErrCode=0x0) [0139.609] BuildExplicitAccessWithNameA () returned 0x0 [0139.609] BuildExplicitAccessWithNameA () returned 0x0 [0139.609] SetEntriesInAclA () returned 0x0 [0139.610] SetSecurityInfo () returned 0x0 [0139.610] LocalFree (hMem=0xbea710) returned 0x0 [0139.610] CloseHandle (hObject=0x348) returned 1 [0139.610] wvnsprintfA (in: pszDest=0xb2e8e8, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2e7d0 | out: pszDest="CG1CG1_11980343") returned 15 [0139.610] SetLastError (dwErrCode=0x0) [0139.611] wvnsprintfA (in: pszDest=0xb2e7e8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2e7cc | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0139.611] SetLastError (dwErrCode=0x0) [0139.611] wvnsprintfA (in: pszDest=0xb2eb8c, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2ea68 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0139.611] SetLastError (dwErrCode=0x0) [0139.611] wvnsprintfA (in: pszDest=0xb2e9f8, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2e8e0 | out: pszDest="PUFPUF_11980343") returned 15 [0139.611] SetLastError (dwErrCode=0x0) [0139.611] wvnsprintfA (in: pszDest=0xb2e8f8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2e8dc | out: pszDest="d6a1c812c21643591694b220abe2884e") returned 32 [0139.611] SetLastError (dwErrCode=0x0) [0139.611] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2eb8c, cbMultiByte=95, lpWideCharStr=0xc58098, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0139.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2eb6c | out: phkResult=0xb2eb6c*=0x348) returned 0x0 [0139.611] SetLastError (dwErrCode=0x0) [0139.611] SetLastError (dwErrCode=0x0) [0139.611] RegQueryValueExA (in: hKey=0x348, lpValueName="d6a1c812c2", lpReserved=0x0, lpType=0xb2eb64, lpData=0xb2ef50, lpcbData=0xb2eb68*=0x618 | out: lpType=0xb2eb64*=0x0, lpData=0xb2ef50*=0x0, lpcbData=0xb2eb68*=0x618) returned 0x2 [0139.611] RegCloseKey (hKey=0x348) returned 0x0 [0139.611] SetLastError (dwErrCode=0x2) [0139.611] GetLastError () returned 0x2 [0139.611] SetLastError (dwErrCode=0x2) [0139.611] GetTempPathW (in: nBufferLength=0xf6, lpBuffer=0xb2ead0 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0139.611] wvnsprintfW (in: pszDest=0xb2ecd8, cchDest=31, pszFmt="%p.txt", arglist=0xb2eac4 | out: pszDest="11981D41.txt") returned 12 [0139.611] SetLastError (dwErrCode=0x0) [0139.611] PathAppendW (in: pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\", pMore="11981D41.txt" | out: pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\11981D41.txt") returned 1 [0139.611] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\11981D41.txt" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\11981d41.txt"), dwDesiredAccess=0x81, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.611] GetLastError () returned 0x2 [0139.611] SetEnvironmentVariableA (lpName="__restart", lpValue=0x0) returned 1 [0139.611] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe")) returned 0x2003 [0139.612] wvnsprintfW (in: pszDest=0xb2f240, cchDest=2147483647, pszFmt="\"%s\"", arglist=0xb2f214 | out: pszDest="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 50 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2efe4, lpdwDisposition=0x0 | out: phkResult=0xb2efe4*=0x348, lpdwDisposition=0x0) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RtlInitUnicodeString (in: DestinationString=0xb2efb0, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0139.612] NtSetValueKey (in: KeyHandle=0x348, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", DataSize=0x62 | out: Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 0x0 [0139.612] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RegCloseKey (hKey=0x348) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", ulOptions=0x0, samDesired=0x101, phkResult=0xb2efe4 | out: phkResult=0xb2efe4*=0x348) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RegQueryValueExW (in: hKey=0x348, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0xb2efdc, lpData=0xb2f000, lpcbData=0xb2efe0*=0x207 | out: lpType=0xb2efdc*=0x1, lpData="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpcbData=0xb2efe0*=0x62) returned 0x0 [0139.612] RegCloseKey (hKey=0x348) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2efe4, lpdwDisposition=0x0 | out: phkResult=0xb2efe4*=0x348, lpdwDisposition=0x0) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RtlInitUnicodeString (in: DestinationString=0xb2efb0, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0139.612] NtSetValueKey (in: KeyHandle=0x348, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", DataSize=0x66 | out: Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 0x0 [0139.612] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.612] RegCloseKey (hKey=0x348) returned 0x0 [0139.612] SetLastError (dwErrCode=0x0) [0139.613] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x101, phkResult=0xb2efe4 | out: phkResult=0xb2efe4*=0x348) returned 0x0 [0139.613] SetLastError (dwErrCode=0x0) [0139.613] RegQueryValueExW (in: hKey=0x348, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0xb2efdc, lpData=0xb2f000, lpcbData=0xb2efe0*=0x207 | out: lpType=0xb2efdc*=0x1, lpData="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", lpcbData=0xb2efe0*=0x66) returned 0x0 [0139.613] RegCloseKey (hKey=0x348) returned 0x0 [0139.613] SetLastError (dwErrCode=0x0) [0139.613] GetTickCount () returned 0x2fd42 [0139.613] GetCurrentThreadId () returned 0x7a0 [0139.613] RtlRandom (in: Seed=0xb2f724 | out: Seed=0xb2f724) returned 0xd6f4000f [0139.613] GetTickCount () returned 0x2fd42 [0139.613] GetCurrentThreadId () returned 0x7a0 [0139.613] RtlRandom (in: Seed=0xb2f724 | out: Seed=0xb2f724) returned 0x2aa394e4 [0139.613] GetTickCount () returned 0x2fd42 [0139.613] GetCurrentThreadId () returned 0x7a0 [0139.613] RtlRandom (in: Seed=0xb2f724 | out: Seed=0xb2f724) returned 0x52ece3af [0139.613] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348 [0139.613] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77cee20f, lpParameter=0xc58098, dwCreationFlags=0x4, lpThreadId=0xb2f748 | out: lpThreadId=0xb2f748*=0xa64) returned 0x34c [0139.613] NtGetContextThread (in: ThreadHandle=0x34c, Context=0xb2f458 | out: Context=0xb2f458*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc58098, Edx=0x0, Ecx=0x0, Eax=0x77cee20f, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x739fe74, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.620] NtSetContextThread (ThreadHandle=0x34c, Context=0xb2f458*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc58098, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x739fe74, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.620] WaitForSingleObject (hHandle=0x348, dwMilliseconds=0x7d0) returned 0x102 [0141.868] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0xa64) returned 0x354 [0141.868] BuildExplicitAccessWithNameA () returned 0x0 [0141.868] SetEntriesInAclA () returned 0x0 [0141.871] SetSecurityInfo () returned 0x0 [0141.871] LocalFree (hMem=0xbe5bb8) returned 0x0 [0141.871] CloseHandle (hObject=0x348) returned 1 [0141.871] QueueUserAPC (pfnAPC=0x512f870, hThread=0x34c, dwData=0x1) returned 0x1 [0141.871] NtResumeThread (in: ThreadHandle=0x34c, SuspendCount=0xb2f764 | out: SuspendCount=0xb2f764*=0x1) returned 0x0 [0141.871] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.871] SetLastError (dwErrCode=0x0) [0141.871] CloseHandle (hObject=0x34c) returned 1 [0141.871] GetTickCount () returned 0x3061b [0141.871] GetCurrentThreadId () returned 0x7a0 [0141.871] RtlRandom (in: Seed=0xb2f738 | out: Seed=0xb2f738) returned 0xf05a4448 [0141.871] GetTickCount () returned 0x3061b [0141.871] GetCurrentThreadId () returned 0x7a0 [0141.871] RtlRandom (in: Seed=0xb2f738 | out: Seed=0xb2f738) returned 0x692a29b3 [0141.871] GetTickCount () returned 0x3061b [0141.871] GetCurrentThreadId () returned 0x7a0 [0141.871] RtlRandom (in: Seed=0xb2f738 | out: Seed=0xb2f738) returned 0x20e9ec6 [0141.872] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c [0141.872] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77d71156, lpParameter=0xc58148, dwCreationFlags=0x4, lpThreadId=0xb2f75c | out: lpThreadId=0xb2f75c*=0x9e4) returned 0x348 [0141.872] NtGetContextThread (in: ThreadHandle=0x348, Context=0xb2f46c | out: Context=0xb2f46c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc58148, Edx=0x0, Ecx=0x0, Eax=0x77d71156, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x895f898, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.880] NtSetContextThread (ThreadHandle=0x348, Context=0xb2f46c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc58148, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x895f898, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.880] NtResumeThread (in: ThreadHandle=0x348, SuspendCount=0xb2f750 | out: SuspendCount=0xb2f750*=0x1) returned 0x0 [0141.880] WaitForSingleObject (hHandle=0x34c, dwMilliseconds=0x7d0) returned 0x0 [0141.892] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0x9e4) returned 0x380 [0141.892] BuildExplicitAccessWithNameA () returned 0x0 [0141.892] SetEntriesInAclA () returned 0x0 [0141.895] SetSecurityInfo () returned 0x0 [0141.895] LocalFree (hMem=0xc58c18) returned 0x0 [0141.895] CloseHandle (hObject=0x34c) returned 1 [0141.896] CloseHandle (hObject=0x348) returned 1 [0141.896] wvnsprintfA (in: pszDest=0xb2edd8, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2ecc0 | out: pszDest="CG1CG1_11980343") returned 15 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2ecd8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2ecbc | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2f07c, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2ef58 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2eee8, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2edd0 | out: pszDest="GLAGLA_11980343") returned 15 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2ede8, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2edcc | out: pszDest="d4241b38e93732569d6bd93134720b0b") returned 32 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f07c, cbMultiByte=95, lpWideCharStr=0xc57ea0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0141.896] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f05c | out: phkResult=0xb2f05c*=0x348) returned 0x0 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] SetLastError (dwErrCode=0x0) [0141.896] RegQueryValueExA (in: hKey=0x348, lpValueName="d4241b38e93732569", lpReserved=0x0, lpType=0xb2f054, lpData=0xb2f218, lpcbData=0xb2f058*=0x4 | out: lpType=0xb2f054*=0x0, lpData=0xb2f218*=0x0, lpcbData=0xb2f058*=0x4) returned 0x2 [0141.896] RegCloseKey (hKey=0x348) returned 0x0 [0141.896] SetLastError (dwErrCode=0x2) [0141.896] GetLastError () returned 0x2 [0141.896] SetLastError (dwErrCode=0x2) [0141.896] wvnsprintfA (in: pszDest=0xb2ebbc, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2eaa4 | out: pszDest="CG1CG1_11980343") returned 15 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2eabc, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2eaa0 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2f070, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2ed3c | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2ecd0, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2ebb8 | out: pszDest="GLAGLA_11980343") returned 15 [0141.896] SetLastError (dwErrCode=0x0) [0141.896] wvnsprintfA (in: pszDest=0xb2ebd0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2ebb4 | out: pszDest="d4241b38e93732569d6bd93134720b0b") returned 32 [0141.896] SetLastError (dwErrCode=0x0) [0141.897] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f070, cbMultiByte=95, lpWideCharStr=0xc57ea0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0141.897] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0xb2ee40, lpdwDisposition=0x0 | out: phkResult=0xb2ee40*=0x348, lpdwDisposition=0x0) returned 0x0 [0141.897] SetLastError (dwErrCode=0x0) [0141.897] SetLastError (dwErrCode=0x0) [0141.897] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f174, cbMultiByte=17, lpWideCharStr=0xbf5310, cchWideChar=17 | out: lpWideCharStr="d4241b38e93732569") returned 17 [0141.897] RtlInitUnicodeString (in: DestinationString=0xb2eddc, SourceString="d4241b38e93732569" | out: DestinationString="d4241b38e93732569") [0141.897] NtSetValueKey (in: KeyHandle=0x348, ValueName="d4241b38e93732569", TitleIndex=0x0, Type=0x3, Data=0xb2f218*, DataSize=0x4 | out: Data=0xb2f218*) returned 0x0 [0141.897] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.897] SetLastError (dwErrCode=0x0) [0141.897] RegCloseKey (hKey=0x348) returned 0x0 [0141.897] SetLastError (dwErrCode=0x0) [0141.897] GetLastError () returned 0x0 [0141.897] SetLastError (dwErrCode=0x0) [0141.897] GetTickCount () returned 0x3062b [0141.897] GetCurrentThreadId () returned 0x7a0 [0141.897] RtlRandom (in: Seed=0xb2f738 | out: Seed=0xb2f738) returned 0x82860485 [0141.897] GetTickCount () returned 0x3062b [0141.897] GetCurrentThreadId () returned 0x7a0 [0141.897] RtlRandom (in: Seed=0xb2f738 | out: Seed=0xb2f738) returned 0xd96cb2d3 [0141.897] GetTickCount () returned 0x3062b [0141.897] GetCurrentThreadId () returned 0x7a0 [0141.897] RtlRandom (in: Seed=0xb2f738 | out: Seed=0xb2f738) returned 0x4d820f4 [0141.897] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348 [0141.897] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77ccc2d4, lpParameter=0xc55d68, dwCreationFlags=0x4, lpThreadId=0xb2f75c | out: lpThreadId=0xb2f75c*=0xa08) returned 0x34c [0141.898] NtGetContextThread (in: ThreadHandle=0x34c, Context=0xb2f46c | out: Context=0xb2f46c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc55d68, Edx=0x0, Ecx=0x0, Eax=0x77ccc2d4, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x89df9b8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.912] NtSetContextThread (ThreadHandle=0x34c, Context=0xb2f46c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc55d68, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x89df9b8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.912] NtResumeThread (in: ThreadHandle=0x34c, SuspendCount=0xb2f750 | out: SuspendCount=0xb2f750*=0x1) returned 0x0 [0141.912] WaitForSingleObject (hHandle=0x348, dwMilliseconds=0x7d0) returned 0x0 [0141.914] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0xa08) returned 0x390 [0141.914] BuildExplicitAccessWithNameA () returned 0x0 [0141.914] SetEntriesInAclA () returned 0x0 [0141.915] SetSecurityInfo () returned 0x0 [0141.915] LocalFree (hMem=0xc58c68) returned 0x0 [0141.915] CloseHandle (hObject=0x348) returned 1 [0141.915] CloseHandle (hObject=0x34c) returned 1 [0141.915] wvnsprintfA (in: pszDest=0xb2f2bc, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f1a4 | out: pszDest="VU2VU2_11980343") returned 15 [0141.915] SetLastError (dwErrCode=0x0) [0141.915] wvnsprintfA (in: pszDest=0xb2f1bc, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f1a0 | out: pszDest="117ce5fb8f9407ebb42a5004f7989f22") returned 32 [0141.915] SetLastError (dwErrCode=0x0) [0141.915] wvnsprintfA (in: pszDest=0xb2f668, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f43c | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\117ce5fb8f9407ebb4") returned 95 [0141.915] SetLastError (dwErrCode=0x0) [0141.915] wvnsprintfA (in: pszDest=0xb2f564, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X", arglist=0xb2f550 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1") returned 76 [0141.915] SetLastError (dwErrCode=0x0) [0141.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f564, cbMultiByte=76, lpWideCharStr=0xbd6420, cchWideChar=76 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1") returned 76 [0141.915] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0xb2f770, lpdwDisposition=0x0 | out: phkResult=0xb2f770*=0x34c, lpdwDisposition=0x0) returned 0x0 [0141.915] SetLastError (dwErrCode=0x0) [0141.915] SetLastError (dwErrCode=0x0) [0141.915] RegCloseKey (hKey=0x34c) returned 0x0 [0141.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f668, cbMultiByte=95, lpWideCharStr=0xc57ea0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\117ce5fb8f9407ebb4") returned 95 [0141.915] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\117ce5fb8f9407ebb4", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x101, lpSecurityAttributes=0x0, phkResult=0xb2f770, lpdwDisposition=0x0 | out: phkResult=0xb2f770*=0x34c, lpdwDisposition=0x0) returned 0x0 [0141.915] SetLastError (dwErrCode=0x0) [0141.915] SetLastError (dwErrCode=0x0) [0141.915] RegCloseKey (hKey=0x34c) returned 0x0 [0141.916] Sleep (dwMilliseconds=0x64) [0142.029] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Symantec\\Symantec Endpoint Protection\\InstalledApps", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f540 | out: phkResult=0xb2f540*=0x0) returned 0x2 [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x57) [0142.030] wvnsprintfW (in: pszDest=0xb2ef30, cchDest=2147483647, pszFmt="SYSTEM\\CurrentControlSet\\services\\%s", arglist=0xb2ef24 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NAV") returned 37 [0142.030] SetLastError (dwErrCode=0x0) [0142.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NAV", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ef14 | out: phkResult=0xb2ef14*=0x0) returned 0x2 [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x57) [0142.030] wvnsprintfW (in: pszDest=0xb2ef30, cchDest=2147483647, pszFmt="SYSTEM\\CurrentControlSet\\services\\%s", arglist=0xb2ef24 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\NIS") returned 37 [0142.030] SetLastError (dwErrCode=0x0) [0142.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\NIS", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ef14 | out: phkResult=0xb2ef14*=0x0) returned 0x2 [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x57) [0142.030] wvnsprintfW (in: pszDest=0xb2ef30, cchDest=2147483647, pszFmt="SYSTEM\\CurrentControlSet\\services\\%s", arglist=0xb2ef24 | out: pszDest="SYSTEM\\CurrentControlSet\\services\\N360") returned 38 [0142.030] SetLastError (dwErrCode=0x0) [0142.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\services\\N360", ulOptions=0x0, samDesired=0x101, phkResult=0xb2ef14 | out: phkResult=0xb2ef14*=0x0) returned 0x2 [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x2) [0142.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Symantec\\Symantec Endpoint Protection\\InstalledApps", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f53c | out: phkResult=0xb2f53c*=0x0) returned 0x2 [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x2) [0142.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Symantec\\InstalledApps", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f53c | out: phkResult=0xb2f53c*=0x0) returned 0x2 [0142.030] SetLastError (dwErrCode=0x2) [0142.030] SetLastError (dwErrCode=0x2) [0142.031] wvnsprintfA (in: pszDest=0xb2f338, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f220 | out: pszDest="CG1CG1_11980343") returned 15 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] wvnsprintfA (in: pszDest=0xb2f238, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f21c | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] wvnsprintfA (in: pszDest=0xb2f5dc, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f4b8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] wvnsprintfA (in: pszDest=0xb2f448, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2f330 | out: pszDest="WAVKWAVK_11980343") returned 17 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] wvnsprintfA (in: pszDest=0xb2f348, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2f32c | out: pszDest="af65e3d3b62960f52a5774ed0ba2491f") returned 32 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f5dc, cbMultiByte=95, lpWideCharStr=0xc57ea0, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0142.031] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f5bc | out: phkResult=0xb2f5bc*=0x34c) returned 0x0 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] SetLastError (dwErrCode=0x0) [0142.031] RegQueryValueExA (in: hKey=0x34c, lpValueName="af65e3d3b62960", lpReserved=0x0, lpType=0xb2f5b4, lpData=0xb2f778, lpcbData=0xb2f5b8*=0x4 | out: lpType=0xb2f5b4*=0x3, lpData=0xb2f778*, lpcbData=0xb2f5b8*=0x4) returned 0x0 [0142.031] RegCloseKey (hKey=0x34c) returned 0x0 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] GetLastError () returned 0x0 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] Sleep (dwMilliseconds=0x7d0) [0144.042] wvnsprintfA (in: pszDest=0xb2efc0, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2eea8 | out: pszDest="CG1CG1_11980343") returned 15 [0144.042] SetLastError (dwErrCode=0x0) [0144.042] wvnsprintfA (in: pszDest=0xb2eec0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2eea4 | out: pszDest="e6577de29e95e38a027c9824c2c5986b") returned 32 [0144.042] SetLastError (dwErrCode=0x0) [0144.042] wvnsprintfA (in: pszDest=0xb2f264, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0xb2f140 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0144.042] SetLastError (dwErrCode=0x0) [0144.042] wvnsprintfA (in: pszDest=0xb2f0d0, cchDest=255, pszFmt="%s%s_%p", arglist=0xb2efb8 | out: pszDest="LCTLCT_11980343") returned 15 [0144.042] SetLastError (dwErrCode=0x0) [0144.042] wvnsprintfA (in: pszDest=0xb2efd0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0xb2efb4 | out: pszDest="511df58c43fc0ce2e0a7405a75f0264a") returned 32 [0144.042] SetLastError (dwErrCode=0x0) [0144.042] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb2f264, cbMultiByte=95, lpWideCharStr=0xc59778, cchWideChar=95 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02") returned 95 [0144.042] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\e6577de29e95e38a02", ulOptions=0x0, samDesired=0x101, phkResult=0xb2f244 | out: phkResult=0xb2f244*=0x374) returned 0x0 [0144.043] SetLastError (dwErrCode=0x0) [0144.043] SetLastError (dwErrCode=0x0) [0144.043] RegQueryValueExA (in: hKey=0x374, lpValueName="511df58c43fc0", lpReserved=0x0, lpType=0xb2f23c, lpData=0xb2f400, lpcbData=0xb2f240*=0x4 | out: lpType=0xb2f23c*=0x0, lpData=0xb2f400*=0x0, lpcbData=0xb2f240*=0x4) returned 0x2 [0144.043] RegCloseKey (hKey=0x374) returned 0x0 [0144.043] SetLastError (dwErrCode=0x2) [0144.043] GetLastError () returned 0x2 [0144.043] SetLastError (dwErrCode=0x2) [0144.043] Sleep (dwMilliseconds=0x9c4) [0152.456] Sleep (dwMilliseconds=0x898) [0154.657] GetTickCount () returned 0x33809 [0154.657] GetCurrentThreadId () returned 0x7a0 [0154.657] RtlRandom (in: Seed=0xb2f3d4 | out: Seed=0xb2f3d4) returned 0x44b0c0b8 [0154.658] SetLastError (dwErrCode=0x0) [0154.658] inet_addr (cp="google.com") returned 0xffffffff [0154.658] getaddrinfo (pNodeName="google.com", pServiceName=0x0, pHints=0xb2f38c*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xb2f3c0) Thread: id = 9 os_tid = 0xa48 Thread: id = 10 os_tid = 0xa98 Thread: id = 11 os_tid = 0x928 Thread: id = 12 os_tid = 0xa9c [0137.292] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0137.292] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x555f9e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x555f9e8*=0x25c) returned 1 [0137.292] GetCurrentThreadId () returned 0xa9c [0137.292] SetEvent (hEvent=0x254) returned 1 [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101000, lpBuffer=0x555f9c4, dwLength=0x1c | out: lpBuffer=0x555f9c4*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5101e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5101000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5102e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5102000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.307] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5103e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5103000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5104e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5104000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1c0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5105e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5105000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bf000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.308] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5106e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5106000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1be000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5107e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5107000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bd000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.309] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5108e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5108000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bc000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5109e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5109000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1bb000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510a800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510aa00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ac00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ae00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ba000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.310] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510b800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ba00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510bc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510be00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510c800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ca00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510cc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ce00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510d800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510da00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510dc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510de00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.311] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510e800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ea00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ec00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510ee00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510f800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510fa00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510fc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x510fe00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x510f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.312] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5110e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5110000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b4000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5111e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5111000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b3000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5112e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5112000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b2000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.313] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5113e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5113000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5114e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5114000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1b0000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5115e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5115000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1af000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.314] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5116e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5116000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ae000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5117e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5117000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ad000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5118e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5118000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ac000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.315] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119a00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119c00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x5119e00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x5119000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1ab000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511a800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511aa00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ac00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ae00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511a000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1aa000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511b800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.316] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ba00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511bc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511be00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511b000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a9000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511c800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ca00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511cc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ce00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511c000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a8000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511d800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511da00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511dc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511de00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511d000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a7000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.317] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511e800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ea00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ec00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511ee00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511e000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f000, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f200, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f400, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f600, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511f800, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511fa00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511fc00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.318] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x511fe00, lpBuffer=0x555f984, dwLength=0x1c | out: lpBuffer=0x555f984*(BaseAddress=0x511f000, AllocationBase=0x5100000, AllocationProtect=0x40, RegionSize=0x1a5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0137.335] SleepEx (dwMilliseconds=0xdac, bAlertable=0) returned 0x0 [0141.244] SleepEx (dwMilliseconds=0xdac, bAlertable=0) returned 0x0 [0144.753] SleepEx (dwMilliseconds=0xdac, bAlertable=0) returned 0x0 [0154.331] SleepEx (dwMilliseconds=0xdac, bAlertable=0) Thread: id = 13 os_tid = 0xa84 [0138.253] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x9, ThreadInformation=0x709f668, ThreadInformationLength=0x4, ReturnLength=0x709f66c | out: ThreadInformation=0x709f668, ReturnLength=0x709f66c) returned 0x0 [0138.253] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x0, ThreadInformation=0xbe5be0, ThreadInformationLength=0x1c, ReturnLength=0x709f66c | out: ThreadInformation=0xbe5be0, ReturnLength=0x709f66c) returned 0x0 [0138.253] SetLastError (dwErrCode=0x0) [0138.253] BuildExplicitAccessWithNameA () returned 0x0 [0138.253] BuildExplicitAccessWithNameA () returned 0x0 [0138.253] SetEntriesInAclA () returned 0x0 [0138.254] SetSecurityInfo () returned 0x0 [0138.254] LocalFree (hMem=0xbea6a0) returned 0x0 [0138.254] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0138.254] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x709fa6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x709fa6c*=0x30c) returned 1 [0138.254] GetCurrentThreadId () returned 0xa84 [0138.254] SetEvent (hEvent=0x2fc) returned 1 [0138.254] Sleep (dwMilliseconds=0xfa0) [0142.269] Sleep (dwMilliseconds=0x7d0) [0144.658] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x51599c8, Buffer=0x709fa4c, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x709f95c | out: Buffer=0x709fa4c*, NumberOfBytesRead=0x709f95c*=0x4) returned 0x0 [0144.658] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0144.658] SetLastError (dwErrCode=0x0) [0144.658] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x11df, flAllocationType=0x3000, flProtect=0x40) returned 0x7210000 [0144.659] GetTickCount () returned 0x310f9 [0144.659] GetTickCount () returned 0x310f9 [0144.659] SetLastError (dwErrCode=0x0) [0144.659] GetLastError () returned 0x0 [0144.659] VirtualFreeEx (hProcess=0xffffffff, lpAddress=0x7210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.659] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5490000, Buffer=0xc5ee30, NumberOfBytesToRead=0x2de3, NumberOfBytesRead=0x709f938 | out: Buffer=0xc5ee30*, NumberOfBytesRead=0x709f938*=0x2de3) returned 0x0 [0144.659] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0144.659] SetLastError (dwErrCode=0x0) [0144.660] Sleep (dwMilliseconds=0x7d0) [0152.454] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x515a178, Buffer=0x709fa50, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x709f95c | out: Buffer=0x709fa50*, NumberOfBytesRead=0x709f95c*=0x4) returned 0x0 [0152.454] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0152.454] SetLastError (dwErrCode=0x0) [0152.454] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x515a140, Buffer=0x709fa50, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x709f95c | out: Buffer=0x709fa50*, NumberOfBytesRead=0x709f95c*=0x4) returned 0x0 [0152.454] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0152.454] SetLastError (dwErrCode=0x0) [0152.454] Sleep (dwMilliseconds=0x7d0) [0154.471] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x515a178, Buffer=0x709fa50, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x709f95c | out: Buffer=0x709fa50*, NumberOfBytesRead=0x709f95c*=0x4) returned 0x0 [0154.471] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.471] SetLastError (dwErrCode=0x0) [0154.471] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x515a140, Buffer=0x709fa50, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x709f95c | out: Buffer=0x709fa50*, NumberOfBytesRead=0x709f95c*=0x4) returned 0x0 [0154.471] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.471] SetLastError (dwErrCode=0x0) [0154.471] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xc5b360, Buffer=0xc5f640, NumberOfBytesToRead=0x900, NumberOfBytesRead=0x709f938 | out: Buffer=0xc5f640*, NumberOfBytesRead=0x709f938*=0x900) returned 0x0 [0154.471] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.471] SetLastError (dwErrCode=0x0) [0154.471] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5490166, Buffer=0x709f984, NumberOfBytesToRead=0xc5, NumberOfBytesRead=0x709f95c | out: Buffer=0x709f984*, NumberOfBytesRead=0x709f95c*=0xc5) returned 0x0 [0154.471] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.471] SetLastError (dwErrCode=0x0) [0154.471] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x549007e, Buffer=0x709f984, NumberOfBytesToRead=0xc5, NumberOfBytesRead=0x709f95c | out: Buffer=0x709f984*, NumberOfBytesRead=0x709f95c*=0xc5) returned 0x0 [0154.471] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.472] SetLastError (dwErrCode=0x0) [0154.472] Sleep (dwMilliseconds=0x7d0) Thread: id = 14 os_tid = 0xa78 [0138.280] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x9, ThreadInformation=0x711f678, ThreadInformationLength=0x4, ReturnLength=0x711f67c | out: ThreadInformation=0x711f678, ReturnLength=0x711f67c) returned 0x0 [0138.280] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x0, ThreadInformation=0xbe5b40, ThreadInformationLength=0x1c, ReturnLength=0x711f67c | out: ThreadInformation=0xbe5b40, ReturnLength=0x711f67c) returned 0x0 [0138.280] SetLastError (dwErrCode=0x0) [0138.280] BuildExplicitAccessWithNameA () returned 0x0 [0138.280] BuildExplicitAccessWithNameA () returned 0x0 [0138.280] SetEntriesInAclA () returned 0x0 [0138.281] SetSecurityInfo () returned 0x0 [0138.281] LocalFree (hMem=0xbea6a0) returned 0x0 [0138.282] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0138.282] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x711fa7c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x711fa7c*=0x320) returned 1 [0138.282] GetCurrentThreadId () returned 0xa78 [0138.282] SetEvent (hEvent=0x2fc) returned 1 [0138.282] wvnsprintfA (in: pszDest=0x711f920, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X", arglist=0x711f90c | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1") returned 76 [0138.282] SetLastError (dwErrCode=0x0) [0138.282] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1", ulOptions=0x0, samDesired=0x10000, phkResult=0x711fa24 | out: phkResult=0x711fa24*=0x324) returned 0x0 [0138.282] RegDeleteKeyA (hKey=0x324, lpSubKey="CW1") returned 0x2 [0138.282] RegCloseKey (hKey=0x324) returned 0x0 [0138.282] wvnsprintfA (in: pszDest=0x711f9e0, cchDest=64, pszFmt="%p%p", arglist=0x711f9c0 | out: pszDest="11980343D2CA4DEF") returned 16 [0138.282] SetLastError (dwErrCode=0x0) [0138.282] GetModuleHandleW (lpModuleName=0x0) returned 0xd20000 [0138.282] GetTickCount () returned 0x2f812 [0138.282] GetCurrentThreadId () returned 0xa78 [0138.282] RtlRandom (in: Seed=0x711f9b8 | out: Seed=0x711f9b8) returned 0x92e10458 [0138.282] GetTickCount () returned 0x2f812 [0138.282] GetCurrentThreadId () returned 0xa78 [0138.282] RtlRandom (in: Seed=0x711f9b4 | out: Seed=0x711f9b4) returned 0x67513e53 [0138.282] GetTickCount () returned 0x2f812 [0138.282] GetCurrentThreadId () returned 0xa78 [0138.282] RtlRandom (in: Seed=0x711f9b0 | out: Seed=0x711f9b0) returned 0x1f5071b3 [0138.282] GetTickCount () returned 0x2f812 [0138.282] GetCurrentThreadId () returned 0xa78 [0138.282] RtlRandom (in: Seed=0x711f9ac | out: Seed=0x711f9ac) returned 0x522c5bc9 [0138.282] CreateWindowExA (dwExStyle=0x0, lpClassName="tooltips_class32", lpWindowName="11980343D2CA4DEF", dwStyle=0x0, X=5, Y=5, nWidth=5, nHeight=2, hWndParent=0x0, hMenu=0x0, hInstance=0xd20000, lpParam=0x0) returned 0x301be [0138.316] ShowWindow (hWnd=0x301be, nCmdShow=0) returned 0 [0138.316] GetTickCount () returned 0x2f831 [0138.316] GetCurrentThreadId () returned 0xa78 [0138.316] RtlRandom (in: Seed=0x711f9bc | out: Seed=0x711f9bc) returned 0xf200928d [0138.316] GetTickCount () returned 0x2f831 [0138.316] GetCurrentThreadId () returned 0xa78 [0138.316] RtlRandom (in: Seed=0x711f9b8 | out: Seed=0x711f9b8) returned 0xcbe653b4 [0138.316] SetWindowPos (hWnd=0x301be, hWndInsertAfter=0x1, X=17996, Y=17999, cx=0, cy=0, uFlags=0x95) returned 1 [0139.908] SetWindowLongA (hWnd=0x301be, nIndex=-4, dwNewLong=85210312) returned -65305 [0139.908] SetWindowLongA (hWnd=0x301be, nIndex=-21, dwNewLong=295222415) returned 0 [0139.908] ChangeWindowMessageFilter (message=0x4a, dwFlag=0x1) returned 1 [0139.909] GetComputerNameExW (in: NameType=0x0, lpBuffer=0x711f91c, nSize=0x711fa1c | out: lpBuffer="LHNIWSJ", nSize=0x711fa1c) returned 1 [0139.909] GetCurrentThreadId () returned 0xa78 [0139.909] wvnsprintfA (in: pszDest=0x711f568, cchDest=255, pszFmt="%s%s_%p", arglist=0x711f450 | out: pszDest="CW1CW1_11980343") returned 15 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] wvnsprintfA (in: pszDest=0x711f468, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x711f44c | out: pszDest="322f7981028544d3cf1b67807bc649c7") returned 32 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] wvnsprintfA (in: pszDest=0x711f814, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x711f6e8 | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\322f798102854") returned 90 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] wvnsprintfA (in: pszDest=0x711f918, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X", arglist=0x711f7fc | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1") returned 76 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x711f918, cbMultiByte=76, lpWideCharStr=0xbd6420, cchWideChar=76 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1") returned 76 [0139.909] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x711fa1c, lpdwDisposition=0x0 | out: phkResult=0x711fa1c*=0x354, lpdwDisposition=0x0) returned 0x0 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] SetLastError (dwErrCode=0x0) [0139.909] RegCloseKey (hKey=0x354) returned 0x0 [0139.909] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x711f814, cbMultiByte=90, lpWideCharStr=0xc57ea0, cchWideChar=90 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\322f798102854") returned 90 [0139.909] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\322f798102854", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x103, lpSecurityAttributes=0x0, phkResult=0x711fa1c, lpdwDisposition=0x0 | out: phkResult=0x711fa1c*=0x354, lpdwDisposition=0x0) returned 0x0 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] SetLastError (dwErrCode=0x0) [0139.909] RegCloseKey (hKey=0x354) returned 0x0 [0139.909] SetLastError (dwErrCode=0x0) [0139.909] wsprintfA (in: param_1=0x711fa34, param_2="%i" | out: param_1="3020") returned 4 [0139.909] wvnsprintfA (in: pszDest=0x711f3cc, cchDest=255, pszFmt="%s%s_%p", arglist=0x711f2b4 | out: pszDest="CW1CW1_11980343") returned 15 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] wvnsprintfA (in: pszDest=0x711f2cc, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x711f2b0 | out: pszDest="322f7981028544d3cf1b67807bc649c7") returned 32 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] wvnsprintfA (in: pszDest=0x711f880, cchDest=259, pszFmt="Software\\AppDataLow\\Software\\%s\\%08X\\%s", arglist=0x711f54c | out: pszDest="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\322f798102854") returned 90 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] wvnsprintfA (in: pszDest=0x711f4e0, cchDest=255, pszFmt="%s%s_%p", arglist=0x711f3c8 | out: pszDest="30203020_11980343") returned 17 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] wvnsprintfA (in: pszDest=0x711f3e0, cchDest=255, pszFmt="%08x%08x%08x%08x", arglist=0x711f3c4 | out: pszDest="d14736f3a3af2562196a8e7bef3cb167") returned 32 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x711f880, cbMultiByte=90, lpWideCharStr=0xc57ea0, cchWideChar=90 | out: lpWideCharStr="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\322f798102854") returned 90 [0139.910] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\AppDataLow\\Software\\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\\11881FB1\\322f798102854", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x711f650, lpdwDisposition=0x0 | out: phkResult=0x711f650*=0x354, lpdwDisposition=0x0) returned 0x0 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] SetLastError (dwErrCode=0x0) [0139.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x711f984, cbMultiByte=14, lpWideCharStr=0xbe5b90, cchWideChar=14 | out: lpWideCharStr="d14736f3a3af25") returned 14 [0139.910] RtlInitUnicodeString (in: DestinationString=0x711f5ec, SourceString="d14736f3a3af25" | out: DestinationString="d14736f3a3af25") [0139.910] NtSetValueKey (in: KeyHandle=0x354, ValueName="d14736f3a3af25", TitleIndex=0x0, Type=0x3, Data=0x711fa70*, DataSize=0x10 | out: Data=0x711fa70*) returned 0x0 [0139.910] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] RegCloseKey (hKey=0x354) returned 0x0 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] GetLastError () returned 0x0 [0139.910] SetLastError (dwErrCode=0x0) [0139.910] GetMessageA (in: lpMsg=0x711fa54, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x711fa54) returned 1 [0139.911] TranslateMessage (lpMsg=0x711fa54) returned 0 [0139.911] DispatchMessageA (lpMsg=0x711fa54) returned 0x0 [0139.911] NtdllDefWindowProc_A (hWnd=0x301be, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0139.911] GetMessageA (in: lpMsg=0x711fa54, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x711fa54) returned 1 [0139.911] TranslateMessage (lpMsg=0x711fa54) returned 0 [0139.911] DispatchMessageA (lpMsg=0x711fa54) returned 0x0 [0139.911] NtdllDefWindowProc_A (hWnd=0x301be, Msg=0x46, wParam=0x0, lParam=0x711f83c) returned 0x0 [0139.911] NtdllDefWindowProc_A (hWnd=0x301be, Msg=0x83, wParam=0x1, lParam=0x711f814) returned 0x0 [0139.913] NtdllDefWindowProc_A (hWnd=0x301be, Msg=0x47, wParam=0x0, lParam=0x711f83c) returned 0x0 [0139.913] NtdllDefWindowProc_A (hWnd=0x301be, Msg=0x31f, wParam=0x0, lParam=0x0) returned 0x0 [0139.913] GetMessageA (lpMsg=0x711fa54, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 15 os_tid = 0xa64 [0141.873] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x9, ThreadInformation=0x739f9e4, ThreadInformationLength=0x4, ReturnLength=0x739f9e8 | out: ThreadInformation=0x739f9e4, ReturnLength=0x739f9e8) returned 0x0 [0141.873] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x0, ThreadInformation=0xbe5be0, ThreadInformationLength=0x1c, ReturnLength=0x739f9e8 | out: ThreadInformation=0xbe5be0, ReturnLength=0x739f9e8) returned 0x0 [0141.873] SetLastError (dwErrCode=0x0) [0141.873] BuildExplicitAccessWithNameA () returned 0x0 [0141.873] BuildExplicitAccessWithNameA () returned 0x0 [0141.873] SetEntriesInAclA () returned 0x0 [0141.874] SetSecurityInfo () returned 0x0 [0141.874] LocalFree (hMem=0xbea7b8) returned 0x0 [0141.875] SetLastError (dwErrCode=0x0) [0141.880] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x54c0000, lpBuffer=0x739f7c4, dwLength=0x1c | out: lpBuffer=0x739f7c4*(BaseAddress=0x54c0000, AllocationBase=0x54c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0141.880] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0141.880] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x739fde8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x739fde8*=0x360) returned 1 [0141.880] GetCurrentThreadId () returned 0xa64 [0141.880] SetEvent (hEvent=0x348) returned 0 [0141.880] Sleep (dwMilliseconds=0x320) [0142.781] CloseHandle (hObject=0x348) returned 0 [0142.781] CloseHandle (hObject=0x360) returned 1 [0142.781] NtTerminateThread (ThreadHandle=0xfffffffe, ExitStatus=0x0) Thread: id = 16 os_tid = 0x9e4 [0141.880] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x9, ThreadInformation=0x895f408, ThreadInformationLength=0x4, ReturnLength=0x895f40c | out: ThreadInformation=0x895f408, ReturnLength=0x895f40c) returned 0x0 [0141.880] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x0, ThreadInformation=0xbe5c08, ThreadInformationLength=0x1c, ReturnLength=0x895f40c | out: ThreadInformation=0xbe5c08, ReturnLength=0x895f40c) returned 0x0 [0141.881] SetLastError (dwErrCode=0x0) [0141.881] BuildExplicitAccessWithNameA () returned 0x0 [0141.881] BuildExplicitAccessWithNameA () returned 0x0 [0141.881] SetEntriesInAclA () returned 0x0 [0141.882] SetSecurityInfo () returned 0x0 [0141.882] LocalFree (hMem=0xbea908) returned 0x0 [0141.882] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0141.882] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x895f80c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f80c*=0x36c) returned 1 [0141.882] GetCurrentThreadId () returned 0x9e4 [0141.882] SetEvent (hEvent=0x34c) returned 1 [0141.882] GetWindowsDirectoryW (in: lpBuffer=0x895f5e8, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.882] GetForegroundWindow () returned 0x901ec [0141.882] GetWindowRect (in: hWnd=0x901ec, lpRect=0x895f334 | out: lpRect=0x895f334) returned 1 [0141.882] GetWindowThreadProcessId (in: hWnd=0x901ec, lpdwProcessId=0x895f344 | out: lpdwProcessId=0x895f344) returned 0x988 [0141.883] GetShellWindow () returned 0x100c8 [0141.883] IsWindow (hWnd=0x100c8) returned 1 [0141.883] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0x895f31c | out: lpdwProcessId=0x895f31c) returned 0x55c [0141.883] GetSystemMetrics (nIndex=0) returned 1440 [0141.883] GetSystemMetrics (nIndex=1) returned 900 [0141.883] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x374 [0141.886] Process32FirstW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.887] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x68, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0141.887] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0141.888] lstrcmpiW (lpString1="smss.exe", lpString2="services.exe") returned 1 [0141.888] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x10c, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x0) returned 0xc0000022 [0141.888] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.888] SetLastError (dwErrCode=0x5) [0141.888] lstrcmpiW (lpString1="smss.exe", lpString2="csrss.exe") returned 1 [0141.888] lstrcmpiW (lpString1="smss.exe", lpString2="smss.exe") returned 0 [0141.888] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x150, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.889] lstrcmpiW (lpString1="csrss.exe", lpString2="services.exe") returned -1 [0141.889] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x158, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x0) returned 0xc0000022 [0141.889] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.889] SetLastError (dwErrCode=0x5) [0141.889] lstrcmpiW (lpString1="csrss.exe", lpString2="csrss.exe") returned 0 [0141.889] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x150, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="services.exe") returned 1 [0141.890] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x198, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x0) returned 0xc0000022 [0141.890] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.890] SetLastError (dwErrCode=0x5) [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="csrss.exe") returned 1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="smss.exe") returned 1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="lsass.exe") returned 1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="services.exe") returned 1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="spoolsv.exe") returned 1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="winlogon.exe") returned -1 [0141.890] lstrcmpiW (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0141.890] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x198, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x0) returned 0xc0000022 [0141.890] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.890] SetLastError (dwErrCode=0x5) [0141.890] GetLastError () returned 0x5 [0141.890] NtOpenProcess (in: ProcessHandle=0x895e550, DesiredAccess=0x40000, ObjectAttributes=0x895e530*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e548*(UniqueProcess=0x198, UniqueThread=0x0) | out: ProcessHandle=0x895e550*=0x0) returned 0xc0000022 [0141.890] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.890] SetLastError (dwErrCode=0x5) [0141.890] SetLastError (dwErrCode=0x5) [0141.890] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x190, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.891] lstrcmpiW (lpString1="csrss.exe", lpString2="services.exe") returned -1 [0141.891] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x1a0, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x0) returned 0xc0000022 [0141.891] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.891] SetLastError (dwErrCode=0x5) [0141.891] lstrcmpiW (lpString1="csrss.exe", lpString2="csrss.exe") returned 0 [0141.891] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x190, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0141.892] lstrcmpiW (lpString1="winlogon.exe", lpString2="services.exe") returned 1 [0141.892] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x1d0, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.892] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.892] SetLastError (dwErrCode=0x0) [0141.892] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.892] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.892] GetLastError () returned 0x7a [0141.892] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbd5ec0, TokenInformationLength=0x14, ReturnLength=0x895f12c | out: TokenInformation=0xbd5ec0, ReturnLength=0x895f12c) returned 1 [0141.892] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbd5ec8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="SYSTEM", cchName=0x895f124, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.893] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="SYSTEM\\NT AUTHORITY") returned 19 [0141.893] SetLastError (dwErrCode=0x0) [0141.893] CloseHandle (hObject=0x37c) returned 1 [0141.893] CloseHandle (hObject=0x378) returned 1 [0141.893] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x198, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0141.894] lstrcmpiW (lpString1="services.exe", lpString2="services.exe") returned 0 [0141.894] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x1e8, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x0) returned 0xc0000022 [0141.894] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0141.894] SetLastError (dwErrCode=0x5) [0141.894] lstrcmpiW (lpString1="services.exe", lpString2="csrss.exe") returned 1 [0141.894] lstrcmpiW (lpString1="services.exe", lpString2="smss.exe") returned -1 [0141.894] lstrcmpiW (lpString1="services.exe", lpString2="lsass.exe") returned 1 [0141.894] lstrcmpiW (lpString1="services.exe", lpString2="services.exe") returned 0 [0141.894] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x198, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0141.895] lstrcmpiW (lpString1="lsass.exe", lpString2="services.exe") returned -1 [0141.895] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x1f0, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.895] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.895] SetLastError (dwErrCode=0x0) [0141.895] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.895] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.895] GetLastError () returned 0x7a [0141.895] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xc593b0, TokenInformationLength=0x14, ReturnLength=0x895f12c | out: TokenInformation=0xc593b0, ReturnLength=0x895f12c) returned 1 [0141.895] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc593b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="SYSTEM", cchName=0x895f124, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.898] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="SYSTEM\\NT AUTHORITY") returned 19 [0141.898] SetLastError (dwErrCode=0x0) [0141.898] CloseHandle (hObject=0x37c) returned 1 [0141.898] CloseHandle (hObject=0x378) returned 1 [0141.898] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.899] lstrcmpiW (lpString1="svchost.exe", lpString2="services.exe") returned 1 [0141.899] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x268, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.900] lstrcmpiW (lpString1="svchost.exe", lpString2="services.exe") returned 1 [0141.900] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d0, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0141.901] lstrcmpiW (lpString1="dwm.exe", lpString2="services.exe") returned -1 [0141.901] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x2c8, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.901] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.901] SetLastError (dwErrCode=0x0) [0141.901] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.901] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.901] GetLastError () returned 0x7a [0141.901] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xc58ab0, TokenInformationLength=0x1c, ReturnLength=0x895f12c | out: TokenInformation=0xc58ab0, ReturnLength=0x895f12c) returned 1 [0141.901] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc58ab8*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5a, [1]=0x0, [2]=0x0)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="DWM-1", cchName=0x895f124, ReferencedDomainName="Window Manager", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.901] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="DWM-1\\Window Manager") returned 20 [0141.902] SetLastError (dwErrCode=0x0) [0141.902] CloseHandle (hObject=0x37c) returned 1 [0141.902] CloseHandle (hObject=0x378) returned 1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="csrss.exe") returned 1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="smss.exe") returned -1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="lsass.exe") returned -1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="services.exe") returned -1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="spoolsv.exe") returned -1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="winlogon.exe") returned -1 [0141.902] lstrcmpiW (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0141.902] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x2c8, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.902] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.902] SetLastError (dwErrCode=0x0) [0141.902] GetLastError () returned 0x0 [0141.902] SetLastError (dwErrCode=0x0) [0141.902] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.902] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.902] CloseHandle (hObject=0x37c) returned 1 [0141.902] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000002C8") returned 10 [0141.902] SetLastError (dwErrCode=0x0) [0141.902] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000002C8_v1$") returned 62 [0141.902] SetLastError (dwErrCode=0x0) [0141.902] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000002C8_v1$") returned 0x0 [0141.902] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.902] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.902] GetLastError () returned 0x2 [0141.902] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.902] GetLastError () returned 0x2 [0141.902] SetLastError (dwErrCode=0x2) [0141.902] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000002C8_v1$") returned 0x37c [0141.902] GetLastError () returned 0x0 [0141.902] SetLastError (dwErrCode=0x0) [0141.902] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x384) returned 1 [0141.903] GetTokenInformation (in: TokenHandle=0x384, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.903] GetLastError () returned 0x7a [0141.903] GetTokenInformation (in: TokenHandle=0x384, TokenInformationClass=0x1, TokenInformation=0xc58ce0, TokenInformationLength=0x1c, ReturnLength=0x895ee08 | out: TokenInformation=0xc58ce0, ReturnLength=0x895ee08) returned 1 [0141.903] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc58ce8*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5a, [1]=0x0, [2]=0x0)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="DWM-1", cchName=0x895ee00, ReferencedDomainName="Window Manager", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.903] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="DWM-1\\Window Manager") returned 20 [0141.903] SetLastError (dwErrCode=0x0) [0141.903] CloseHandle (hObject=0x384) returned 1 [0141.903] SetLastError (dwErrCode=0x0) [0141.903] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.903] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.903] SetLastError (dwErrCode=0x0) [0141.903] CloseHandle (hObject=0x37c) returned 1 [0141.903] CloseHandle (hObject=0x378) returned 1 [0141.903] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3f, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.904] lstrcmpiW (lpString1="svchost.exe", lpString2="services.exe") returned 1 [0141.904] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.905] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.905] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.906] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.907] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.907] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x230, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0141.908] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.909] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.909] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0141.910] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.911] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0141.911] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x778, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.911] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.911] SetLastError (dwErrCode=0x0) [0141.912] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.912] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.912] GetLastError () returned 0x7a [0141.912] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5280, ReturnLength=0x895f12c) returned 1 [0141.912] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.916] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.916] SetLastError (dwErrCode=0x0) [0141.916] CloseHandle (hObject=0x37c) returned 1 [0141.916] CloseHandle (hObject=0x378) returned 1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="csrss.exe") returned 1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="smss.exe") returned -1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="lsass.exe") returned 1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="services.exe") returned 1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="spoolsv.exe") returned -1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="winlogon.exe") returned -1 [0141.916] lstrcmpiW (lpString1="sihost.exe", lpString2="chrome.exe") returned 1 [0141.916] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x778, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.917] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.917] SetLastError (dwErrCode=0x0) [0141.917] GetLastError () returned 0x0 [0141.917] SetLastError (dwErrCode=0x0) [0141.917] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.917] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.917] CloseHandle (hObject=0x37c) returned 1 [0141.917] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000778") returned 10 [0141.917] SetLastError (dwErrCode=0x0) [0141.917] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000778_v1$") returned 62 [0141.917] SetLastError (dwErrCode=0x0) [0141.917] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000778_v1$") returned 0x0 [0141.917] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.917] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.917] GetLastError () returned 0x2 [0141.917] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.917] GetLastError () returned 0x2 [0141.917] SetLastError (dwErrCode=0x2) [0141.917] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000778_v1$") returned 0x37c [0141.917] GetLastError () returned 0x0 [0141.917] SetLastError (dwErrCode=0x0) [0141.917] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.917] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.917] GetLastError () returned 0x7a [0141.917] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5340, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5340, ReturnLength=0x895ee08) returned 1 [0141.917] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5348*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.918] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.918] SetLastError (dwErrCode=0x0) [0141.918] CloseHandle (hObject=0x34c) returned 1 [0141.918] SetLastError (dwErrCode=0x0) [0141.918] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.918] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.918] SetLastError (dwErrCode=0x0) [0141.918] CloseHandle (hObject=0x37c) returned 1 [0141.918] CloseHandle (hObject=0x378) returned 1 [0141.918] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0141.919] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x7ac, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.919] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.919] SetLastError (dwErrCode=0x0) [0141.919] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.919] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.919] GetLastError () returned 0x7a [0141.919] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5160, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5160, ReturnLength=0x895f12c) returned 1 [0141.919] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5168*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.920] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.920] SetLastError (dwErrCode=0x0) [0141.920] CloseHandle (hObject=0x37c) returned 1 [0141.920] CloseHandle (hObject=0x378) returned 1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="csrss.exe") returned 1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="smss.exe") returned 1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="lsass.exe") returned 1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="services.exe") returned 1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="spoolsv.exe") returned 1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="winlogon.exe") returned -1 [0141.920] lstrcmpiW (lpString1="taskhostw.exe", lpString2="chrome.exe") returned 1 [0141.920] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x7ac, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.920] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.920] SetLastError (dwErrCode=0x0) [0141.920] GetLastError () returned 0x0 [0141.920] SetLastError (dwErrCode=0x0) [0141.920] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.920] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.920] CloseHandle (hObject=0x37c) returned 1 [0141.920] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000007AC") returned 10 [0141.920] SetLastError (dwErrCode=0x0) [0141.920] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000007AC_v1$") returned 62 [0141.920] SetLastError (dwErrCode=0x0) [0141.920] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000007AC_v1$") returned 0x0 [0141.920] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.920] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.920] GetLastError () returned 0x2 [0141.920] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.920] GetLastError () returned 0x2 [0141.920] SetLastError (dwErrCode=0x2) [0141.920] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000007AC_v1$") returned 0x37c [0141.920] GetLastError () returned 0x0 [0141.920] SetLastError (dwErrCode=0x0) [0141.920] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.921] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.921] GetLastError () returned 0x7a [0141.921] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf4fb0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4fb0, ReturnLength=0x895ee08) returned 1 [0141.921] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4fb8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.921] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.921] SetLastError (dwErrCode=0x0) [0141.921] CloseHandle (hObject=0x34c) returned 1 [0141.921] SetLastError (dwErrCode=0x0) [0141.921] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.921] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.921] SetLastError (dwErrCode=0x0) [0141.921] CloseHandle (hObject=0x37c) returned 1 [0141.921] CloseHandle (hObject=0x378) returned 1 [0141.921] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x4ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0141.922] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.922] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.922] SetLastError (dwErrCode=0x0) [0141.922] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.922] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.922] GetLastError () returned 0x7a [0141.922] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5370, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5370, ReturnLength=0x895f12c) returned 1 [0141.922] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5378*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.923] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.923] SetLastError (dwErrCode=0x0) [0141.923] CloseHandle (hObject=0x37c) returned 1 [0141.923] CloseHandle (hObject=0x378) returned 1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="smss.exe") returned -1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="services.exe") returned -1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1 [0141.923] lstrcmpiW (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0141.923] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.923] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.923] SetLastError (dwErrCode=0x0) [0141.923] GetLastError () returned 0x0 [0141.923] SetLastError (dwErrCode=0x0) [0141.923] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.923] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.923] CloseHandle (hObject=0x37c) returned 1 [0141.923] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000508") returned 10 [0141.923] SetLastError (dwErrCode=0x0) [0141.923] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000508_v1$") returned 62 [0141.924] SetLastError (dwErrCode=0x0) [0141.924] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000508_v1$") returned 0x0 [0141.924] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.924] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.924] GetLastError () returned 0x2 [0141.924] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.924] GetLastError () returned 0x2 [0141.924] SetLastError (dwErrCode=0x2) [0141.924] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000508_v1$") returned 0x37c [0141.924] GetLastError () returned 0x0 [0141.924] SetLastError (dwErrCode=0x0) [0141.924] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.924] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.924] GetLastError () returned 0x7a [0141.924] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5280, ReturnLength=0x895ee08) returned 1 [0141.924] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.925] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.925] SetLastError (dwErrCode=0x0) [0141.925] CloseHandle (hObject=0x34c) returned 1 [0141.925] SetLastError (dwErrCode=0x0) [0141.925] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.925] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.925] SetLastError (dwErrCode=0x0) [0141.925] CloseHandle (hObject=0x37c) returned 1 [0141.925] CloseHandle (hObject=0x378) returned 1 [0141.925] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0141.925] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x814, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.926] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.926] SetLastError (dwErrCode=0x0) [0141.926] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.926] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.926] GetLastError () returned 0x7a [0141.926] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf4fe0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4fe0, ReturnLength=0x895f12c) returned 1 [0141.926] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4fe8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.926] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.926] SetLastError (dwErrCode=0x0) [0141.926] CloseHandle (hObject=0x37c) returned 1 [0141.926] CloseHandle (hObject=0x378) returned 1 [0141.926] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="csrss.exe") returned 1 [0141.926] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="smss.exe") returned -1 [0141.926] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="lsass.exe") returned 1 [0141.926] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="services.exe") returned -1 [0141.926] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="spoolsv.exe") returned -1 [0141.926] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="winlogon.exe") returned -1 [0141.927] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="chrome.exe") returned 1 [0141.927] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x814, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.927] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.927] SetLastError (dwErrCode=0x0) [0141.927] GetLastError () returned 0x0 [0141.927] SetLastError (dwErrCode=0x0) [0141.927] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.927] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.927] CloseHandle (hObject=0x37c) returned 1 [0141.927] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000814") returned 10 [0141.927] SetLastError (dwErrCode=0x0) [0141.927] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000814_v1$") returned 62 [0141.927] SetLastError (dwErrCode=0x0) [0141.927] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000814_v1$") returned 0x0 [0141.927] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.927] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.927] GetLastError () returned 0x2 [0141.927] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.927] GetLastError () returned 0x2 [0141.927] SetLastError (dwErrCode=0x2) [0141.927] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000814_v1$") returned 0x37c [0141.927] GetLastError () returned 0x0 [0141.927] SetLastError (dwErrCode=0x0) [0141.927] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.927] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.927] GetLastError () returned 0x7a [0141.927] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5040, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5040, ReturnLength=0x895ee08) returned 1 [0141.927] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5048*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.928] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.928] SetLastError (dwErrCode=0x0) [0141.928] CloseHandle (hObject=0x34c) returned 1 [0141.928] SetLastError (dwErrCode=0x0) [0141.928] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.928] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.928] SetLastError (dwErrCode=0x0) [0141.928] CloseHandle (hObject=0x37c) returned 1 [0141.928] CloseHandle (hObject=0x378) returned 1 [0141.928] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0141.929] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x9a0, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.929] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.929] SetLastError (dwErrCode=0x0) [0141.929] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.929] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.929] GetLastError () returned 0x7a [0141.929] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5040, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5040, ReturnLength=0x895f12c) returned 1 [0141.929] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5048*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.930] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.930] SetLastError (dwErrCode=0x0) [0141.930] CloseHandle (hObject=0x37c) returned 1 [0141.930] CloseHandle (hObject=0x378) returned 1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="csrss.exe") returned 1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="smss.exe") returned -1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="lsass.exe") returned 1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="services.exe") returned 1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="spoolsv.exe") returned -1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="winlogon.exe") returned -1 [0141.930] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="chrome.exe") returned 1 [0141.930] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x9a0, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.930] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.930] SetLastError (dwErrCode=0x0) [0141.930] GetLastError () returned 0x0 [0141.930] SetLastError (dwErrCode=0x0) [0141.930] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.930] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.930] CloseHandle (hObject=0x37c) returned 1 [0141.930] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000009A0") returned 10 [0141.930] SetLastError (dwErrCode=0x0) [0141.930] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000009A0_v1$") returned 62 [0141.930] SetLastError (dwErrCode=0x0) [0141.930] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000009A0_v1$") returned 0x0 [0141.930] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.930] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.930] GetLastError () returned 0x2 [0141.930] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.930] GetLastError () returned 0x2 [0141.930] SetLastError (dwErrCode=0x2) [0141.930] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000009A0_v1$") returned 0x37c [0141.930] GetLastError () returned 0x0 [0141.930] SetLastError (dwErrCode=0x0) [0141.931] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.931] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.931] GetLastError () returned 0x7a [0141.931] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf50d0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf50d0, ReturnLength=0x895ee08) returned 1 [0141.931] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf50d8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.931] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.931] SetLastError (dwErrCode=0x0) [0141.931] CloseHandle (hObject=0x34c) returned 1 [0141.931] SetLastError (dwErrCode=0x0) [0141.931] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.932] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.932] SetLastError (dwErrCode=0x0) [0141.932] CloseHandle (hObject=0x37c) returned 1 [0141.932] CloseHandle (hObject=0x378) returned 1 [0141.932] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0141.932] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xb7c, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.932] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.932] SetLastError (dwErrCode=0x0) [0141.932] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.932] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.933] GetLastError () returned 0x7a [0141.933] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf4ec0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4ec0, ReturnLength=0x895f12c) returned 1 [0141.933] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4ec8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.933] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.933] SetLastError (dwErrCode=0x0) [0141.933] CloseHandle (hObject=0x37c) returned 1 [0141.933] CloseHandle (hObject=0x378) returned 1 [0141.933] lstrcmpiW (lpString1="SearchUI.exe", lpString2="csrss.exe") returned 1 [0141.933] lstrcmpiW (lpString1="SearchUI.exe", lpString2="smss.exe") returned -1 [0141.933] lstrcmpiW (lpString1="SearchUI.exe", lpString2="lsass.exe") returned 1 [0141.933] lstrcmpiW (lpString1="SearchUI.exe", lpString2="services.exe") returned -1 [0141.934] lstrcmpiW (lpString1="SearchUI.exe", lpString2="spoolsv.exe") returned -1 [0141.934] lstrcmpiW (lpString1="SearchUI.exe", lpString2="winlogon.exe") returned -1 [0141.934] lstrcmpiW (lpString1="SearchUI.exe", lpString2="chrome.exe") returned 1 [0141.934] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xb7c, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.934] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.934] SetLastError (dwErrCode=0x0) [0141.934] GetLastError () returned 0x0 [0141.934] SetLastError (dwErrCode=0x0) [0141.934] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.934] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.934] CloseHandle (hObject=0x37c) returned 1 [0141.934] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000B7C") returned 10 [0141.934] SetLastError (dwErrCode=0x0) [0141.934] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B7C_v1$") returned 62 [0141.934] SetLastError (dwErrCode=0x0) [0141.934] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B7C_v1$") returned 0x0 [0141.934] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.934] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.934] GetLastError () returned 0x2 [0141.934] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.934] GetLastError () returned 0x2 [0141.934] SetLastError (dwErrCode=0x2) [0141.934] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B7C_v1$") returned 0x37c [0141.934] GetLastError () returned 0x0 [0141.934] SetLastError (dwErrCode=0x0) [0141.934] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.934] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.934] GetLastError () returned 0x7a [0141.934] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5040, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5040, ReturnLength=0x895ee08) returned 1 [0141.934] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5048*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.935] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.935] SetLastError (dwErrCode=0x0) [0141.935] CloseHandle (hObject=0x34c) returned 1 [0141.935] SetLastError (dwErrCode=0x0) [0141.935] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.935] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.935] SetLastError (dwErrCode=0x0) [0141.935] CloseHandle (hObject=0x37c) returned 1 [0141.935] CloseHandle (hObject=0x378) returned 1 [0141.935] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="uni.exe")) returned 1 [0141.936] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xaf0, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0141.936] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.936] SetLastError (dwErrCode=0x0) [0141.936] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0141.936] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.936] GetLastError () returned 0x7a [0141.936] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5040, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5040, ReturnLength=0x895f12c) returned 1 [0141.936] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5048*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.937] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.937] SetLastError (dwErrCode=0x0) [0141.937] CloseHandle (hObject=0x37c) returned 1 [0141.937] CloseHandle (hObject=0x378) returned 1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="csrss.exe") returned 1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="smss.exe") returned 1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="lsass.exe") returned 1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="services.exe") returned 1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="spoolsv.exe") returned 1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="winlogon.exe") returned -1 [0141.937] lstrcmpiW (lpString1="uni.exe", lpString2="chrome.exe") returned 1 [0141.937] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xaf0, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0141.937] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.937] SetLastError (dwErrCode=0x0) [0141.937] GetLastError () returned 0x0 [0141.937] SetLastError (dwErrCode=0x0) [0141.937] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0141.937] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.937] CloseHandle (hObject=0x37c) returned 1 [0141.937] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000AF0") returned 10 [0141.937] SetLastError (dwErrCode=0x0) [0141.937] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000AF0_v1$") returned 62 [0141.937] SetLastError (dwErrCode=0x0) [0141.937] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000AF0_v1$") returned 0x0 [0141.937] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.937] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.937] GetLastError () returned 0x2 [0141.937] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.937] GetLastError () returned 0x2 [0141.937] SetLastError (dwErrCode=0x2) [0141.937] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000AF0_v1$") returned 0x37c [0141.938] GetLastError () returned 0x0 [0141.938] SetLastError (dwErrCode=0x0) [0141.938] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0141.938] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.938] GetLastError () returned 0x7a [0141.938] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf52b0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf52b0, ReturnLength=0x895ee08) returned 1 [0141.938] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf52b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.938] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.938] SetLastError (dwErrCode=0x0) [0141.938] CloseHandle (hObject=0x34c) returned 1 [0141.938] SetLastError (dwErrCode=0x0) [0141.938] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.938] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.938] SetLastError (dwErrCode=0x0) [0141.938] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0141.938] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0141.939] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.939] SetLastError (dwErrCode=0x0) [0141.939] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0141.939] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.939] SetLastError (dwErrCode=0x0) [0141.939] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x7f43f008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0141.939] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x1040000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0141.939] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0141.940] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.940] SetLastError (dwErrCode=0x0) [0141.940] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.940] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x34c) returned 0x0 [0141.940] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.940] SetLastError (dwErrCode=0x0) [0141.940] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0141.941] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.941] SetLastError (dwErrCode=0x0) [0141.941] CloseHandle (hObject=0x34c) returned 1 [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\uni.exe") returned="uni.exe" [0141.941] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.941] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x34c) returned 0x0 [0141.942] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0x378, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2460000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0141.944] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.944] SetLastError (dwErrCode=0x0) [0141.944] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0141.945] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.945] SetLastError (dwErrCode=0x0) [0141.945] SetLastError (dwErrCode=0x0) [0141.951] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000AF0") returned 13 [0141.951] SetLastError (dwErrCode=0x0) [0141.951] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000AF0_v1$") returned 65 [0141.951] SetLastError (dwErrCode=0x0) [0141.951] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000AF0_v1$") returned 0x0 [0141.951] GetLastError () returned 0x2 [0141.951] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0x378, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0141.951] CloseHandle (hObject=0x37c) returned 1 [0141.966] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0141.966] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.966] SetLastError (dwErrCode=0x0) [0141.966] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x26220c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2622000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0141.966] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.966] SetLastError (dwErrCode=0x0) [0141.966] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x26220c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0141.967] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.967] SetLastError (dwErrCode=0x0) [0141.967] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0141.967] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.967] SetLastError (dwErrCode=0x0) [0141.967] CloseHandle (hObject=0x378) returned 1 [0141.967] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0141.982] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.982] SetLastError (dwErrCode=0x0) [0141.982] CloseHandle (hObject=0x34c) returned 1 [0141.982] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="ten.exe")) returned 1 [0141.983] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x5cc, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x34c) returned 0x0 [0141.983] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.983] SetLastError (dwErrCode=0x0) [0141.983] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x378) returned 1 [0141.983] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0141.983] GetLastError () returned 0x7a [0141.983] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5370, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5370, ReturnLength=0x895f12c) returned 1 [0141.983] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5378*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0141.984] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.984] SetLastError (dwErrCode=0x0) [0141.984] CloseHandle (hObject=0x378) returned 1 [0141.984] CloseHandle (hObject=0x34c) returned 1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="csrss.exe") returned 1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="smss.exe") returned 1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="lsass.exe") returned 1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="services.exe") returned 1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="spoolsv.exe") returned 1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="winlogon.exe") returned -1 [0141.984] lstrcmpiW (lpString1="ten.exe", lpString2="chrome.exe") returned 1 [0141.984] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x5cc, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x34c) returned 0x0 [0141.984] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.984] SetLastError (dwErrCode=0x0) [0141.984] GetLastError () returned 0x0 [0141.984] SetLastError (dwErrCode=0x0) [0141.984] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0141.984] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0141.984] CloseHandle (hObject=0x378) returned 1 [0141.984] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000005CC") returned 10 [0141.984] SetLastError (dwErrCode=0x0) [0141.984] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000005CC_v1$") returned 62 [0141.985] SetLastError (dwErrCode=0x0) [0141.985] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000005CC_v1$") returned 0x0 [0141.985] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.985] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.985] GetLastError () returned 0x2 [0141.985] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0141.985] GetLastError () returned 0x2 [0141.985] SetLastError (dwErrCode=0x2) [0141.985] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000005CC_v1$") returned 0x378 [0141.985] GetLastError () returned 0x0 [0141.985] SetLastError (dwErrCode=0x0) [0141.985] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0141.985] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0141.985] GetLastError () returned 0x7a [0141.985] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf50a0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf50a0, ReturnLength=0x895ee08) returned 1 [0141.985] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf50a8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0141.986] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0141.986] SetLastError (dwErrCode=0x0) [0141.986] CloseHandle (hObject=0x37c) returned 1 [0141.986] SetLastError (dwErrCode=0x0) [0141.986] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0141.986] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.986] SetLastError (dwErrCode=0x0) [0141.986] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0141.986] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0141.986] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.986] SetLastError (dwErrCode=0x0) [0141.986] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0141.986] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.986] SetLastError (dwErrCode=0x0) [0141.986] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x7e3ff008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0141.986] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0xa60000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0141.986] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0141.987] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.987] SetLastError (dwErrCode=0x0) [0141.987] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.987] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0141.987] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.987] SetLastError (dwErrCode=0x0) [0141.987] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0141.988] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.988] SetLastError (dwErrCode=0x0) [0141.988] CloseHandle (hObject=0x37c) returned 1 [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.988] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.988] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.989] PathFindFileNameW (pszPath="C:\\Program Files\\Internet Explorer\\ten.exe") returned="ten.exe" [0141.989] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0141.989] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0141.989] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x34c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x1f80000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0141.993] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.993] SetLastError (dwErrCode=0x0) [0141.993] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0141.994] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0141.995] SetLastError (dwErrCode=0x0) [0141.995] SetLastError (dwErrCode=0x0) [0141.999] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x000005CC") returned 13 [0141.999] SetLastError (dwErrCode=0x0) [0141.999] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000005CC_v1$") returned 65 [0141.999] SetLastError (dwErrCode=0x0) [0141.999] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000005CC_v1$") returned 0x0 [0141.999] GetLastError () returned 0x2 [0141.999] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x34c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0141.999] CloseHandle (hObject=0x378) returned 1 [0142.011] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.011] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.011] SetLastError (dwErrCode=0x0) [0142.011] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x21420c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2142000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.011] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.012] SetLastError (dwErrCode=0x0) [0142.012] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x21420c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.012] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.012] SetLastError (dwErrCode=0x0) [0142.012] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.012] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.012] SetLastError (dwErrCode=0x0) [0142.012] CloseHandle (hObject=0x34c) returned 1 [0142.012] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.031] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.031] SetLastError (dwErrCode=0x0) [0142.031] CloseHandle (hObject=0x37c) returned 1 [0142.031] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="gp-blank.exe")) returned 1 [0142.032] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x968, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0142.032] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.032] SetLastError (dwErrCode=0x0) [0142.032] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x34c) returned 1 [0142.032] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.032] GetLastError () returned 0x7a [0142.032] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf4f80, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4f80, ReturnLength=0x895f12c) returned 1 [0142.032] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4f88*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.033] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.033] SetLastError (dwErrCode=0x0) [0142.033] CloseHandle (hObject=0x34c) returned 1 [0142.033] CloseHandle (hObject=0x37c) returned 1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="csrss.exe") returned 1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="smss.exe") returned -1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="lsass.exe") returned -1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="services.exe") returned -1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="spoolsv.exe") returned -1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="winlogon.exe") returned -1 [0142.033] lstrcmpiW (lpString1="gp-blank.exe", lpString2="chrome.exe") returned 1 [0142.033] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x968, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0142.034] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.034] SetLastError (dwErrCode=0x0) [0142.034] GetLastError () returned 0x0 [0142.034] SetLastError (dwErrCode=0x0) [0142.034] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x34c) returned 1 [0142.034] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.034] CloseHandle (hObject=0x34c) returned 1 [0142.034] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000968") returned 10 [0142.034] SetLastError (dwErrCode=0x0) [0142.034] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000968_v1$") returned 62 [0142.034] SetLastError (dwErrCode=0x0) [0142.034] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000968_v1$") returned 0x0 [0142.034] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.034] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.034] GetLastError () returned 0x2 [0142.034] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.034] GetLastError () returned 0x2 [0142.034] SetLastError (dwErrCode=0x2) [0142.034] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000968_v1$") returned 0x34c [0142.034] GetLastError () returned 0x0 [0142.034] SetLastError (dwErrCode=0x0) [0142.034] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0142.034] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.034] GetLastError () returned 0x7a [0142.034] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5400, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5400, ReturnLength=0x895ee08) returned 1 [0142.034] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5408*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.035] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.035] SetLastError (dwErrCode=0x0) [0142.035] CloseHandle (hObject=0x378) returned 1 [0142.035] SetLastError (dwErrCode=0x0) [0142.035] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.035] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.035] SetLastError (dwErrCode=0x0) [0142.035] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.035] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.035] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.035] SetLastError (dwErrCode=0x0) [0142.035] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.035] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.035] SetLastError (dwErrCode=0x0) [0142.035] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x7eb84008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.035] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x1050000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.035] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.036] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.036] SetLastError (dwErrCode=0x0) [0142.036] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.036] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x378) returned 0x0 [0142.036] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.036] SetLastError (dwErrCode=0x0) [0142.036] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.037] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.037] SetLastError (dwErrCode=0x0) [0142.037] CloseHandle (hObject=0x378) returned 1 [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe") returned="gp-blank.exe" [0142.037] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.037] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x378) returned 0x0 [0142.038] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0x37c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2d50000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.040] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.040] SetLastError (dwErrCode=0x0) [0142.040] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.042] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.042] SetLastError (dwErrCode=0x0) [0142.042] SetLastError (dwErrCode=0x0) [0142.046] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000968") returned 13 [0142.046] SetLastError (dwErrCode=0x0) [0142.046] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000968_v1$") returned 65 [0142.046] SetLastError (dwErrCode=0x0) [0142.047] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000968_v1$") returned 0x0 [0142.047] GetLastError () returned 0x2 [0142.047] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0x37c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.047] CloseHandle (hObject=0x34c) returned 1 [0142.060] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.060] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.060] SetLastError (dwErrCode=0x0) [0142.060] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x2f120c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2f12000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.060] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.060] SetLastError (dwErrCode=0x0) [0142.060] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x2f120c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.060] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.060] SetLastError (dwErrCode=0x0) [0142.060] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.061] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.061] SetLastError (dwErrCode=0x0) [0142.061] CloseHandle (hObject=0x37c) returned 1 [0142.061] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.081] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.081] SetLastError (dwErrCode=0x0) [0142.081] CloseHandle (hObject=0x378) returned 1 [0142.081] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagement cologne.exe")) returned 1 [0142.082] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x8d8, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.082] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.082] SetLastError (dwErrCode=0x0) [0142.082] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.082] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.082] GetLastError () returned 0x7a [0142.082] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf4e90, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4e90, ReturnLength=0x895f12c) returned 1 [0142.082] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4e98*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.084] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.084] SetLastError (dwErrCode=0x0) [0142.084] CloseHandle (hObject=0x37c) returned 1 [0142.084] CloseHandle (hObject=0x378) returned 1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="csrss.exe") returned 1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="smss.exe") returned -1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="lsass.exe") returned -1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="services.exe") returned -1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="spoolsv.exe") returned -1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="winlogon.exe") returned -1 [0142.084] lstrcmpiW (lpString1="engagement cologne.exe", lpString2="chrome.exe") returned 1 [0142.084] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x8d8, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0142.084] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.084] SetLastError (dwErrCode=0x0) [0142.084] GetLastError () returned 0x0 [0142.084] SetLastError (dwErrCode=0x0) [0142.084] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0142.084] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.084] CloseHandle (hObject=0x37c) returned 1 [0142.084] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000008D8") returned 10 [0142.084] SetLastError (dwErrCode=0x0) [0142.084] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000008D8_v1$") returned 62 [0142.084] SetLastError (dwErrCode=0x0) [0142.084] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000008D8_v1$") returned 0x0 [0142.084] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.084] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.084] GetLastError () returned 0x2 [0142.084] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.084] GetLastError () returned 0x2 [0142.084] SetLastError (dwErrCode=0x2) [0142.084] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000008D8_v1$") returned 0x37c [0142.085] GetLastError () returned 0x0 [0142.085] SetLastError (dwErrCode=0x0) [0142.085] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0142.085] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.085] GetLastError () returned 0x7a [0142.085] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5280, ReturnLength=0x895ee08) returned 1 [0142.085] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.086] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.086] SetLastError (dwErrCode=0x0) [0142.086] CloseHandle (hObject=0x34c) returned 1 [0142.086] SetLastError (dwErrCode=0x0) [0142.086] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.086] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.086] SetLastError (dwErrCode=0x0) [0142.086] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.086] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.086] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.086] SetLastError (dwErrCode=0x0) [0142.086] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.087] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.087] SetLastError (dwErrCode=0x0) [0142.087] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x7f364008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.088] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x940000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.088] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.088] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.088] SetLastError (dwErrCode=0x0) [0142.088] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.088] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x34c) returned 0x0 [0142.088] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.088] SetLastError (dwErrCode=0x0) [0142.088] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.089] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.089] SetLastError (dwErrCode=0x0) [0142.089] CloseHandle (hObject=0x34c) returned 1 [0142.089] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.089] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.089] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.089] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.089] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.089] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.089] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.089] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.089] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.089] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.089] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\engagement cologne.exe") returned="engagement cologne.exe" [0142.090] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.090] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x34c) returned 0x0 [0142.090] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0x378, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2660000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.093] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.093] SetLastError (dwErrCode=0x0) [0142.093] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.094] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.094] SetLastError (dwErrCode=0x0) [0142.094] SetLastError (dwErrCode=0x0) [0142.099] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x000008D8") returned 13 [0142.099] SetLastError (dwErrCode=0x0) [0142.099] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000008D8_v1$") returned 65 [0142.099] SetLastError (dwErrCode=0x0) [0142.099] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000008D8_v1$") returned 0x0 [0142.099] GetLastError () returned 0x2 [0142.099] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0x378, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.099] CloseHandle (hObject=0x37c) returned 1 [0142.111] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.111] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.111] SetLastError (dwErrCode=0x0) [0142.111] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x28220c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2822000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.111] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.111] SetLastError (dwErrCode=0x0) [0142.111] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x28220c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.111] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.111] SetLastError (dwErrCode=0x0) [0142.111] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.112] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.112] SetLastError (dwErrCode=0x0) [0142.112] CloseHandle (hObject=0x378) returned 1 [0142.112] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.127] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.127] SetLastError (dwErrCode=0x0) [0142.127] CloseHandle (hObject=0x34c) returned 1 [0142.127] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x714, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="cambridge.exe")) returned 1 [0142.128] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x714, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x34c) returned 0x0 [0142.128] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.128] SetLastError (dwErrCode=0x0) [0142.128] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x378) returned 1 [0142.128] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.128] GetLastError () returned 0x7a [0142.128] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf51c0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf51c0, ReturnLength=0x895f12c) returned 1 [0142.128] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf51c8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.129] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.129] SetLastError (dwErrCode=0x0) [0142.129] CloseHandle (hObject=0x378) returned 1 [0142.129] CloseHandle (hObject=0x34c) returned 1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="csrss.exe") returned -1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="smss.exe") returned -1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="lsass.exe") returned -1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="services.exe") returned -1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="spoolsv.exe") returned -1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="winlogon.exe") returned -1 [0142.129] lstrcmpiW (lpString1="cambridge.exe", lpString2="chrome.exe") returned -1 [0142.129] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x714, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x34c) returned 0x0 [0142.129] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.129] SetLastError (dwErrCode=0x0) [0142.129] GetLastError () returned 0x0 [0142.129] SetLastError (dwErrCode=0x0) [0142.129] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0142.129] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.129] CloseHandle (hObject=0x378) returned 1 [0142.129] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000714") returned 10 [0142.129] SetLastError (dwErrCode=0x0) [0142.129] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000714_v1$") returned 62 [0142.129] SetLastError (dwErrCode=0x0) [0142.130] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000714_v1$") returned 0x0 [0142.130] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.130] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.130] GetLastError () returned 0x2 [0142.130] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.130] GetLastError () returned 0x2 [0142.130] SetLastError (dwErrCode=0x2) [0142.130] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000714_v1$") returned 0x378 [0142.130] GetLastError () returned 0x0 [0142.130] SetLastError (dwErrCode=0x0) [0142.130] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0142.130] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.130] GetLastError () returned 0x7a [0142.130] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf50d0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf50d0, ReturnLength=0x895ee08) returned 1 [0142.130] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf50d8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.131] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.131] SetLastError (dwErrCode=0x0) [0142.131] CloseHandle (hObject=0x37c) returned 1 [0142.131] SetLastError (dwErrCode=0x0) [0142.131] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.131] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.131] SetLastError (dwErrCode=0x0) [0142.131] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.131] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.131] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.131] SetLastError (dwErrCode=0x0) [0142.131] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.131] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.131] SetLastError (dwErrCode=0x0) [0142.131] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x7f1ea008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.131] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x8d0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.131] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.132] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.132] SetLastError (dwErrCode=0x0) [0142.132] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.132] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0142.132] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.132] SetLastError (dwErrCode=0x0) [0142.132] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.132] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.132] SetLastError (dwErrCode=0x0) [0142.132] CloseHandle (hObject=0x37c) returned 1 [0142.132] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.132] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.132] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.132] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.132] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.132] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe") returned="cambridge.exe" [0142.133] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.133] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0142.133] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x34c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2800000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.136] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.136] SetLastError (dwErrCode=0x0) [0142.136] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.137] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.137] SetLastError (dwErrCode=0x0) [0142.137] SetLastError (dwErrCode=0x0) [0142.141] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000714") returned 13 [0142.141] SetLastError (dwErrCode=0x0) [0142.141] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000714_v1$") returned 65 [0142.141] SetLastError (dwErrCode=0x0) [0142.141] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000714_v1$") returned 0x0 [0142.141] GetLastError () returned 0x2 [0142.141] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x34c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.141] CloseHandle (hObject=0x378) returned 1 [0142.154] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.154] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.154] SetLastError (dwErrCode=0x0) [0142.154] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x29c20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x29c2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.154] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.154] SetLastError (dwErrCode=0x0) [0142.154] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x29c20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.154] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.154] SetLastError (dwErrCode=0x0) [0142.154] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.155] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.155] SetLastError (dwErrCode=0x0) [0142.155] CloseHandle (hObject=0x34c) returned 1 [0142.155] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.170] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.170] SetLastError (dwErrCode=0x0) [0142.170] CloseHandle (hObject=0x37c) returned 1 [0142.170] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="amateur-dishes.exe")) returned 1 [0142.171] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x1a8, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0142.171] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.171] SetLastError (dwErrCode=0x0) [0142.171] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x34c) returned 1 [0142.171] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.171] GetLastError () returned 0x7a [0142.171] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf4fe0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4fe0, ReturnLength=0x895f12c) returned 1 [0142.171] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4fe8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.172] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.172] SetLastError (dwErrCode=0x0) [0142.172] CloseHandle (hObject=0x34c) returned 1 [0142.172] CloseHandle (hObject=0x37c) returned 1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="csrss.exe") returned -1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="smss.exe") returned -1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="lsass.exe") returned -1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="services.exe") returned -1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="spoolsv.exe") returned -1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="winlogon.exe") returned -1 [0142.172] lstrcmpiW (lpString1="amateur-dishes.exe", lpString2="chrome.exe") returned -1 [0142.172] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x1a8, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0142.172] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.172] SetLastError (dwErrCode=0x0) [0142.172] GetLastError () returned 0x0 [0142.172] SetLastError (dwErrCode=0x0) [0142.172] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x34c) returned 1 [0142.172] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.172] CloseHandle (hObject=0x34c) returned 1 [0142.172] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000001A8") returned 10 [0142.172] SetLastError (dwErrCode=0x0) [0142.172] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000001A8_v1$") returned 62 [0142.172] SetLastError (dwErrCode=0x0) [0142.172] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000001A8_v1$") returned 0x0 [0142.173] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.173] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.173] GetLastError () returned 0x2 [0142.173] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.173] GetLastError () returned 0x2 [0142.173] SetLastError (dwErrCode=0x2) [0142.173] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000001A8_v1$") returned 0x34c [0142.173] GetLastError () returned 0x0 [0142.173] SetLastError (dwErrCode=0x0) [0142.173] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0142.173] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.173] GetLastError () returned 0x7a [0142.173] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5280, ReturnLength=0x895ee08) returned 1 [0142.173] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.173] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.173] SetLastError (dwErrCode=0x0) [0142.174] CloseHandle (hObject=0x378) returned 1 [0142.174] SetLastError (dwErrCode=0x0) [0142.174] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.174] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.174] SetLastError (dwErrCode=0x0) [0142.174] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.174] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.174] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.174] SetLastError (dwErrCode=0x0) [0142.174] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.174] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.174] SetLastError (dwErrCode=0x0) [0142.174] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x7e6c9008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.174] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x250000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.174] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.175] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.175] SetLastError (dwErrCode=0x0) [0142.175] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.175] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x378) returned 0x0 [0142.175] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.175] SetLastError (dwErrCode=0x0) [0142.175] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.175] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.175] SetLastError (dwErrCode=0x0) [0142.175] CloseHandle (hObject=0x378) returned 1 [0142.175] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] PathFindFileNameW (pszPath="C:\\Program Files\\MSBuild\\amateur-dishes.exe") returned="amateur-dishes.exe" [0142.176] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.176] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x378) returned 0x0 [0142.176] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0x37c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2de0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.179] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.179] SetLastError (dwErrCode=0x0) [0142.179] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.180] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.180] SetLastError (dwErrCode=0x0) [0142.180] SetLastError (dwErrCode=0x0) [0142.184] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x000001A8") returned 13 [0142.184] SetLastError (dwErrCode=0x0) [0142.184] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000001A8_v1$") returned 65 [0142.184] SetLastError (dwErrCode=0x0) [0142.185] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000001A8_v1$") returned 0x0 [0142.185] GetLastError () returned 0x2 [0142.185] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0x37c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.185] CloseHandle (hObject=0x34c) returned 1 [0142.197] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.197] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.197] SetLastError (dwErrCode=0x0) [0142.197] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x2fa20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2fa2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.197] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.197] SetLastError (dwErrCode=0x0) [0142.197] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x2fa20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.197] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.197] SetLastError (dwErrCode=0x0) [0142.197] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.198] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.198] SetLastError (dwErrCode=0x0) [0142.198] CloseHandle (hObject=0x37c) returned 1 [0142.198] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.212] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.212] SetLastError (dwErrCode=0x0) [0142.212] CloseHandle (hObject=0x378) returned 1 [0142.212] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0142.213] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x34c, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.213] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.213] SetLastError (dwErrCode=0x0) [0142.213] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.213] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.213] GetLastError () returned 0x7a [0142.214] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5280, ReturnLength=0x895f12c) returned 1 [0142.214] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.214] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.214] SetLastError (dwErrCode=0x0) [0142.214] CloseHandle (hObject=0x37c) returned 1 [0142.214] CloseHandle (hObject=0x378) returned 1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="csrss.exe") returned -1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="smss.exe") returned -1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="lsass.exe") returned -1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="services.exe") returned -1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="spoolsv.exe") returned -1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="winlogon.exe") returned -1 [0142.214] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="chrome.exe") returned -1 [0142.215] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x34c, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0142.215] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.215] SetLastError (dwErrCode=0x0) [0142.215] GetLastError () returned 0x0 [0142.215] SetLastError (dwErrCode=0x0) [0142.215] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0142.215] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.215] CloseHandle (hObject=0x37c) returned 1 [0142.215] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x0000034C") returned 10 [0142.215] SetLastError (dwErrCode=0x0) [0142.215] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x0000034C_v1$") returned 62 [0142.215] SetLastError (dwErrCode=0x0) [0142.215] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x0000034C_v1$") returned 0x0 [0142.215] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.215] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.215] GetLastError () returned 0x2 [0142.215] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.215] GetLastError () returned 0x2 [0142.215] SetLastError (dwErrCode=0x2) [0142.215] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x0000034C_v1$") returned 0x37c [0142.215] GetLastError () returned 0x0 [0142.215] SetLastError (dwErrCode=0x0) [0142.215] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0142.215] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.215] GetLastError () returned 0x7a [0142.215] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf52e0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf52e0, ReturnLength=0x895ee08) returned 1 [0142.215] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf52e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.216] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.216] SetLastError (dwErrCode=0x0) [0142.216] CloseHandle (hObject=0x34c) returned 1 [0142.216] SetLastError (dwErrCode=0x0) [0142.216] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.216] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.216] SetLastError (dwErrCode=0x0) [0142.216] CloseHandle (hObject=0x37c) returned 1 [0142.216] CloseHandle (hObject=0x378) returned 1 [0142.216] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="science old.exe")) returned 1 [0142.217] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x2b8, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.217] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.217] SetLastError (dwErrCode=0x0) [0142.217] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.217] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.217] GetLastError () returned 0x7a [0142.217] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf50a0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf50a0, ReturnLength=0x895f12c) returned 1 [0142.217] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf50a8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.218] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.218] SetLastError (dwErrCode=0x0) [0142.218] CloseHandle (hObject=0x37c) returned 1 [0142.218] CloseHandle (hObject=0x378) returned 1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="csrss.exe") returned 1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="smss.exe") returned -1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="lsass.exe") returned 1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="services.exe") returned -1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="spoolsv.exe") returned -1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="winlogon.exe") returned -1 [0142.218] lstrcmpiW (lpString1="science old.exe", lpString2="chrome.exe") returned 1 [0142.218] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x2b8, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0142.218] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.218] SetLastError (dwErrCode=0x0) [0142.218] GetLastError () returned 0x0 [0142.218] SetLastError (dwErrCode=0x0) [0142.218] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0142.218] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.218] CloseHandle (hObject=0x37c) returned 1 [0142.218] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000002B8") returned 10 [0142.218] SetLastError (dwErrCode=0x0) [0142.218] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000002B8_v1$") returned 62 [0142.218] SetLastError (dwErrCode=0x0) [0142.218] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000002B8_v1$") returned 0x0 [0142.218] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.218] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.218] GetLastError () returned 0x2 [0142.218] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.219] GetLastError () returned 0x2 [0142.219] SetLastError (dwErrCode=0x2) [0142.219] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000002B8_v1$") returned 0x37c [0142.219] GetLastError () returned 0x0 [0142.219] SetLastError (dwErrCode=0x0) [0142.219] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0142.219] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.219] GetLastError () returned 0x7a [0142.219] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5100, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5100, ReturnLength=0x895ee08) returned 1 [0142.219] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5108*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.219] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.219] SetLastError (dwErrCode=0x0) [0142.219] CloseHandle (hObject=0x34c) returned 1 [0142.219] SetLastError (dwErrCode=0x0) [0142.219] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.220] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.220] SetLastError (dwErrCode=0x0) [0142.220] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.220] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.220] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.220] SetLastError (dwErrCode=0x0) [0142.220] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.220] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.220] SetLastError (dwErrCode=0x0) [0142.220] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x7f774008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.220] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x230000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.220] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.220] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.220] SetLastError (dwErrCode=0x0) [0142.221] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.221] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x34c) returned 0x0 [0142.221] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.221] SetLastError (dwErrCode=0x0) [0142.221] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.221] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.221] SetLastError (dwErrCode=0x0) [0142.221] CloseHandle (hObject=0x34c) returned 1 [0142.221] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Reference Assemblies\\science old.exe") returned="science old.exe" [0142.222] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.222] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x34c) returned 0x0 [0142.223] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0x378, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2dc0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.225] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.225] SetLastError (dwErrCode=0x0) [0142.225] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.226] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.226] SetLastError (dwErrCode=0x0) [0142.226] SetLastError (dwErrCode=0x0) [0142.231] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x000002B8") returned 13 [0142.231] SetLastError (dwErrCode=0x0) [0142.231] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000002B8_v1$") returned 65 [0142.231] SetLastError (dwErrCode=0x0) [0142.231] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000002B8_v1$") returned 0x0 [0142.231] GetLastError () returned 0x2 [0142.231] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0x378, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.231] CloseHandle (hObject=0x37c) returned 1 [0142.244] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.244] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.244] SetLastError (dwErrCode=0x0) [0142.244] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x2f820c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2f82000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.244] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.244] SetLastError (dwErrCode=0x0) [0142.244] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x2f820c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.244] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.244] SetLastError (dwErrCode=0x0) [0142.244] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.245] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.245] SetLastError (dwErrCode=0x0) [0142.245] CloseHandle (hObject=0x378) returned 1 [0142.245] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.260] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.260] SetLastError (dwErrCode=0x0) [0142.260] CloseHandle (hObject=0x34c) returned 1 [0142.260] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="handling investing experimental.exe")) returned 1 [0142.261] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x608, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x34c) returned 0x0 [0142.261] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.261] SetLastError (dwErrCode=0x0) [0142.261] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x378) returned 1 [0142.261] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.261] GetLastError () returned 0x7a [0142.261] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf4ef0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4ef0, ReturnLength=0x895f12c) returned 1 [0142.261] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4ef8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.262] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.262] SetLastError (dwErrCode=0x0) [0142.262] CloseHandle (hObject=0x378) returned 1 [0142.262] CloseHandle (hObject=0x34c) returned 1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="csrss.exe") returned 1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="smss.exe") returned -1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="lsass.exe") returned -1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="services.exe") returned -1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="spoolsv.exe") returned -1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="winlogon.exe") returned -1 [0142.262] lstrcmpiW (lpString1="handling investing experimental.exe", lpString2="chrome.exe") returned 1 [0142.262] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x608, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x34c) returned 0x0 [0142.262] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.262] SetLastError (dwErrCode=0x0) [0142.262] GetLastError () returned 0x0 [0142.262] SetLastError (dwErrCode=0x0) [0142.262] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0142.262] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.262] CloseHandle (hObject=0x378) returned 1 [0142.262] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000608") returned 10 [0142.262] SetLastError (dwErrCode=0x0) [0142.262] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000608_v1$") returned 62 [0142.262] SetLastError (dwErrCode=0x0) [0142.262] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000608_v1$") returned 0x0 [0142.262] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.262] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.262] GetLastError () returned 0x2 [0142.262] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.262] GetLastError () returned 0x2 [0142.263] SetLastError (dwErrCode=0x2) [0142.263] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000608_v1$") returned 0x378 [0142.263] GetLastError () returned 0x0 [0142.263] SetLastError (dwErrCode=0x0) [0142.263] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0142.263] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.263] GetLastError () returned 0x7a [0142.263] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5010, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5010, ReturnLength=0x895ee08) returned 1 [0142.263] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5018*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.263] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.263] SetLastError (dwErrCode=0x0) [0142.263] CloseHandle (hObject=0x37c) returned 1 [0142.263] SetLastError (dwErrCode=0x0) [0142.263] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.264] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.264] SetLastError (dwErrCode=0x0) [0142.264] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.264] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.264] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.264] SetLastError (dwErrCode=0x0) [0142.264] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.264] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.264] SetLastError (dwErrCode=0x0) [0142.264] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x7f9a3008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.264] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x3f0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.264] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.264] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.264] SetLastError (dwErrCode=0x0) [0142.264] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.265] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0142.265] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.265] SetLastError (dwErrCode=0x0) [0142.265] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.265] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.265] SetLastError (dwErrCode=0x0) [0142.265] CloseHandle (hObject=0x37c) returned 1 [0142.265] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.265] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.265] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.265] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.265] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.265] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.265] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.265] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.265] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.265] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.265] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.265] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe") returned="handling investing experimental.exe" [0142.266] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.266] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0142.266] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x34c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2060000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.269] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.269] SetLastError (dwErrCode=0x0) [0142.269] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.270] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.270] SetLastError (dwErrCode=0x0) [0142.270] SetLastError (dwErrCode=0x0) [0142.274] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000608") returned 13 [0142.274] SetLastError (dwErrCode=0x0) [0142.274] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000608_v1$") returned 65 [0142.274] SetLastError (dwErrCode=0x0) [0142.274] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000608_v1$") returned 0x0 [0142.275] GetLastError () returned 0x2 [0142.275] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x34c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.275] CloseHandle (hObject=0x378) returned 1 [0142.286] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.286] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.286] SetLastError (dwErrCode=0x0) [0142.287] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x22220c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2222000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.287] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.287] SetLastError (dwErrCode=0x0) [0142.287] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x22220c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.287] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.287] SetLastError (dwErrCode=0x0) [0142.287] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.287] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.287] SetLastError (dwErrCode=0x0) [0142.287] CloseHandle (hObject=0x34c) returned 1 [0142.288] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.303] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.303] SetLastError (dwErrCode=0x0) [0142.303] CloseHandle (hObject=0x37c) returned 1 [0142.303] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="pdf_incoming_tracked.exe")) returned 1 [0142.304] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x134, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0142.304] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.304] SetLastError (dwErrCode=0x0) [0142.304] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x34c) returned 1 [0142.304] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.304] GetLastError () returned 0x7a [0142.304] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf52e0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf52e0, ReturnLength=0x895f12c) returned 1 [0142.304] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf52e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.304] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.304] SetLastError (dwErrCode=0x0) [0142.304] CloseHandle (hObject=0x34c) returned 1 [0142.305] CloseHandle (hObject=0x37c) returned 1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="csrss.exe") returned 1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="smss.exe") returned -1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="lsass.exe") returned 1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="services.exe") returned -1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="spoolsv.exe") returned -1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="winlogon.exe") returned -1 [0142.305] lstrcmpiW (lpString1="pdf_incoming_tracked.exe", lpString2="chrome.exe") returned 1 [0142.305] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x134, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0142.305] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.305] SetLastError (dwErrCode=0x0) [0142.305] GetLastError () returned 0x0 [0142.305] SetLastError (dwErrCode=0x0) [0142.305] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x34c) returned 1 [0142.305] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.305] CloseHandle (hObject=0x34c) returned 1 [0142.305] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000134") returned 10 [0142.305] SetLastError (dwErrCode=0x0) [0142.305] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000134_v1$") returned 62 [0142.305] SetLastError (dwErrCode=0x0) [0142.305] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000134_v1$") returned 0x0 [0142.305] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.305] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.305] GetLastError () returned 0x2 [0142.305] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.305] GetLastError () returned 0x2 [0142.305] SetLastError (dwErrCode=0x2) [0142.305] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000134_v1$") returned 0x34c [0142.305] GetLastError () returned 0x0 [0142.305] SetLastError (dwErrCode=0x0) [0142.305] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0142.305] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.305] GetLastError () returned 0x7a [0142.305] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf51c0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf51c0, ReturnLength=0x895ee08) returned 1 [0142.306] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf51c8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.306] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.306] SetLastError (dwErrCode=0x0) [0142.306] CloseHandle (hObject=0x378) returned 1 [0142.306] SetLastError (dwErrCode=0x0) [0142.306] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.306] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.306] SetLastError (dwErrCode=0x0) [0142.306] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.306] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.306] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.306] SetLastError (dwErrCode=0x0) [0142.306] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.306] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.306] SetLastError (dwErrCode=0x0) [0142.306] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x7e8bc008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.307] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x13e0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.307] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.307] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.307] SetLastError (dwErrCode=0x0) [0142.307] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.307] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x378) returned 0x0 [0142.307] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.307] SetLastError (dwErrCode=0x0) [0142.307] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.308] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.308] SetLastError (dwErrCode=0x0) [0142.308] CloseHandle (hObject=0x378) returned 1 [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.308] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.308] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.309] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe") returned="pdf_incoming_tracked.exe" [0142.309] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.309] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x378) returned 0x0 [0142.309] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0x37c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2c20000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.311] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.311] SetLastError (dwErrCode=0x0) [0142.311] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.312] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.312] SetLastError (dwErrCode=0x0) [0142.312] SetLastError (dwErrCode=0x0) [0142.317] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000134") returned 13 [0142.317] SetLastError (dwErrCode=0x0) [0142.318] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000134_v1$") returned 65 [0142.318] SetLastError (dwErrCode=0x0) [0142.318] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000134_v1$") returned 0x0 [0142.318] GetLastError () returned 0x2 [0142.318] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0x37c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.318] CloseHandle (hObject=0x34c) returned 1 [0142.329] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.329] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.329] SetLastError (dwErrCode=0x0) [0142.329] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x2de20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2de2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.329] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.329] SetLastError (dwErrCode=0x0) [0142.329] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x2de20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.330] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.330] SetLastError (dwErrCode=0x0) [0142.330] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.330] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.330] SetLastError (dwErrCode=0x0) [0142.330] CloseHandle (hObject=0x37c) returned 1 [0142.330] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.345] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.345] SetLastError (dwErrCode=0x0) [0142.345] CloseHandle (hObject=0x378) returned 1 [0142.345] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="rangestremendous.exe")) returned 1 [0142.346] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x720, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.346] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.346] SetLastError (dwErrCode=0x0) [0142.346] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.346] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.346] GetLastError () returned 0x7a [0142.346] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5130, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5130, ReturnLength=0x895f12c) returned 1 [0142.346] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5138*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.347] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.347] SetLastError (dwErrCode=0x0) [0142.347] CloseHandle (hObject=0x37c) returned 1 [0142.347] CloseHandle (hObject=0x378) returned 1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="csrss.exe") returned 1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="smss.exe") returned -1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="lsass.exe") returned 1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="services.exe") returned -1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="spoolsv.exe") returned -1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="winlogon.exe") returned -1 [0142.347] lstrcmpiW (lpString1="rangestremendous.exe", lpString2="chrome.exe") returned 1 [0142.347] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x720, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0142.347] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.347] SetLastError (dwErrCode=0x0) [0142.347] GetLastError () returned 0x0 [0142.348] SetLastError (dwErrCode=0x0) [0142.348] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0142.348] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.348] CloseHandle (hObject=0x37c) returned 1 [0142.348] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000720") returned 10 [0142.348] SetLastError (dwErrCode=0x0) [0142.348] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000720_v1$") returned 62 [0142.348] SetLastError (dwErrCode=0x0) [0142.348] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000720_v1$") returned 0x0 [0142.348] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.348] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.348] GetLastError () returned 0x2 [0142.348] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.348] GetLastError () returned 0x2 [0142.348] SetLastError (dwErrCode=0x2) [0142.348] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000720_v1$") returned 0x37c [0142.348] GetLastError () returned 0x0 [0142.348] SetLastError (dwErrCode=0x0) [0142.348] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0142.348] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.348] GetLastError () returned 0x7a [0142.348] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf4fb0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4fb0, ReturnLength=0x895ee08) returned 1 [0142.348] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4fb8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.349] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.349] SetLastError (dwErrCode=0x0) [0142.349] CloseHandle (hObject=0x34c) returned 1 [0142.349] SetLastError (dwErrCode=0x0) [0142.349] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.349] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.349] SetLastError (dwErrCode=0x0) [0142.349] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.349] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.349] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.349] SetLastError (dwErrCode=0x0) [0142.349] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.349] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.349] SetLastError (dwErrCode=0x0) [0142.349] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x7ec87008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.349] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0xe80000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.349] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.350] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.350] SetLastError (dwErrCode=0x0) [0142.350] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.350] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x34c) returned 0x0 [0142.350] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.350] SetLastError (dwErrCode=0x0) [0142.350] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.351] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.351] SetLastError (dwErrCode=0x0) [0142.351] CloseHandle (hObject=0x34c) returned 1 [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\rangestremendous.exe") returned="rangestremendous.exe" [0142.351] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.351] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x34c) returned 0x0 [0142.352] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0x378, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2d80000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.354] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.354] SetLastError (dwErrCode=0x0) [0142.354] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.355] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.355] SetLastError (dwErrCode=0x0) [0142.355] SetLastError (dwErrCode=0x0) [0142.360] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000720") returned 13 [0142.360] SetLastError (dwErrCode=0x0) [0142.360] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000720_v1$") returned 65 [0142.360] SetLastError (dwErrCode=0x0) [0142.360] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000720_v1$") returned 0x0 [0142.360] GetLastError () returned 0x2 [0142.360] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0x378, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.360] CloseHandle (hObject=0x37c) returned 1 [0142.372] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.372] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.372] SetLastError (dwErrCode=0x0) [0142.372] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x2f420c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2f42000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.372] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.372] SetLastError (dwErrCode=0x0) [0142.372] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x2f420c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.372] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.372] SetLastError (dwErrCode=0x0) [0142.372] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.373] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.373] SetLastError (dwErrCode=0x0) [0142.373] CloseHandle (hObject=0x378) returned 1 [0142.373] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.388] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.388] SetLastError (dwErrCode=0x0) [0142.388] CloseHandle (hObject=0x34c) returned 1 [0142.388] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="uncertainty_furnishings_tramadol.exe")) returned 1 [0142.389] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x644, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x34c) returned 0x0 [0142.389] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.389] SetLastError (dwErrCode=0x0) [0142.389] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x378) returned 1 [0142.389] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.389] GetLastError () returned 0x7a [0142.389] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5070, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5070, ReturnLength=0x895f12c) returned 1 [0142.389] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5078*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.389] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.389] SetLastError (dwErrCode=0x0) [0142.389] CloseHandle (hObject=0x378) returned 1 [0142.390] CloseHandle (hObject=0x34c) returned 1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="csrss.exe") returned 1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="smss.exe") returned 1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="lsass.exe") returned 1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="services.exe") returned 1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="spoolsv.exe") returned 1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="winlogon.exe") returned -1 [0142.390] lstrcmpiW (lpString1="uncertainty_furnishings_tramadol.exe", lpString2="chrome.exe") returned 1 [0142.390] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x644, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x34c) returned 0x0 [0142.390] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.390] SetLastError (dwErrCode=0x0) [0142.390] GetLastError () returned 0x0 [0142.390] SetLastError (dwErrCode=0x0) [0142.390] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0142.390] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.390] CloseHandle (hObject=0x378) returned 1 [0142.390] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000644") returned 10 [0142.390] SetLastError (dwErrCode=0x0) [0142.390] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000644_v1$") returned 62 [0142.390] SetLastError (dwErrCode=0x0) [0142.390] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000644_v1$") returned 0x0 [0142.390] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.390] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.390] GetLastError () returned 0x2 [0142.390] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.390] GetLastError () returned 0x2 [0142.390] SetLastError (dwErrCode=0x2) [0142.390] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000644_v1$") returned 0x378 [0142.390] GetLastError () returned 0x0 [0142.390] SetLastError (dwErrCode=0x0) [0142.390] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0142.390] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.391] GetLastError () returned 0x7a [0142.391] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf4fb0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4fb0, ReturnLength=0x895ee08) returned 1 [0142.391] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4fb8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.391] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.391] SetLastError (dwErrCode=0x0) [0142.391] CloseHandle (hObject=0x37c) returned 1 [0142.391] SetLastError (dwErrCode=0x0) [0142.391] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.391] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.391] SetLastError (dwErrCode=0x0) [0142.391] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.391] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.391] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.391] SetLastError (dwErrCode=0x0) [0142.391] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.392] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.392] SetLastError (dwErrCode=0x0) [0142.392] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x7ee5f008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.392] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0xa60000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.392] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.392] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.392] SetLastError (dwErrCode=0x0) [0142.392] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.392] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0142.392] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.392] SetLastError (dwErrCode=0x0) [0142.392] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.393] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.393] SetLastError (dwErrCode=0x0) [0142.393] CloseHandle (hObject=0x37c) returned 1 [0142.393] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.393] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.393] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.393] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.393] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.393] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.393] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.393] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.393] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.393] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.393] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.393] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe") returned="uncertainty_furnishings_tramadol.exe" [0142.394] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.394] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0142.394] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x34c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2580000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.397] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.397] SetLastError (dwErrCode=0x0) [0142.397] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.398] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.398] SetLastError (dwErrCode=0x0) [0142.398] SetLastError (dwErrCode=0x0) [0142.402] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000644") returned 13 [0142.402] SetLastError (dwErrCode=0x0) [0142.402] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000644_v1$") returned 65 [0142.402] SetLastError (dwErrCode=0x0) [0142.402] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000644_v1$") returned 0x0 [0142.402] GetLastError () returned 0x2 [0142.402] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x34c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.402] CloseHandle (hObject=0x378) returned 1 [0142.416] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.416] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.416] SetLastError (dwErrCode=0x0) [0142.416] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x27420c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2742000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.416] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.416] SetLastError (dwErrCode=0x0) [0142.416] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x27420c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.416] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.416] SetLastError (dwErrCode=0x0) [0142.416] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.417] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.417] SetLastError (dwErrCode=0x0) [0142.417] CloseHandle (hObject=0x34c) returned 1 [0142.417] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.432] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.432] SetLastError (dwErrCode=0x0) [0142.432] CloseHandle (hObject=0x37c) returned 1 [0142.432] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="batteries_dirty.exe")) returned 1 [0142.432] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xbd4, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0142.432] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.432] SetLastError (dwErrCode=0x0) [0142.432] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x34c) returned 1 [0142.433] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.433] GetLastError () returned 0x7a [0142.433] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5430, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5430, ReturnLength=0x895f12c) returned 1 [0142.433] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5438*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.433] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.433] SetLastError (dwErrCode=0x0) [0142.433] CloseHandle (hObject=0x34c) returned 1 [0142.433] CloseHandle (hObject=0x37c) returned 1 [0142.433] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="csrss.exe") returned -1 [0142.433] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="smss.exe") returned -1 [0142.433] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="lsass.exe") returned -1 [0142.433] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="services.exe") returned -1 [0142.434] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="spoolsv.exe") returned -1 [0142.434] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="winlogon.exe") returned -1 [0142.434] lstrcmpiW (lpString1="batteries_dirty.exe", lpString2="chrome.exe") returned -1 [0142.434] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xbd4, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0142.434] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.434] SetLastError (dwErrCode=0x0) [0142.434] GetLastError () returned 0x0 [0142.434] SetLastError (dwErrCode=0x0) [0142.434] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x34c) returned 1 [0142.434] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.434] CloseHandle (hObject=0x34c) returned 1 [0142.434] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000BD4") returned 10 [0142.434] SetLastError (dwErrCode=0x0) [0142.434] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BD4_v1$") returned 62 [0142.434] SetLastError (dwErrCode=0x0) [0142.434] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BD4_v1$") returned 0x0 [0142.434] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.434] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.434] GetLastError () returned 0x2 [0142.434] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.434] GetLastError () returned 0x2 [0142.434] SetLastError (dwErrCode=0x2) [0142.434] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000BD4_v1$") returned 0x34c [0142.434] GetLastError () returned 0x0 [0142.434] SetLastError (dwErrCode=0x0) [0142.434] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0142.434] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.434] GetLastError () returned 0x7a [0142.434] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5310, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5310, ReturnLength=0x895ee08) returned 1 [0142.434] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5318*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.435] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.435] SetLastError (dwErrCode=0x0) [0142.435] CloseHandle (hObject=0x378) returned 1 [0142.435] SetLastError (dwErrCode=0x0) [0142.435] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.435] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.435] SetLastError (dwErrCode=0x0) [0142.435] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.435] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.435] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.435] SetLastError (dwErrCode=0x0) [0142.435] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.435] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.435] SetLastError (dwErrCode=0x0) [0142.435] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x7e7c5008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.435] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0xc60000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.436] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.436] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.436] SetLastError (dwErrCode=0x0) [0142.436] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.436] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x378) returned 0x0 [0142.436] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.436] SetLastError (dwErrCode=0x0) [0142.436] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.437] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.437] SetLastError (dwErrCode=0x0) [0142.437] CloseHandle (hObject=0x378) returned 1 [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.437] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe") returned="batteries_dirty.exe" [0142.437] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.438] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x378) returned 0x0 [0142.438] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0x37c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2180000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.440] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.440] SetLastError (dwErrCode=0x0) [0142.440] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.441] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.441] SetLastError (dwErrCode=0x0) [0142.441] SetLastError (dwErrCode=0x0) [0142.446] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000BD4") returned 13 [0142.446] SetLastError (dwErrCode=0x0) [0142.446] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000BD4_v1$") returned 65 [0142.446] SetLastError (dwErrCode=0x0) [0142.446] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000BD4_v1$") returned 0x0 [0142.446] GetLastError () returned 0x2 [0142.446] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0x37c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.446] CloseHandle (hObject=0x34c) returned 1 [0142.458] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.459] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.459] SetLastError (dwErrCode=0x0) [0142.459] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x23420c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2342000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.459] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.459] SetLastError (dwErrCode=0x0) [0142.459] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x23420c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.459] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.459] SetLastError (dwErrCode=0x0) [0142.459] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.460] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.460] SetLastError (dwErrCode=0x0) [0142.460] CloseHandle (hObject=0x37c) returned 1 [0142.460] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.476] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.476] SetLastError (dwErrCode=0x0) [0142.476] CloseHandle (hObject=0x378) returned 1 [0142.476] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="disorder.exe")) returned 1 [0142.476] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x8e8, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.476] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.476] SetLastError (dwErrCode=0x0) [0142.476] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.477] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.477] GetLastError () returned 0x7a [0142.477] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5280, ReturnLength=0x895f12c) returned 1 [0142.477] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.477] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.477] SetLastError (dwErrCode=0x0) [0142.477] CloseHandle (hObject=0x37c) returned 1 [0142.477] CloseHandle (hObject=0x378) returned 1 [0142.477] lstrcmpiW (lpString1="disorder.exe", lpString2="csrss.exe") returned 1 [0142.477] lstrcmpiW (lpString1="disorder.exe", lpString2="smss.exe") returned -1 [0142.477] lstrcmpiW (lpString1="disorder.exe", lpString2="lsass.exe") returned -1 [0142.477] lstrcmpiW (lpString1="disorder.exe", lpString2="services.exe") returned -1 [0142.478] lstrcmpiW (lpString1="disorder.exe", lpString2="spoolsv.exe") returned -1 [0142.478] lstrcmpiW (lpString1="disorder.exe", lpString2="winlogon.exe") returned -1 [0142.478] lstrcmpiW (lpString1="disorder.exe", lpString2="chrome.exe") returned 1 [0142.478] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x8e8, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0142.478] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.478] SetLastError (dwErrCode=0x0) [0142.478] GetLastError () returned 0x0 [0142.478] SetLastError (dwErrCode=0x0) [0142.478] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0142.478] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.478] CloseHandle (hObject=0x37c) returned 1 [0142.478] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x000008E8") returned 10 [0142.478] SetLastError (dwErrCode=0x0) [0142.478] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000008E8_v1$") returned 62 [0142.478] SetLastError (dwErrCode=0x0) [0142.478] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000008E8_v1$") returned 0x0 [0142.478] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.478] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.478] GetLastError () returned 0x2 [0142.478] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.478] GetLastError () returned 0x2 [0142.478] SetLastError (dwErrCode=0x2) [0142.478] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x000008E8_v1$") returned 0x37c [0142.478] GetLastError () returned 0x0 [0142.478] SetLastError (dwErrCode=0x0) [0142.478] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x34c) returned 1 [0142.478] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.478] GetLastError () returned 0x7a [0142.478] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf4e90, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4e90, ReturnLength=0x895ee08) returned 1 [0142.478] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4e98*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.479] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.479] SetLastError (dwErrCode=0x0) [0142.479] CloseHandle (hObject=0x34c) returned 1 [0142.479] SetLastError (dwErrCode=0x0) [0142.479] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.479] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.479] SetLastError (dwErrCode=0x0) [0142.479] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.479] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.479] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.479] SetLastError (dwErrCode=0x0) [0142.479] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.479] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.479] SetLastError (dwErrCode=0x0) [0142.479] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x7f73b008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.479] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x1b0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.480] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.480] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.480] SetLastError (dwErrCode=0x0) [0142.480] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.480] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x34c) returned 0x0 [0142.480] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.480] SetLastError (dwErrCode=0x0) [0142.480] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.481] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.481] SetLastError (dwErrCode=0x0) [0142.481] CloseHandle (hObject=0x34c) returned 1 [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.481] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.481] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Portable Devices\\disorder.exe") returned="disorder.exe" [0142.482] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.482] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x34c) returned 0x0 [0142.482] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0x378, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x23e0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.484] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.484] SetLastError (dwErrCode=0x0) [0142.484] NtMapViewOfSection (in: SectionHandle=0x34c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.485] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.485] SetLastError (dwErrCode=0x0) [0142.485] SetLastError (dwErrCode=0x0) [0142.496] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x000008E8") returned 13 [0142.496] SetLastError (dwErrCode=0x0) [0142.496] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000008E8_v1$") returned 65 [0142.496] SetLastError (dwErrCode=0x0) [0142.496] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x000008E8_v1$") returned 0x0 [0142.496] GetLastError () returned 0x2 [0142.496] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0x378, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.496] CloseHandle (hObject=0x37c) returned 1 [0142.584] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.584] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.584] SetLastError (dwErrCode=0x0) [0142.584] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x25a20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x25a2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.584] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.584] SetLastError (dwErrCode=0x0) [0142.584] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x25a20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.584] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.584] SetLastError (dwErrCode=0x0) [0142.584] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.585] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.585] SetLastError (dwErrCode=0x0) [0142.585] CloseHandle (hObject=0x378) returned 1 [0142.585] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.600] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.600] SetLastError (dwErrCode=0x0) [0142.600] CloseHandle (hObject=0x34c) returned 1 [0142.600] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1 [0142.601] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x708, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x34c) returned 0x0 [0142.601] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.601] SetLastError (dwErrCode=0x0) [0142.601] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x378) returned 1 [0142.601] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.601] GetLastError () returned 0x7a [0142.601] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf4ec0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4ec0, ReturnLength=0x895f12c) returned 1 [0142.601] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4ec8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.602] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.602] SetLastError (dwErrCode=0x0) [0142.602] CloseHandle (hObject=0x378) returned 1 [0142.602] CloseHandle (hObject=0x34c) returned 1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="csrss.exe") returned 1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="smss.exe") returned 1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="lsass.exe") returned 1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="services.exe") returned 1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="spoolsv.exe") returned -1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="winlogon.exe") returned -1 [0142.602] lstrcmpiW (lpString1="solo.exe", lpString2="chrome.exe") returned 1 [0142.602] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x708, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x34c) returned 0x0 [0142.602] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.602] SetLastError (dwErrCode=0x0) [0142.602] GetLastError () returned 0x0 [0142.602] SetLastError (dwErrCode=0x0) [0142.602] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0142.602] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.602] CloseHandle (hObject=0x378) returned 1 [0142.602] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000708") returned 10 [0142.602] SetLastError (dwErrCode=0x0) [0142.602] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000708_v1$") returned 62 [0142.602] SetLastError (dwErrCode=0x0) [0142.602] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000708_v1$") returned 0x0 [0142.602] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.602] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.602] GetLastError () returned 0x2 [0142.602] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.603] GetLastError () returned 0x2 [0142.603] SetLastError (dwErrCode=0x2) [0142.603] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000708_v1$") returned 0x378 [0142.603] GetLastError () returned 0x0 [0142.603] SetLastError (dwErrCode=0x0) [0142.603] OpenProcessToken (in: ProcessHandle=0x34c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0142.603] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.603] GetLastError () returned 0x7a [0142.603] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf4f80, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4f80, ReturnLength=0x895ee08) returned 1 [0142.603] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4f88*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.603] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.603] SetLastError (dwErrCode=0x0) [0142.603] CloseHandle (hObject=0x37c) returned 1 [0142.603] SetLastError (dwErrCode=0x0) [0142.603] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.604] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.604] SetLastError (dwErrCode=0x0) [0142.604] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.604] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.604] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.604] SetLastError (dwErrCode=0x0) [0142.604] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.604] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.604] SetLastError (dwErrCode=0x0) [0142.604] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x7f64a008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.604] ReadProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x80000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.604] NtQueryInformationProcess (in: ProcessHandle=0x34c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.604] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.604] SetLastError (dwErrCode=0x0) [0142.605] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.605] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0142.605] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.605] SetLastError (dwErrCode=0x0) [0142.605] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.605] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.605] SetLastError (dwErrCode=0x0) [0142.605] CloseHandle (hObject=0x37c) returned 1 [0142.605] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.605] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.605] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.605] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.605] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.605] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.605] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.605] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.605] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.605] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.605] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.605] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe") returned="solo.exe" [0142.606] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.606] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0142.606] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x34c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x1f00000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.609] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.609] SetLastError (dwErrCode=0x0) [0142.609] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.610] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.610] SetLastError (dwErrCode=0x0) [0142.610] SetLastError (dwErrCode=0x0) [0142.615] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000708") returned 13 [0142.615] SetLastError (dwErrCode=0x0) [0142.615] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000708_v1$") returned 65 [0142.615] SetLastError (dwErrCode=0x0) [0142.615] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000708_v1$") returned 0x0 [0142.615] GetLastError () returned 0x2 [0142.615] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x34c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.615] CloseHandle (hObject=0x378) returned 1 [0142.629] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.629] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.629] SetLastError (dwErrCode=0x0) [0142.629] NtProtectVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x895efac*=0x20c20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x20c2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.629] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.629] SetLastError (dwErrCode=0x0) [0142.629] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x20c20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.629] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.629] SetLastError (dwErrCode=0x0) [0142.629] NtWriteVirtualMemory (in: ProcessHandle=0x34c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.630] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.630] SetLastError (dwErrCode=0x0) [0142.630] CloseHandle (hObject=0x34c) returned 1 [0142.630] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.645] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.645] SetLastError (dwErrCode=0x0) [0142.645] CloseHandle (hObject=0x37c) returned 1 [0142.645] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="likes skiing.exe")) returned 1 [0142.646] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xb54, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0142.646] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.646] SetLastError (dwErrCode=0x0) [0142.646] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x34c) returned 1 [0142.646] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.646] GetLastError () returned 0x7a [0142.646] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5280, ReturnLength=0x895f12c) returned 1 [0142.647] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.647] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.647] SetLastError (dwErrCode=0x0) [0142.647] CloseHandle (hObject=0x34c) returned 1 [0142.647] CloseHandle (hObject=0x37c) returned 1 [0142.647] lstrcmpiW (lpString1="likes skiing.exe", lpString2="csrss.exe") returned 1 [0142.647] lstrcmpiW (lpString1="likes skiing.exe", lpString2="smss.exe") returned -1 [0142.647] lstrcmpiW (lpString1="likes skiing.exe", lpString2="lsass.exe") returned -1 [0142.647] lstrcmpiW (lpString1="likes skiing.exe", lpString2="services.exe") returned -1 [0142.647] lstrcmpiW (lpString1="likes skiing.exe", lpString2="spoolsv.exe") returned -1 [0142.647] lstrcmpiW (lpString1="likes skiing.exe", lpString2="winlogon.exe") returned -1 [0142.648] lstrcmpiW (lpString1="likes skiing.exe", lpString2="chrome.exe") returned 1 [0142.648] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xb54, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0142.648] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.648] SetLastError (dwErrCode=0x0) [0142.648] GetLastError () returned 0x0 [0142.648] SetLastError (dwErrCode=0x0) [0142.648] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x34c) returned 1 [0142.648] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.648] CloseHandle (hObject=0x34c) returned 1 [0142.648] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000B54") returned 10 [0142.648] SetLastError (dwErrCode=0x0) [0142.648] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B54_v1$") returned 62 [0142.648] SetLastError (dwErrCode=0x0) [0142.648] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B54_v1$") returned 0x0 [0142.648] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.648] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.648] GetLastError () returned 0x2 [0142.648] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.648] GetLastError () returned 0x2 [0142.648] SetLastError (dwErrCode=0x2) [0142.648] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B54_v1$") returned 0x34c [0142.648] GetLastError () returned 0x0 [0142.648] SetLastError (dwErrCode=0x0) [0142.648] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0142.648] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.648] GetLastError () returned 0x7a [0142.648] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf4f20, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4f20, ReturnLength=0x895ee08) returned 1 [0142.648] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4f28*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.649] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.649] SetLastError (dwErrCode=0x0) [0142.649] CloseHandle (hObject=0x378) returned 1 [0142.649] SetLastError (dwErrCode=0x0) [0142.649] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.649] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.649] SetLastError (dwErrCode=0x0) [0142.649] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.649] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.649] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.649] SetLastError (dwErrCode=0x0) [0142.649] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.649] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.649] SetLastError (dwErrCode=0x0) [0142.649] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x7f554008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.649] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x13a0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.650] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.650] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.650] SetLastError (dwErrCode=0x0) [0142.650] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.650] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x378) returned 0x0 [0142.650] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.650] SetLastError (dwErrCode=0x0) [0142.650] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.651] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.651] SetLastError (dwErrCode=0x0) [0142.651] CloseHandle (hObject=0x378) returned 1 [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.651] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.651] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.652] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.652] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.652] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.652] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.652] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.652] PathFindFileNameW (pszPath="C:\\Program Files\\Java\\likes skiing.exe") returned="likes skiing.exe" [0142.652] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.652] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x378) returned 0x0 [0142.652] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0x37c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x27c0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.654] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.654] SetLastError (dwErrCode=0x0) [0142.655] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.656] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.656] SetLastError (dwErrCode=0x0) [0142.656] SetLastError (dwErrCode=0x0) [0142.661] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000B54") returned 13 [0142.661] SetLastError (dwErrCode=0x0) [0142.661] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000B54_v1$") returned 65 [0142.661] SetLastError (dwErrCode=0x0) [0142.661] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000B54_v1$") returned 0x0 [0142.661] GetLastError () returned 0x2 [0142.661] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0x37c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.661] CloseHandle (hObject=0x34c) returned 1 [0142.672] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.672] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.673] SetLastError (dwErrCode=0x0) [0142.673] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x29820c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2982000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.673] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.673] SetLastError (dwErrCode=0x0) [0142.673] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x29820c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.673] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.673] SetLastError (dwErrCode=0x0) [0142.673] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.674] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.674] SetLastError (dwErrCode=0x0) [0142.674] CloseHandle (hObject=0x37c) returned 1 [0142.674] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.689] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.689] SetLastError (dwErrCode=0x0) [0142.689] CloseHandle (hObject=0x378) returned 1 [0142.689] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="touringcontinuedrussia.exe")) returned 1 [0142.690] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xb58, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.690] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.690] SetLastError (dwErrCode=0x0) [0142.690] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.690] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.690] GetLastError () returned 0x7a [0142.690] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5310, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5310, ReturnLength=0x895f12c) returned 1 [0142.690] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5318*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.692] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.692] SetLastError (dwErrCode=0x0) [0142.692] CloseHandle (hObject=0x37c) returned 1 [0142.692] CloseHandle (hObject=0x378) returned 1 [0142.692] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="csrss.exe") returned 1 [0142.692] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="smss.exe") returned 1 [0142.786] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="lsass.exe") returned 1 [0142.786] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="services.exe") returned 1 [0142.786] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="spoolsv.exe") returned 1 [0142.786] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="winlogon.exe") returned -1 [0142.786] lstrcmpiW (lpString1="touringcontinuedrussia.exe", lpString2="chrome.exe") returned 1 [0142.786] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xb58, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x360) returned 0x0 [0142.787] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.787] SetLastError (dwErrCode=0x0) [0142.787] GetLastError () returned 0x0 [0142.787] SetLastError (dwErrCode=0x0) [0142.787] OpenProcessToken (in: ProcessHandle=0x360, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0142.787] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.787] CloseHandle (hObject=0x378) returned 1 [0142.787] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000B58") returned 10 [0142.787] SetLastError (dwErrCode=0x0) [0142.788] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B58_v1$") returned 62 [0142.788] SetLastError (dwErrCode=0x0) [0142.788] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B58_v1$") returned 0x0 [0142.788] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.788] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.788] GetLastError () returned 0x2 [0142.788] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.788] GetLastError () returned 0x2 [0142.788] SetLastError (dwErrCode=0x2) [0142.789] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B58_v1$") returned 0x378 [0142.789] GetLastError () returned 0x0 [0142.789] SetLastError (dwErrCode=0x0) [0142.789] OpenProcessToken (in: ProcessHandle=0x360, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0142.789] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.789] GetLastError () returned 0x7a [0142.789] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5160, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5160, ReturnLength=0x895ee08) returned 1 [0142.790] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5168*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.793] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.793] SetLastError (dwErrCode=0x0) [0142.793] CloseHandle (hObject=0x37c) returned 1 [0142.793] SetLastError (dwErrCode=0x0) [0142.793] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.793] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.793] SetLastError (dwErrCode=0x0) [0142.793] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.794] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.794] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.794] SetLastError (dwErrCode=0x0) [0142.794] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.794] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.794] SetLastError (dwErrCode=0x0) [0142.794] ReadProcessMemory (in: hProcess=0x360, lpBaseAddress=0x7ed9f008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.795] ReadProcessMemory (in: hProcess=0x360, lpBaseAddress=0x12b0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.795] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.797] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.797] SetLastError (dwErrCode=0x0) [0142.797] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.798] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0142.798] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.798] SetLastError (dwErrCode=0x0) [0142.798] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.801] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.801] SetLastError (dwErrCode=0x0) [0142.801] CloseHandle (hObject=0x37c) returned 1 [0142.801] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.801] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.801] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.801] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.801] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.802] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.802] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.802] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.802] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.802] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.802] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.802] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.802] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.802] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.802] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.803] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.803] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.803] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.803] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.803] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.803] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.803] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.803] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.803] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.803] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.804] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.804] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.804] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.804] PathFindFileNameW (pszPath="C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe") returned="touringcontinuedrussia.exe" [0142.804] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.804] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0142.805] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x360, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2ec0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.816] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.816] SetLastError (dwErrCode=0x0) [0142.817] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.820] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.821] SetLastError (dwErrCode=0x0) [0142.821] SetLastError (dwErrCode=0x0) [0142.835] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000B58") returned 13 [0142.835] SetLastError (dwErrCode=0x0) [0142.835] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000B58_v1$") returned 65 [0142.835] SetLastError (dwErrCode=0x0) [0142.835] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000B58_v1$") returned 0x0 [0142.835] GetLastError () returned 0x2 [0142.835] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x360, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.835] CloseHandle (hObject=0x378) returned 1 [0142.854] NtProtectVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.854] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.854] SetLastError (dwErrCode=0x0) [0142.854] NtProtectVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x895efac*=0x30820c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x3082000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.854] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.854] SetLastError (dwErrCode=0x0) [0142.854] NtWriteVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x30820c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.854] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.854] SetLastError (dwErrCode=0x0) [0142.855] NtWriteVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.855] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.855] SetLastError (dwErrCode=0x0) [0142.855] CloseHandle (hObject=0x360) returned 1 [0142.855] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.873] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.873] SetLastError (dwErrCode=0x0) [0142.873] CloseHandle (hObject=0x37c) returned 1 [0142.873] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="matching.exe")) returned 1 [0142.873] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xb84, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0142.874] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.874] SetLastError (dwErrCode=0x0) [0142.874] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x360) returned 1 [0142.874] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.874] GetLastError () returned 0x7a [0142.874] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0x1, TokenInformation=0xbf53d0, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf53d0, ReturnLength=0x895f12c) returned 1 [0142.874] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf53d8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.874] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.874] SetLastError (dwErrCode=0x0) [0142.874] CloseHandle (hObject=0x360) returned 1 [0142.874] CloseHandle (hObject=0x37c) returned 1 [0142.874] lstrcmpiW (lpString1="matching.exe", lpString2="csrss.exe") returned 1 [0142.875] lstrcmpiW (lpString1="matching.exe", lpString2="smss.exe") returned -1 [0142.875] lstrcmpiW (lpString1="matching.exe", lpString2="lsass.exe") returned 1 [0142.875] lstrcmpiW (lpString1="matching.exe", lpString2="services.exe") returned -1 [0142.875] lstrcmpiW (lpString1="matching.exe", lpString2="spoolsv.exe") returned -1 [0142.875] lstrcmpiW (lpString1="matching.exe", lpString2="winlogon.exe") returned -1 [0142.875] lstrcmpiW (lpString1="matching.exe", lpString2="chrome.exe") returned 1 [0142.875] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xb84, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0142.875] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.875] SetLastError (dwErrCode=0x0) [0142.875] GetLastError () returned 0x0 [0142.875] SetLastError (dwErrCode=0x0) [0142.875] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x360) returned 1 [0142.875] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.875] CloseHandle (hObject=0x360) returned 1 [0142.875] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000B84") returned 10 [0142.875] SetLastError (dwErrCode=0x0) [0142.875] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B84_v1$") returned 62 [0142.875] SetLastError (dwErrCode=0x0) [0142.875] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B84_v1$") returned 0x0 [0142.875] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.875] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.875] GetLastError () returned 0x2 [0142.875] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.875] GetLastError () returned 0x2 [0142.875] SetLastError (dwErrCode=0x2) [0142.875] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000B84_v1$") returned 0x360 [0142.875] GetLastError () returned 0x0 [0142.875] SetLastError (dwErrCode=0x0) [0142.875] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0142.875] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.875] GetLastError () returned 0x7a [0142.875] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5070, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5070, ReturnLength=0x895ee08) returned 1 [0142.875] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5078*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.876] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.876] SetLastError (dwErrCode=0x0) [0142.876] CloseHandle (hObject=0x378) returned 1 [0142.876] SetLastError (dwErrCode=0x0) [0142.876] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.876] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.876] SetLastError (dwErrCode=0x0) [0142.876] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.876] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.876] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.876] SetLastError (dwErrCode=0x0) [0142.876] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.876] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.876] SetLastError (dwErrCode=0x0) [0142.876] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x7edd8008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.877] ReadProcessMemory (in: hProcess=0x37c, lpBaseAddress=0x850000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.877] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.877] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.877] SetLastError (dwErrCode=0x0) [0142.877] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.877] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x378) returned 0x0 [0142.877] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.877] SetLastError (dwErrCode=0x0) [0142.877] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.878] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.878] SetLastError (dwErrCode=0x0) [0142.878] CloseHandle (hObject=0x378) returned 1 [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.878] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.878] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.879] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.879] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.879] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.879] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.879] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.879] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.879] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.879] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.879] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.879] PathFindFileNameW (pszPath="C:\\Program Files\\Common Files\\matching.exe") returned="matching.exe" [0142.879] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.879] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x378) returned 0x0 [0142.879] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0x37c, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2ae0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.881] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.881] SetLastError (dwErrCode=0x0) [0142.882] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.882] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.883] SetLastError (dwErrCode=0x0) [0142.883] SetLastError (dwErrCode=0x0) [0142.887] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000B84") returned 13 [0142.887] SetLastError (dwErrCode=0x0) [0142.887] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000B84_v1$") returned 65 [0142.887] SetLastError (dwErrCode=0x0) [0142.887] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000B84_v1$") returned 0x0 [0142.887] GetLastError () returned 0x2 [0142.887] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x360, hTargetProcessHandle=0x37c, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.887] CloseHandle (hObject=0x360) returned 1 [0142.899] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.899] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.899] SetLastError (dwErrCode=0x0) [0142.899] NtProtectVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x895efac*=0x2ca20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x2ca2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.899] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.899] SetLastError (dwErrCode=0x0) [0142.899] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x2ca20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.899] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.899] SetLastError (dwErrCode=0x0) [0142.899] NtWriteVirtualMemory (in: ProcessHandle=0x37c, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.900] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.900] SetLastError (dwErrCode=0x0) [0142.900] CloseHandle (hObject=0x37c) returned 1 [0142.900] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.915] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.915] SetLastError (dwErrCode=0x0) [0142.915] CloseHandle (hObject=0x378) returned 1 [0142.915] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="readingsunto.exe")) returned 1 [0142.916] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xa1c, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x378) returned 0x0 [0142.916] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.916] SetLastError (dwErrCode=0x0) [0142.916] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x37c) returned 1 [0142.916] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.916] GetLastError () returned 0x7a [0142.916] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf4e60, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf4e60, ReturnLength=0x895f12c) returned 1 [0142.916] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4e68*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.916] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.916] SetLastError (dwErrCode=0x0) [0142.917] CloseHandle (hObject=0x37c) returned 1 [0142.917] CloseHandle (hObject=0x378) returned 1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="csrss.exe") returned 1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="smss.exe") returned -1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="lsass.exe") returned 1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="services.exe") returned -1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="spoolsv.exe") returned -1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="winlogon.exe") returned -1 [0142.917] lstrcmpiW (lpString1="readingsunto.exe", lpString2="chrome.exe") returned 1 [0142.917] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xa1c, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x378) returned 0x0 [0142.917] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.917] SetLastError (dwErrCode=0x0) [0142.917] GetLastError () returned 0x0 [0142.917] SetLastError (dwErrCode=0x0) [0142.917] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x37c) returned 1 [0142.917] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.917] CloseHandle (hObject=0x37c) returned 1 [0142.917] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000A1C") returned 10 [0142.917] SetLastError (dwErrCode=0x0) [0142.917] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000A1C_v1$") returned 62 [0142.917] SetLastError (dwErrCode=0x0) [0142.917] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000A1C_v1$") returned 0x0 [0142.917] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.917] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.917] GetLastError () returned 0x2 [0142.917] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.917] GetLastError () returned 0x2 [0142.917] SetLastError (dwErrCode=0x2) [0142.917] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000A1C_v1$") returned 0x37c [0142.917] GetLastError () returned 0x0 [0142.917] SetLastError (dwErrCode=0x0) [0142.917] OpenProcessToken (in: ProcessHandle=0x378, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x360) returned 1 [0142.918] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.918] GetLastError () returned 0x7a [0142.918] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0x1, TokenInformation=0xbf4fe0, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf4fe0, ReturnLength=0x895ee08) returned 1 [0142.918] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf4fe8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.918] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.918] SetLastError (dwErrCode=0x0) [0142.918] CloseHandle (hObject=0x360) returned 1 [0142.918] SetLastError (dwErrCode=0x0) [0142.918] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.918] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.918] SetLastError (dwErrCode=0x0) [0142.918] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.918] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.918] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.918] SetLastError (dwErrCode=0x0) [0142.918] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.919] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.919] SetLastError (dwErrCode=0x0) [0142.919] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x7eec7008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.919] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x360000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.919] NtQueryInformationProcess (in: ProcessHandle=0x378, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.919] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.919] SetLastError (dwErrCode=0x0) [0142.919] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.919] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x360) returned 0x0 [0142.919] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.919] SetLastError (dwErrCode=0x0) [0142.919] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.920] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.920] SetLastError (dwErrCode=0x0) [0142.920] CloseHandle (hObject=0x360) returned 1 [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.920] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.920] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.921] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.921] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.921] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.921] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.921] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.921] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.921] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.921] PathFindFileNameW (pszPath="C:\\Program Files\\Uninstall Information\\readingsunto.exe") returned="readingsunto.exe" [0142.921] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.921] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x360) returned 0x0 [0142.921] NtMapViewOfSection (in: SectionHandle=0x360, ProcessHandle=0x378, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x26e0000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.923] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.923] SetLastError (dwErrCode=0x0) [0142.924] NtMapViewOfSection (in: SectionHandle=0x360, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.925] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.925] SetLastError (dwErrCode=0x0) [0142.925] SetLastError (dwErrCode=0x0) [0142.929] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000A1C") returned 13 [0142.929] SetLastError (dwErrCode=0x0) [0142.929] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000A1C_v1$") returned 65 [0142.929] SetLastError (dwErrCode=0x0) [0142.929] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000A1C_v1$") returned 0x0 [0142.929] GetLastError () returned 0x2 [0142.929] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0x378, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.929] CloseHandle (hObject=0x37c) returned 1 [0142.941] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.941] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.941] SetLastError (dwErrCode=0x0) [0142.941] NtProtectVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x895efac*=0x28a20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x28a2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.942] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.942] SetLastError (dwErrCode=0x0) [0142.942] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x28a20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.942] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.942] SetLastError (dwErrCode=0x0) [0142.942] NtWriteVirtualMemory (in: ProcessHandle=0x378, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.942] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.942] SetLastError (dwErrCode=0x0) [0142.942] CloseHandle (hObject=0x378) returned 1 [0142.942] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0142.958] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.958] SetLastError (dwErrCode=0x0) [0142.958] CloseHandle (hObject=0x360) returned 1 [0142.958] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="colininstallations.exe")) returned 1 [0142.959] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0xa6c, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x360) returned 0x0 [0142.959] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.959] SetLastError (dwErrCode=0x0) [0142.959] OpenProcessToken (in: ProcessHandle=0x360, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x378) returned 1 [0142.959] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0142.959] GetLastError () returned 0x7a [0142.959] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5280, ReturnLength=0x895f12c) returned 1 [0142.959] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0142.960] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.960] SetLastError (dwErrCode=0x0) [0142.960] CloseHandle (hObject=0x378) returned 1 [0142.960] CloseHandle (hObject=0x360) returned 1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="csrss.exe") returned -1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="smss.exe") returned -1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="lsass.exe") returned -1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="services.exe") returned -1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="spoolsv.exe") returned -1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="winlogon.exe") returned -1 [0142.960] lstrcmpiW (lpString1="colininstallations.exe", lpString2="chrome.exe") returned 1 [0142.960] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0xa6c, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x360) returned 0x0 [0142.960] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.960] SetLastError (dwErrCode=0x0) [0142.960] GetLastError () returned 0x0 [0142.960] SetLastError (dwErrCode=0x0) [0142.960] OpenProcessToken (in: ProcessHandle=0x360, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x378) returned 1 [0142.960] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0142.960] CloseHandle (hObject=0x378) returned 1 [0142.960] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000A6C") returned 10 [0142.960] SetLastError (dwErrCode=0x0) [0142.960] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000A6C_v1$") returned 62 [0142.960] SetLastError (dwErrCode=0x0) [0142.960] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000A6C_v1$") returned 0x0 [0142.960] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.960] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.960] GetLastError () returned 0x2 [0142.960] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0142.960] GetLastError () returned 0x2 [0142.960] SetLastError (dwErrCode=0x2) [0142.960] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000A6C_v1$") returned 0x378 [0142.961] GetLastError () returned 0x0 [0142.961] SetLastError (dwErrCode=0x0) [0142.961] OpenProcessToken (in: ProcessHandle=0x360, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x37c) returned 1 [0142.961] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0142.961] GetLastError () returned 0x7a [0142.961] GetTokenInformation (in: TokenHandle=0x37c, TokenInformationClass=0x1, TokenInformation=0xbf5430, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5430, ReturnLength=0x895ee08) returned 1 [0142.961] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5438*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0142.961] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0142.961] SetLastError (dwErrCode=0x0) [0142.961] CloseHandle (hObject=0x37c) returned 1 [0142.961] SetLastError (dwErrCode=0x0) [0142.961] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0142.961] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.961] SetLastError (dwErrCode=0x0) [0142.962] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x14, ProcessInformation=0x895f01c, ProcessInformationLength=0x4, ReturnLength=0x895f020 | out: ProcessInformation=0x895f01c, ReturnLength=0x895f020) returned 0x0 [0142.962] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x4, ProcessInformation=0x895effc, ProcessInformationLength=0x20, ReturnLength=0x895f020 | out: ProcessInformation=0x895effc, ReturnLength=0x895f020) returned 0x0 [0142.962] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.962] SetLastError (dwErrCode=0x0) [0142.962] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x0, ProcessInformation=0x895eca8, ProcessInformationLength=0x18, ReturnLength=0x895ecc0 | out: ProcessInformation=0x895eca8, ReturnLength=0x895ecc0) returned 0x0 [0142.962] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.962] SetLastError (dwErrCode=0x0) [0142.962] ReadProcessMemory (in: hProcess=0x360, lpBaseAddress=0x7ef65008, lpBuffer=0x895ecd4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x895ecd4*, lpNumberOfBytesRead=0x0) returned 1 [0142.962] ReadProcessMemory (in: hProcess=0x360, lpBaseAddress=0xfe0000, lpBuffer=0x895ecec, nSize=0x338, lpNumberOfBytesRead=0x895f024 | out: lpBuffer=0x895ecec*, lpNumberOfBytesRead=0x895f024*=0x338) returned 1 [0142.962] NtQueryInformationProcess (in: ProcessHandle=0x360, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895f020 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895f020) returned 0x0 [0142.962] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.962] SetLastError (dwErrCode=0x0) [0142.962] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.962] NtOpenProcess (in: ProcessHandle=0x895ee00, DesiredAccess=0x400, ObjectAttributes=0x895ede0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895edf8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x895ee00*=0x37c) returned 0x0 [0142.963] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.963] SetLastError (dwErrCode=0x0) [0142.963] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x2b, ProcessInformation=0xc5aa58, ProcessInformationLength=0x826, ReturnLength=0x895ee00 | out: ProcessInformation=0xc5aa58, ReturnLength=0x895ee00) returned 0x0 [0142.963] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.963] SetLastError (dwErrCode=0x0) [0142.963] CloseHandle (hObject=0x37c) returned 1 [0142.963] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Windows\\explorer.exe") returned="explorer.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.963] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.963] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] PathFindFileNameW (pszPath="C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe") returned="colininstallations.exe" [0142.964] GetWindowsDirectoryW (in: lpBuffer=0x895ebfc, uSize=0x103 | out: lpBuffer="C:\\Windows") returned 0xa [0142.964] NtCreateSection (in: SectionHandle=0x895f020, DesiredAccess=0xf001f, ObjectAttributes=0x895efdc*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x895eff4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x895f020*=0x37c) returned 0x0 [0142.964] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0x360, BaseAddress=0x895f01c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f01c*=0x2700000, SectionOffset=0x0, ViewSize=0x895f00c*=0x1c4000) returned 0x0 [0142.966] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.967] SetLastError (dwErrCode=0x0) [0142.967] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0x895f018*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x895f014*=0x1c33bb, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x895f018*=0x89e0000, SectionOffset=0x0, ViewSize=0x895f014*=0x1c4000) returned 0x0 [0142.968] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.968] SetLastError (dwErrCode=0x0) [0142.968] SetLastError (dwErrCode=0x0) [0142.972] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="SB:0x%08X", arglist=0x895efd4 | out: pszDest="SB:0x00000A6C") returned 13 [0142.972] SetLastError (dwErrCode=0x0) [0142.972] wvnsprintfA (in: pszDest=0x895eda8, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed90 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000A6C_v1$") returned 65 [0142.972] SetLastError (dwErrCode=0x0) [0142.972] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:SB:0x00000A6C_v1$") returned 0x0 [0142.973] GetLastError () returned 0x2 [0142.973] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0x360, lpTargetHandle=0x895f024, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x895f024*=0x108) returned 1 [0142.973] CloseHandle (hObject=0x378) returned 1 [0142.984] NtProtectVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x895efac*=0x77cdc700, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x77cdc000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x20) returned 0x0 [0142.984] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.984] SetLastError (dwErrCode=0x0) [0142.984] NtProtectVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x895efac*=0x28c20c7, NumberOfBytesToProtect=0x895ef9c, NewAccessProtection=0x40, OldAccessProtection=0x895f010 | out: BaseAddress=0x895efac*=0x28c2000, NumberOfBytesToProtect=0x895ef9c, OldAccessProtection=0x895f010*=0x40) returned 0x0 [0142.984] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.984] SetLastError (dwErrCode=0x0) [0142.984] NtWriteVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x28c20c7, Buffer=0x895efc4*, NumberOfBytesToWrite=0x3a, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895efc4*, NumberOfBytesWritten=0x895ef9c*=0x3a) returned 0x0 [0142.985] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.985] SetLastError (dwErrCode=0x0) [0142.985] NtWriteVirtualMemory (in: ProcessHandle=0x360, BaseAddress=0x77cdc700, Buffer=0x895f008*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x895ef9c | out: Buffer=0x895f008*, NumberOfBytesWritten=0x895ef9c*=0x6) returned 0x0 [0142.985] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0142.985] SetLastError (dwErrCode=0x0) [0142.985] CloseHandle (hObject=0x360) returned 1 [0142.985] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x89e0000) returned 0x0 [0143.000] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0143.000] SetLastError (dwErrCode=0x0) [0143.000] CloseHandle (hObject=0x37c) returned 1 [0143.000] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0143.001] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x87c, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x0) returned 0xc0000022 [0143.001] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0143.001] SetLastError (dwErrCode=0x5) [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="csrss.exe") returned -1 [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="smss.exe") returned -1 [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="lsass.exe") returned -1 [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="services.exe") returned -1 [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="spoolsv.exe") returned -1 [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="winlogon.exe") returned -1 [0143.001] lstrcmpiW (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0143.001] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x87c, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x0) returned 0xc0000022 [0143.001] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0143.001] SetLastError (dwErrCode=0x5) [0143.001] GetLastError () returned 0x5 [0143.001] NtOpenProcess (in: ProcessHandle=0x895e550, DesiredAccess=0x40000, ObjectAttributes=0x895e530*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e548*(UniqueProcess=0x87c, UniqueThread=0x0) | out: ProcessHandle=0x895e550*=0x0) returned 0xc0000022 [0143.001] RtlNtStatusToDosError (Status=0xc0000022) returned 0x5 [0143.001] SetLastError (dwErrCode=0x5) [0143.001] SetLastError (dwErrCode=0x5) [0143.001] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0143.002] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0143.003] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0143.004] NtOpenProcess (in: ProcessHandle=0x895f344, DesiredAccess=0x400, ObjectAttributes=0x895f324*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895f33c*(UniqueProcess=0x594, UniqueThread=0x0) | out: ProcessHandle=0x895f344*=0x37c) returned 0x0 [0143.004] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0143.004] SetLastError (dwErrCode=0x0) [0143.004] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f130 | out: TokenHandle=0x895f130*=0x360) returned 1 [0143.004] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895f12c | out: TokenInformation=0x0, ReturnLength=0x895f12c) returned 0 [0143.004] GetLastError () returned 0x7a [0143.004] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0x1, TokenInformation=0xbf5310, TokenInformationLength=0x24, ReturnLength=0x895f12c | out: TokenInformation=0xbf5310, ReturnLength=0x895f12c) returned 1 [0143.004] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5318*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895ed10, cchName=0x895f124, ReferencedDomainName=0x895ef18, cchReferencedDomainName=0x895f124, peUse=0x895f120 | out: Name="CIiHmnxMn6Ps", cchName=0x895f124, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895f124, peUse=0x895f120) returned 1 [0143.005] wvnsprintfW (in: pszDest=0x895f144, cchDest=259, pszFmt="%s\\%s", arglist=0x895ed00 | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0143.005] SetLastError (dwErrCode=0x0) [0143.005] CloseHandle (hObject=0x360) returned 1 [0143.005] CloseHandle (hObject=0x37c) returned 1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="csrss.exe") returned 1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="smss.exe") returned 1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="lsass.exe") returned 1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="services.exe") returned 1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="spoolsv.exe") returned 1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="winlogon.exe") returned -1 [0143.005] lstrcmpiW (lpString1="taskhostw.exe", lpString2="chrome.exe") returned 1 [0143.005] NtOpenProcess (in: ProcessHandle=0x895e570, DesiredAccess=0x478, ObjectAttributes=0x895e550*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x895e568*(UniqueProcess=0x594, UniqueThread=0x0) | out: ProcessHandle=0x895e570*=0x37c) returned 0x0 [0143.005] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0143.005] SetLastError (dwErrCode=0x0) [0143.005] GetLastError () returned 0x0 [0143.005] SetLastError (dwErrCode=0x0) [0143.005] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895f018 | out: TokenHandle=0x895f018*=0x360) returned 1 [0143.005] GetTokenInformation (in: TokenHandle=0x360, TokenInformationClass=0xc, TokenInformation=0x895f078, TokenInformationLength=0x4, ReturnLength=0x895f01c | out: TokenInformation=0x895f078, ReturnLength=0x895f01c) returned 1 [0143.005] CloseHandle (hObject=0x360) returned 1 [0143.005] wvnsprintfA (in: pszDest=0x895efe4, cchDest=63, pszFmt="0x%08X", arglist=0x895efdc | out: pszDest="0x00000594") returned 10 [0143.005] SetLastError (dwErrCode=0x0) [0143.005] wvnsprintfA (in: pszDest=0x895eda4, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x895ed8c | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000594_v1$") returned 62 [0143.005] SetLastError (dwErrCode=0x0) [0143.005] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000594_v1$") returned 0x0 [0143.006] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5aa58, dwRevision=0x1 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0143.006] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5aa58, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0143.006] GetLastError () returned 0x2 [0143.006] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5aa58, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5aa58) returned 1 [0143.006] GetLastError () returned 0x2 [0143.006] SetLastError (dwErrCode=0x2) [0143.006] CreateEventA (lpEventAttributes=0x895eea0, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_P:0x00000594_v1$") returned 0x360 [0143.006] GetLastError () returned 0x0 [0143.006] SetLastError (dwErrCode=0x0) [0143.006] OpenProcessToken (in: ProcessHandle=0x37c, DesiredAccess=0x8, TokenHandle=0x895ee0c | out: TokenHandle=0x895ee0c*=0x378) returned 1 [0143.006] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x895ee08 | out: TokenInformation=0x0, ReturnLength=0x895ee08) returned 0 [0143.006] GetLastError () returned 0x7a [0143.006] GetTokenInformation (in: TokenHandle=0x378, TokenInformationClass=0x1, TokenInformation=0xbf5280, TokenInformationLength=0x24, ReturnLength=0x895ee08 | out: TokenInformation=0xbf5280, ReturnLength=0x895ee08) returned 1 [0143.006] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xbf5288*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x895e9ec, cchName=0x895ee00, ReferencedDomainName=0x895ebf4, cchReferencedDomainName=0x895ee00, peUse=0x895edfc | out: Name="CIiHmnxMn6Ps", cchName=0x895ee00, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x895ee00, peUse=0x895edfc) returned 1 [0143.006] wvnsprintfW (in: pszDest=0x895ee20, cchDest=259, pszFmt="%s\\%s", arglist=0x895e9dc | out: pszDest="CIiHmnxMn6Ps\\LHNIWSJ") returned 20 [0143.006] SetLastError (dwErrCode=0x0) [0143.007] CloseHandle (hObject=0x378) returned 1 [0143.007] SetLastError (dwErrCode=0x0) [0143.007] NtQueryInformationProcess (in: ProcessHandle=0x37c, ProcessInformationClass=0x1a, ProcessInformation=0x895f020, ProcessInformationLength=0x4, ReturnLength=0x895f024 | out: ProcessInformation=0x895f020, ReturnLength=0x895f024) returned 0x0 [0143.007] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0143.007] SetLastError (dwErrCode=0x0) [0143.007] CloseHandle (hObject=0x360) returned 1 [0143.007] CloseHandle (hObject=0x37c) returned 1 [0143.007] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x73c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0143.007] Process32NextW (in: hSnapshot=0x374, lppe=0x895f3a0 | out: lppe=0x895f3a0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x0, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="")) returned 0 [0143.008] CloseHandle (hObject=0x374) returned 1 [0143.008] Sleep (dwMilliseconds=0x7d0) [0145.011] Sleep (dwMilliseconds=0x7d0) [0152.456] Sleep (dwMilliseconds=0x7d0) [0154.472] Sleep (dwMilliseconds=0x7d0) Thread: id = 17 os_tid = 0xa08 [0141.912] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x9, ThreadInformation=0x89df528, ThreadInformationLength=0x4, ReturnLength=0x89df52c | out: ThreadInformation=0x89df528, ReturnLength=0x89df52c) returned 0x0 [0141.912] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x0, ThreadInformation=0xc58ad8, ThreadInformationLength=0x1c, ReturnLength=0x89df52c | out: ThreadInformation=0xc58ad8, ReturnLength=0x89df52c) returned 0x0 [0141.912] SetLastError (dwErrCode=0x0) [0141.912] BuildExplicitAccessWithNameA () returned 0x0 [0141.912] BuildExplicitAccessWithNameA () returned 0x0 [0141.912] SetEntriesInAclA () returned 0x0 [0141.914] SetSecurityInfo () returned 0x0 [0141.914] LocalFree (hMem=0xbea908) returned 0x0 [0141.914] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0141.914] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x89df92c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x89df92c*=0x38c) returned 1 [0141.914] GetCurrentThreadId () returned 0xa08 [0141.914] SetEvent (hEvent=0x348) returned 1 [0141.914] Sleep (dwMilliseconds=0xbb8) [0144.917] GetTickCount () returned 0x31202 [0144.917] GetCurrentThreadId () returned 0xa08 [0144.917] RtlRandom (in: Seed=0x89df8b4 | out: Seed=0x89df8b4) returned 0x10a36cfb [0144.917] GetTickCount () returned 0x31202 [0144.917] GetCurrentThreadId () returned 0xa08 [0144.917] RtlRandom (in: Seed=0x89df8b4 | out: Seed=0x89df8b4) returned 0xa10cdc99 [0144.917] GetTickCount () returned 0x31202 [0144.917] GetCurrentThreadId () returned 0xa08 [0144.917] RtlRandom (in: Seed=0x89df8b4 | out: Seed=0x89df8b4) returned 0xf9d9ac78 [0144.917] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374 [0144.917] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77d338f8, lpParameter=0xc59778, dwCreationFlags=0x4, lpThreadId=0x89df8d8 | out: lpThreadId=0x89df8d8*=0x85c) returned 0x37c [0144.918] NtGetContextThread (in: ThreadHandle=0x37c, Context=0x89df5e8 | out: Context=0x89df5e8*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc59778, Edx=0x0, Ecx=0x0, Eax=0x77d338f8, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x739fee4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0144.918] NtSetContextThread (ThreadHandle=0x37c, Context=0x89df5e8*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xc59778, Edx=0x0, Ecx=0x0, Eax=0x510806d, Ebp=0x0, Eip=0x77d0aef0, SegCs=0x23, EFlags=0x202, Esp=0x739fee4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0144.918] NtResumeThread (in: ThreadHandle=0x37c, SuspendCount=0x89df8cc | out: SuspendCount=0x89df8cc*=0x1) returned 0x0 [0144.918] WaitForSingleObject (hHandle=0x374, dwMilliseconds=0x7d0) returned 0x0 [0144.920] OpenThread (dwDesiredAccess=0x40000, bInheritHandle=0, dwThreadId=0x85c) returned 0x34c [0144.920] BuildExplicitAccessWithNameA () returned 0x0 [0144.920] SetEntriesInAclA () returned 0x0 [0144.921] SetSecurityInfo () returned 0x0 [0144.921] LocalFree (hMem=0xc58ad8) returned 0x0 [0144.921] CloseHandle (hObject=0x374) returned 0 [0144.921] CloseHandle (hObject=0x37c) returned 1 [0144.921] Sleep (dwMilliseconds=0x96) [0145.073] wvnsprintfA (in: pszDest=0x89df6dc, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x89df6c4 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULiFS_v1$") returned 57 [0145.073] SetLastError (dwErrCode=0x0) [0145.073] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULiFS_v1$") returned 0x0 [0145.073] GetLastError () returned 0x2 [0145.073] wvnsprintfW (in: pszDest=0x89df6fc, cchDest=260, pszFmt="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\%s", arglist=0x89df4e4 | out: pszDest="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe") returned 90 [0145.073] SetLastError (dwErrCode=0x0) [0145.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe", ulOptions=0x0, samDesired=0x101, phkResult=0x89df4d0 | out: phkResult=0x89df4d0*=0x37c) returned 0x0 [0145.074] SetLastError (dwErrCode=0x0) [0145.074] RegQueryValueExW (in: hKey=0x37c, lpValueName="Debugger", lpReserved=0x0, lpType=0x89df4c8, lpData=0x89df4f4, lpcbData=0x89df4cc*=0x208 | out: lpType=0x89df4c8*=0x0, lpData=0x89df4f4*=0x0, lpcbData=0x89df4cc*=0x208) returned 0x2 [0145.074] RegCloseKey (hKey=0x37c) returned 0x0 [0145.074] SetLastError (dwErrCode=0x2) [0145.074] GetLastError () returned 0x2 [0145.074] lstrcmpiW (lpString1="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpString2="C:\\Windows\\SysWOW64\\explorer.exe") returned -1 [0145.074] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe")) returned 0x2003 [0145.074] wvnsprintfW (in: pszDest=0x89df3bc, cchDest=2147483647, pszFmt="\"%s\"", arglist=0x89df390 | out: pszDest="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 50 [0145.074] SetLastError (dwErrCode=0x0) [0145.074] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x89df160, lpdwDisposition=0x0 | out: phkResult=0x89df160*=0x37c, lpdwDisposition=0x0) returned 0x0 [0145.074] SetLastError (dwErrCode=0x0) [0145.074] RtlInitUnicodeString (in: DestinationString=0x89df12c, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0145.074] NtSetValueKey (in: KeyHandle=0x37c, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", DataSize=0x62 | out: Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 0x0 [0145.074] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0145.074] SetLastError (dwErrCode=0x0) [0145.074] RegCloseKey (hKey=0x37c) returned 0x0 [0145.074] SetLastError (dwErrCode=0x0) [0145.074] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", ulOptions=0x0, samDesired=0x101, phkResult=0x89df160 | out: phkResult=0x89df160*=0x37c) returned 0x0 [0145.074] SetLastError (dwErrCode=0x0) [0145.074] RegQueryValueExW (in: hKey=0x37c, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0x89df158, lpData=0x89df17c, lpcbData=0x89df15c*=0x207 | out: lpType=0x89df158*=0x1, lpData="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpcbData=0x89df15c*=0x62) returned 0x0 [0145.074] RegCloseKey (hKey=0x37c) returned 0x0 [0145.074] SetLastError (dwErrCode=0x0) [0145.075] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x89df160, lpdwDisposition=0x0 | out: phkResult=0x89df160*=0x37c, lpdwDisposition=0x0) returned 0x0 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] RtlInitUnicodeString (in: DestinationString=0x89df12c, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0145.075] NtSetValueKey (in: KeyHandle=0x37c, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", DataSize=0x66 | out: Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 0x0 [0145.075] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] RegCloseKey (hKey=0x37c) returned 0x0 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x101, phkResult=0x89df160 | out: phkResult=0x89df160*=0x37c) returned 0x0 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] RegQueryValueExW (in: hKey=0x37c, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0x89df158, lpData=0x89df17c, lpcbData=0x89df15c*=0x207 | out: lpType=0x89df158*=0x1, lpData="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", lpcbData=0x89df15c*=0x66) returned 0x0 [0145.075] RegCloseKey (hKey=0x37c) returned 0x0 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] wvnsprintfA (in: pszDest=0x89df6d0, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x89df6b8 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_G:PRB_v1$") returned 55 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_G:PRB_v1$") returned 0x0 [0145.075] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5ee30, dwRevision=0x1 | out: pSecurityDescriptor=0xc5ee30) returned 1 [0145.075] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5ee30, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5ee30) returned 1 [0145.075] GetLastError () returned 0x2 [0145.075] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5ee30, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5ee30) returned 1 [0145.075] GetLastError () returned 0x2 [0145.075] SetLastError (dwErrCode=0x2) [0145.075] CreateEventA (lpEventAttributes=0x89df7cc, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_G:PRB_v1$") returned 0x37c [0145.075] GetLastError () returned 0x0 [0145.075] SetLastError (dwErrCode=0x0) [0145.075] Sleep (dwMilliseconds=0x96) [0145.349] Sleep (dwMilliseconds=0x14) [0145.370] CloseHandle (hObject=0x37c) returned 1 [0145.370] NtReadVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5159698, Buffer=0x89df8f8, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x89df8d0 | out: Buffer=0x89df8f8*, NumberOfBytesRead=0x89df8d0*=0x4) returned 0x0 [0145.370] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0145.370] SetLastError (dwErrCode=0x0) [0145.370] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xc8) returned 0x102 [0145.573] WaitForSingleObject (hHandle=0x2dc, dwMilliseconds=0xbb8) returned 0x102 [0152.457] Sleep (dwMilliseconds=0x96) [0154.288] wvnsprintfA (in: pszDest=0x89df6dc, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x89df6c4 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULiFS_v1$") returned 57 [0154.288] SetLastError (dwErrCode=0x0) [0154.289] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_C:ULiFS_v1$") returned 0x0 [0154.289] GetLastError () returned 0x2 [0154.289] wvnsprintfW (in: pszDest=0x89df6fc, cchDest=260, pszFmt="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\%s", arglist=0x89df4e4 | out: pszDest="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe") returned 90 [0154.289] SetLastError (dwErrCode=0x0) [0154.289] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ws97995e1qms.exe", ulOptions=0x0, samDesired=0x101, phkResult=0x89df4d0 | out: phkResult=0x89df4d0*=0x37c) returned 0x0 [0154.289] SetLastError (dwErrCode=0x0) [0154.289] RegQueryValueExW (in: hKey=0x37c, lpValueName="Debugger", lpReserved=0x0, lpType=0x89df4c8, lpData=0x89df4f4, lpcbData=0x89df4cc*=0x208 | out: lpType=0x89df4c8*=0x0, lpData=0x89df4f4*=0x0, lpcbData=0x89df4cc*=0x208) returned 0x2 [0154.289] RegCloseKey (hKey=0x37c) returned 0x0 [0154.289] SetLastError (dwErrCode=0x2) [0154.289] GetLastError () returned 0x2 [0154.289] lstrcmpiW (lpString1="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpString2="C:\\Windows\\SysWOW64\\explorer.exe") returned -1 [0154.289] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe")) returned 0x2003 [0154.289] wvnsprintfW (in: pszDest=0x89df3bc, cchDest=2147483647, pszFmt="\"%s\"", arglist=0x89df390 | out: pszDest="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 50 [0154.289] SetLastError (dwErrCode=0x0) [0154.289] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x89df160, lpdwDisposition=0x0 | out: phkResult=0x89df160*=0x37c, lpdwDisposition=0x0) returned 0x0 [0154.289] SetLastError (dwErrCode=0x0) [0154.289] RtlInitUnicodeString (in: DestinationString=0x89df12c, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0154.289] NtSetValueKey (in: KeyHandle=0x37c, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", DataSize=0x62 | out: Data="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe") returned 0x0 [0154.290] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegCloseKey (hKey=0x37c) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", ulOptions=0x0, samDesired=0x101, phkResult=0x89df160 | out: phkResult=0x89df160*=0x37c) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegQueryValueExW (in: hKey=0x37c, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0x89df158, lpData=0x89df17c, lpcbData=0x89df15c*=0x207 | out: lpType=0x89df158*=0x1, lpData="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpcbData=0x89df15c*=0x62) returned 0x0 [0154.290] RegCloseKey (hKey=0x37c) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x102, lpSecurityAttributes=0x0, phkResult=0x89df160, lpdwDisposition=0x0 | out: phkResult=0x89df160*=0x37c, lpdwDisposition=0x0) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RtlInitUnicodeString (in: DestinationString=0x89df12c, SourceString="Task Protect 2.3" | out: DestinationString="Task Protect 2.3") [0154.290] NtSetValueKey (in: KeyHandle=0x37c, ValueName="Task Protect 2.3", TitleIndex=0x0, Type=0x1, Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", DataSize=0x66 | out: Data="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"") returned 0x0 [0154.290] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegCloseKey (hKey=0x37c) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x101, phkResult=0x89df160 | out: phkResult=0x89df160*=0x37c) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] RegQueryValueExW (in: hKey=0x37c, lpValueName="Task Protect 2.3", lpReserved=0x0, lpType=0x89df158, lpData=0x89df17c, lpcbData=0x89df15c*=0x207 | out: lpType=0x89df158*=0x1, lpData="\"C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe\"", lpcbData=0x89df15c*=0x66) returned 0x0 [0154.290] RegCloseKey (hKey=0x37c) returned 0x0 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] wvnsprintfA (in: pszDest=0x89df6d0, cchDest=259, pszFmt="G:%s_0x%08X_%c:%s_v1$", arglist=0x89df6b8 | out: pszDest="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_G:PRB_v1$") returned 55 [0154.290] SetLastError (dwErrCode=0x0) [0154.290] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_G:PRB_v1$") returned 0x0 [0154.290] InitializeSecurityDescriptor (in: pSecurityDescriptor=0xc5ee30, dwRevision=0x1 | out: pSecurityDescriptor=0xc5ee30) returned 1 [0154.291] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0xc5ee30, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0xc5ee30) returned 1 [0154.291] GetLastError () returned 0x2 [0154.291] SetSecurityDescriptorSacl (in: pSecurityDescriptor=0xc5ee30, bSaclPresent=1, pSacl=0x0, bSaclDefaulted=0 | out: pSecurityDescriptor=0xc5ee30) returned 1 [0154.291] GetLastError () returned 0x2 [0154.291] SetLastError (dwErrCode=0x2) [0154.291] CreateEventA (lpEventAttributes=0x89df7cc, bManualReset=1, bInitialState=0, lpName="G:338D6C74C011B1F5D9786BD7CA63FBA4_0x11980343_G:PRB_v1$") returned 0x37c [0154.291] GetLastError () returned 0x0 [0154.291] SetLastError (dwErrCode=0x0) [0154.291] Sleep (dwMilliseconds=0x96) [0154.454] lstrcmpiW (lpString1="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", lpString2="C:\\Windows\\SysWOW64\\explorer.exe") returned -1 [0154.455] CreateFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000080, hTemplateFile=0x0) returned 0x374 [0154.455] GetLastError () returned 0x0 [0154.455] wvnsprintfW (in: pszDest=0x89df4a4, cchDest=276, pszFmt="%s.manifest", arglist=0x89df49c | out: pszDest="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe.manifest") returned 57 [0154.455] SetLastError (dwErrCode=0x0) [0154.455] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe.manifest" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe.manifest")) returned 0xffffffff [0154.455] GetLastError () returned 0x2 [0154.455] wvnsprintfW (in: pszDest=0x89df4a4, cchDest=276, pszFmt="%s.config", arglist=0x89df49c | out: pszDest="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe.config") returned 55 [0154.455] SetLastError (dwErrCode=0x0) [0154.455] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe.config" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe.config")) returned 0xffffffff [0154.455] GetLastError () returned 0x2 [0154.455] wvnsprintfW (in: pszDest=0x89df290, cchDest=259, pszFmt="%s:Zone.Identifier", arglist=0x89df28c | out: pszDest="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe:Zone.Identifier") returned 64 [0154.455] SetLastError (dwErrCode=0x0) [0154.455] DeleteFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe:Zone.Identifier" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe:zone.identifier")) returned 0 [0154.456] GetFileSize (in: hFile=0x374, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15a2d8 [0154.456] GetLastError () returned 0x2 [0154.456] CloseHandle (hObject=0x374) returned 1 [0154.456] GetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe")) returned 0x2003 [0154.456] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", dwFileAttributes=0x80) returned 1 [0154.456] CreateFileW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe" (normalized: "c:\\programdata\\task protect 2.3\\ws97995e1qms.exe"), dwDesiredAccess=0x10000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x374 [0154.457] SetFileAttributesW (lpFileName="C:\\ProgramData\\Task Protect 2.3\\ws97995e1qms.exe", dwFileAttributes=0x2003) returned 1 [0154.457] SetHandleInformation (hObject=0x374, dwMask=0x2, dwFlags=0x2) returned 1 [0154.457] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x89df6d8 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0154.457] GetNamedSecurityInfoW () returned 0x0 [0154.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148568, cbMultiByte=8, lpWideCharStr=0xc58dd0, cchWideChar=8 | out: lpWideCharStr="EVERYONE") returned 8 [0154.458] GetExplicitEntriesFromAclA () returned 0x0 [0154.458] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc5c0d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x89df6a4, cchName=0x89df8b0, ReferencedDomainName=0x89df49c, cchReferencedDomainName=0x89df8ac, peUse=0x89df8b4 | out: Name="SYSTEM", cchName=0x89df8b0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x89df8ac, peUse=0x89df8b4) returned 1 [0154.459] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc5c0dc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), Name=0x89df6a4, cchName=0x89df8b0, ReferencedDomainName=0x89df49c, cchReferencedDomainName=0x89df8ac, peUse=0x89df8b4 | out: Name="Administrators", cchName=0x89df8b0, ReferencedDomainName="BUILTIN", cchReferencedDomainName=0x89df8ac, peUse=0x89df8b4) returned 1 [0154.460] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc5c0ec*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x89df6a4, cchName=0x89df8b0, ReferencedDomainName=0x89df49c, cchReferencedDomainName=0x89df8ac, peUse=0x89df8b4 | out: Name="CIiHmnxMn6Ps", cchName=0x89df8b0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x89df8ac, peUse=0x89df8b4) returned 1 [0154.460] LocalFree (hMem=0xc5c070) returned 0x0 [0154.460] BuildExplicitAccessWithNameA () returned 0x0 [0154.460] BuildExplicitAccessWithNameA () returned 0x0 [0154.460] BuildExplicitAccessWithNameA () returned 0x0 [0154.460] BuildExplicitAccessWithNameA () returned 0x0 [0154.460] SetEntriesInAclA () returned 0x0 [0154.462] SetNamedSecurityInfoW () returned 0x0 [0154.473] LocalFree (hMem=0xbda5b8) returned 0x0 [0154.473] LocalFree (hMem=0xc5bc68) returned 0x0 [0154.473] GetNamedSecurityInfoW () returned 0x0 [0154.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5148568, cbMultiByte=8, lpWideCharStr=0xc58f90, cchWideChar=8 | out: lpWideCharStr="EVERYONE") returned 8 [0154.473] GetExplicitEntriesFromAclA () returned 0x0 [0154.473] BuildExplicitAccessWithNameA () returned 0x0 [0154.473] BuildExplicitAccessWithNameA () returned 0x0 [0154.473] BuildExplicitAccessWithNameA () returned 0x0 [0154.473] BuildExplicitAccessWithNameA () returned 0x0 [0154.473] SetEntriesInAclA () returned 0x0 [0154.475] SetNamedSecurityInfoW () returned 0x0 [0154.476] LocalFree (hMem=0xc5c0d8) returned 0x0 [0154.476] LocalFree (hMem=0xc5bc68) returned 0x0 [0154.476] Sleep (dwMilliseconds=0x96) [0154.642] Sleep (dwMilliseconds=0x14) Thread: id = 57 os_tid = 0x85c [0144.918] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x9, ThreadInformation=0x739fa54, ThreadInformationLength=0x4, ReturnLength=0x739fa58 | out: ThreadInformation=0x739fa54, ReturnLength=0x739fa58) returned 0x0 [0144.918] NtQueryInformationThread (in: ThreadHandle=0xfffffffe, ThreadInformationClass=0x0, ThreadInformation=0xc58c40, ThreadInformationLength=0x1c, ReturnLength=0x739fa58 | out: ThreadInformation=0xc58c40, ReturnLength=0x739fa58) returned 0x0 [0144.918] SetLastError (dwErrCode=0x0) [0144.918] BuildExplicitAccessWithNameA () returned 0x0 [0144.918] BuildExplicitAccessWithNameA () returned 0x0 [0144.918] SetEntriesInAclA () returned 0x0 [0144.920] SetSecurityInfo () returned 0x0 [0144.920] LocalFree (hMem=0xbea7b8) returned 0x0 [0144.920] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0144.920] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x739fe58, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x739fe58*=0x34c) returned 1 [0144.920] GetCurrentThreadId () returned 0x85c [0144.920] SetEvent (hEvent=0x374) returned 1 [0144.920] CloseHandle (hObject=0x374) returned 1 [0144.920] CloseHandle (hObject=0x34c) returned 1 [0144.920] NtTerminateThread (ThreadHandle=0xfffffffe, ExitStatus=0x1) Process: id = "4" image_name = "uni.exe" filename = "c:\\program files\\windows portable devices\\uni.exe" page_root = "0x66734000" os_pid = "0xaf0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\uni.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 785 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 786 start_va = 0x530000 end_va = 0x533fff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 787 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 788 start_va = 0x550000 end_va = 0x563fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 789 start_va = 0x570000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 790 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 791 start_va = 0x6b0000 end_va = 0x6b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 792 start_va = 0x6c0000 end_va = 0x6c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 793 start_va = 0x6d0000 end_va = 0x6d1fff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 794 start_va = 0x6e0000 end_va = 0x79dfff entry_point = 0x6e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 795 start_va = 0x7e0000 end_va = 0x7e0fff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 796 start_va = 0x7f0000 end_va = 0x7f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 797 start_va = 0x810000 end_va = 0x81ffff entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 798 start_va = 0x920000 end_va = 0x9d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 799 start_va = 0xa00000 end_va = 0xafffff entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 800 start_va = 0xb00000 end_va = 0xc87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 801 start_va = 0xc90000 end_va = 0xe10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 802 start_va = 0xe20000 end_va = 0xe2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 803 start_va = 0xe30000 end_va = 0xe6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 804 start_va = 0xe70000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 805 start_va = 0xfc0000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 806 start_va = 0x1040000 end_va = 0x1056fff entry_point = 0x1040000 region_type = mapped_file name = "uni.exe" filename = "\\Program Files\\Windows Portable Devices\\uni.exe" (normalized: "c:\\program files\\windows portable devices\\uni.exe") Region: id = 807 start_va = 0x1060000 end_va = 0x245ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 808 start_va = 0x2460000 end_va = 0x2623fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002460000" filename = "" Region: id = 809 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 810 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 811 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 812 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 813 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 814 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 815 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 816 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 817 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 818 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 819 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 820 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 821 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 822 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 823 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 824 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 825 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 826 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 827 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 828 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 829 start_va = 0x7f310000 end_va = 0x7f40ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f310000" filename = "" Region: id = 830 start_va = 0x7f410000 end_va = 0x7f432fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f410000" filename = "" Region: id = 831 start_va = 0x7f435000 end_va = 0x7f437fff entry_point = 0x0 region_type = private name = "private_0x000000007f435000" filename = "" Region: id = 832 start_va = 0x7f43b000 end_va = 0x7f43dfff entry_point = 0x0 region_type = private name = "private_0x000000007f43b000" filename = "" Region: id = 833 start_va = 0x7f43e000 end_va = 0x7f43efff entry_point = 0x0 region_type = private name = "private_0x000000007f43e000" filename = "" Region: id = 834 start_va = 0x7f43f000 end_va = 0x7f43ffff entry_point = 0x0 region_type = private name = "private_0x000000007f43f000" filename = "" Region: id = 835 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 836 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 837 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 838 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 18 os_tid = 0xad0 Thread: id = 19 os_tid = 0xb18 Process: id = "5" image_name = "ten.exe" filename = "c:\\program files\\internet explorer\\ten.exe" page_root = "0x74609000" os_pid = "0x5cc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Internet Explorer\\ten.exe\" " cur_dir = "C:\\Program Files\\Internet Explorer\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 841 start_va = 0x50000 end_va = 0x5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 842 start_va = 0x60000 end_va = 0x63fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 843 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 844 start_va = 0x80000 end_va = 0x93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 845 start_va = 0xa0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 846 start_va = 0xe0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 847 start_va = 0x1e0000 end_va = 0x1e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 848 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 849 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 850 start_va = 0x210000 end_va = 0x2cdfff entry_point = 0x210000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 851 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 852 start_va = 0x2e0000 end_va = 0x2e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 853 start_va = 0x300000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 854 start_va = 0x460000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 855 start_va = 0x560000 end_va = 0x6e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 856 start_va = 0x6f0000 end_va = 0x7a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 857 start_va = 0x7b0000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 858 start_va = 0x7c0000 end_va = 0x7fffff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 859 start_va = 0x830000 end_va = 0x83ffff entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 860 start_va = 0x840000 end_va = 0x9c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 861 start_va = 0xa60000 end_va = 0xa76fff entry_point = 0xa60000 region_type = mapped_file name = "ten.exe" filename = "\\Program Files\\Internet Explorer\\ten.exe" (normalized: "c:\\program files\\internet explorer\\ten.exe") Region: id = 862 start_va = 0xa80000 end_va = 0x1e7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 863 start_va = 0x1e80000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 864 start_va = 0x1f80000 end_va = 0x2143fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f80000" filename = "" Region: id = 865 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 866 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 867 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 868 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 869 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 870 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 871 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 872 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 873 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 874 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 875 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 876 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 877 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 878 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 879 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 880 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 881 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 882 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 883 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 884 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 885 start_va = 0x7e2d0000 end_va = 0x7e3cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e2d0000" filename = "" Region: id = 886 start_va = 0x7e3d0000 end_va = 0x7e3f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e3d0000" filename = "" Region: id = 887 start_va = 0x7e3f3000 end_va = 0x7e3f3fff entry_point = 0x0 region_type = private name = "private_0x000000007e3f3000" filename = "" Region: id = 888 start_va = 0x7e3f6000 end_va = 0x7e3f8fff entry_point = 0x0 region_type = private name = "private_0x000000007e3f6000" filename = "" Region: id = 889 start_va = 0x7e3fc000 end_va = 0x7e3fefff entry_point = 0x0 region_type = private name = "private_0x000000007e3fc000" filename = "" Region: id = 890 start_va = 0x7e3ff000 end_va = 0x7e3fffff entry_point = 0x0 region_type = private name = "private_0x000000007e3ff000" filename = "" Region: id = 891 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 892 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 893 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 894 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 20 os_tid = 0xa74 Thread: id = 21 os_tid = 0x8c4 Process: id = "6" image_name = "gp-blank.exe" filename = "c:\\program files (x86)\\windows multimedia platform\\gp-blank.exe" page_root = "0x72a1e000" os_pid = "0x968" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Multimedia Platform\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 897 start_va = 0xd40000 end_va = 0xd4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 898 start_va = 0xd50000 end_va = 0xd53fff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 899 start_va = 0xd60000 end_va = 0xd60fff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 900 start_va = 0xd70000 end_va = 0xd83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 901 start_va = 0xd90000 end_va = 0xdcffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 902 start_va = 0xdd0000 end_va = 0xecffff entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 903 start_va = 0xed0000 end_va = 0xed3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 904 start_va = 0xee0000 end_va = 0xee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ee0000" filename = "" Region: id = 905 start_va = 0xef0000 end_va = 0xef1fff entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 906 start_va = 0xf00000 end_va = 0xfbdfff entry_point = 0xf00000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 907 start_va = 0x1000000 end_va = 0x1000fff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 908 start_va = 0x1010000 end_va = 0x1013fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001010000" filename = "" Region: id = 909 start_va = 0x1050000 end_va = 0x1066fff entry_point = 0x1050000 region_type = mapped_file name = "gp-blank.exe" filename = "\\Program Files (x86)\\Windows Multimedia Platform\\gp-blank.exe" (normalized: "c:\\program files (x86)\\windows multimedia platform\\gp-blank.exe") Region: id = 910 start_va = 0x1070000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 911 start_va = 0x1120000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 912 start_va = 0x1250000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 913 start_va = 0x1360000 end_va = 0x14e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001360000" filename = "" Region: id = 914 start_va = 0x14f0000 end_va = 0x15a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014f0000" filename = "" Region: id = 915 start_va = 0x1600000 end_va = 0x160ffff entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 916 start_va = 0x1610000 end_va = 0x1790fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001610000" filename = "" Region: id = 917 start_va = 0x17a0000 end_va = 0x2b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017a0000" filename = "" Region: id = 918 start_va = 0x2ba0000 end_va = 0x2c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 919 start_va = 0x2d40000 end_va = 0x2d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 920 start_va = 0x2d50000 end_va = 0x2f13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d50000" filename = "" Region: id = 921 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 922 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 923 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 924 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 925 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 926 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 927 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 928 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 929 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 930 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 931 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 932 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 933 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 934 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 935 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 936 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 937 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 938 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 939 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 940 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 941 start_va = 0x7ea5d000 end_va = 0x7ea5ffff entry_point = 0x0 region_type = private name = "private_0x000000007ea5d000" filename = "" Region: id = 942 start_va = 0x7ea60000 end_va = 0x7eb5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea60000" filename = "" Region: id = 943 start_va = 0x7eb60000 end_va = 0x7eb82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eb60000" filename = "" Region: id = 944 start_va = 0x7eb84000 end_va = 0x7eb84fff entry_point = 0x0 region_type = private name = "private_0x000000007eb84000" filename = "" Region: id = 945 start_va = 0x7eb8a000 end_va = 0x7eb8afff entry_point = 0x0 region_type = private name = "private_0x000000007eb8a000" filename = "" Region: id = 946 start_va = 0x7eb8d000 end_va = 0x7eb8ffff entry_point = 0x0 region_type = private name = "private_0x000000007eb8d000" filename = "" Region: id = 947 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 948 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 949 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 950 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 22 os_tid = 0xa58 Thread: id = 23 os_tid = 0x734 Process: id = "7" image_name = "engagement cologne.exe" filename = "c:\\program files (x86)\\common files\\engagement cologne.exe" page_root = "0x74b32000" os_pid = "0x8d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\engagement cologne.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 953 start_va = 0x770000 end_va = 0x77ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 954 start_va = 0x780000 end_va = 0x783fff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 955 start_va = 0x790000 end_va = 0x790fff entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 956 start_va = 0x7a0000 end_va = 0x7b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 957 start_va = 0x7c0000 end_va = 0x7fffff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 958 start_va = 0x800000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 959 start_va = 0x900000 end_va = 0x903fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 960 start_va = 0x910000 end_va = 0x910fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 961 start_va = 0x920000 end_va = 0x921fff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 962 start_va = 0x930000 end_va = 0x930fff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 963 start_va = 0x940000 end_va = 0x956fff entry_point = 0x940000 region_type = mapped_file name = "engagement cologne.exe" filename = "\\Program Files (x86)\\Common Files\\engagement cologne.exe" (normalized: "c:\\program files (x86)\\common files\\engagement cologne.exe") Region: id = 964 start_va = 0x9a0000 end_va = 0x9a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 965 start_va = 0x9c0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 966 start_va = 0x9e0000 end_va = 0x9effff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 967 start_va = 0x9f0000 end_va = 0xaadfff entry_point = 0x9f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 968 start_va = 0xab0000 end_va = 0xb67fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 969 start_va = 0xb70000 end_va = 0xc6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 970 start_va = 0xd70000 end_va = 0xef7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 971 start_va = 0xf00000 end_va = 0xf3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 972 start_va = 0xfc0000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 973 start_va = 0xfd0000 end_va = 0x1150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 974 start_va = 0x1160000 end_va = 0x255ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 975 start_va = 0x2560000 end_va = 0x265ffff entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 976 start_va = 0x2660000 end_va = 0x2823fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 977 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 978 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 979 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 980 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 981 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 982 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 983 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 984 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 985 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 986 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 987 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 988 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 989 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 990 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 991 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 992 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 993 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 994 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 995 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 996 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 997 start_va = 0x7f23d000 end_va = 0x7f23ffff entry_point = 0x0 region_type = private name = "private_0x000000007f23d000" filename = "" Region: id = 998 start_va = 0x7f240000 end_va = 0x7f33ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f240000" filename = "" Region: id = 999 start_va = 0x7f340000 end_va = 0x7f362fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f340000" filename = "" Region: id = 1000 start_va = 0x7f364000 end_va = 0x7f364fff entry_point = 0x0 region_type = private name = "private_0x000000007f364000" filename = "" Region: id = 1001 start_va = 0x7f367000 end_va = 0x7f367fff entry_point = 0x0 region_type = private name = "private_0x000000007f367000" filename = "" Region: id = 1002 start_va = 0x7f36d000 end_va = 0x7f36ffff entry_point = 0x0 region_type = private name = "private_0x000000007f36d000" filename = "" Region: id = 1003 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1004 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1005 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1006 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 24 os_tid = 0x4fc Thread: id = 25 os_tid = 0x8d0 Process: id = "8" image_name = "cambridge.exe" filename = "c:\\program files (x86)\\internet explorer\\cambridge.exe" page_root = "0x7b260000" os_pid = "0x714" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\cambridge.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1009 start_va = 0x880000 end_va = 0x88ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1010 start_va = 0x890000 end_va = 0x893fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 1011 start_va = 0x8a0000 end_va = 0x8a0fff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 1012 start_va = 0x8b0000 end_va = 0x8c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 1013 start_va = 0x8d0000 end_va = 0x8e6fff entry_point = 0x8d0000 region_type = mapped_file name = "cambridge.exe" filename = "\\Program Files (x86)\\Internet Explorer\\cambridge.exe" (normalized: "c:\\program files (x86)\\internet explorer\\cambridge.exe") Region: id = 1014 start_va = 0x8f0000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 1015 start_va = 0x930000 end_va = 0xa2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1016 start_va = 0xa30000 end_va = 0xa33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1017 start_va = 0xa40000 end_va = 0xa40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1018 start_va = 0xa50000 end_va = 0xa51fff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 1019 start_va = 0xa60000 end_va = 0xb1dfff entry_point = 0xa60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1020 start_va = 0xb20000 end_va = 0xb20fff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1021 start_va = 0xb30000 end_va = 0xb33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1022 start_va = 0xb50000 end_va = 0xb5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 1023 start_va = 0xcd0000 end_va = 0xdcffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1024 start_va = 0xdd0000 end_va = 0xf57fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 1025 start_va = 0xf60000 end_va = 0x1017fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 1026 start_va = 0x1020000 end_va = 0x105ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1027 start_va = 0x1060000 end_va = 0x106ffff entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1028 start_va = 0x1070000 end_va = 0x11f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 1029 start_va = 0x1200000 end_va = 0x25fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1030 start_va = 0x2600000 end_va = 0x26fffff entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1031 start_va = 0x27f0000 end_va = 0x27fffff entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 1032 start_va = 0x2800000 end_va = 0x29c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 1033 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1034 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1035 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1036 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1037 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1038 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1039 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1040 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1041 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1042 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1043 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1044 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1045 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1046 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1047 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1048 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1049 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1050 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1051 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1052 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1053 start_va = 0x7f0c0000 end_va = 0x7f1bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f0c0000" filename = "" Region: id = 1054 start_va = 0x7f1c0000 end_va = 0x7f1e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f1c0000" filename = "" Region: id = 1055 start_va = 0x7f1e4000 end_va = 0x7f1e6fff entry_point = 0x0 region_type = private name = "private_0x000000007f1e4000" filename = "" Region: id = 1056 start_va = 0x7f1ea000 end_va = 0x7f1eafff entry_point = 0x0 region_type = private name = "private_0x000000007f1ea000" filename = "" Region: id = 1057 start_va = 0x7f1ec000 end_va = 0x7f1eefff entry_point = 0x0 region_type = private name = "private_0x000000007f1ec000" filename = "" Region: id = 1058 start_va = 0x7f1ef000 end_va = 0x7f1effff entry_point = 0x0 region_type = private name = "private_0x000000007f1ef000" filename = "" Region: id = 1059 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1060 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1061 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1062 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 26 os_tid = 0x7dc Thread: id = 27 os_tid = 0x8e4 Process: id = "9" image_name = "amateur-dishes.exe" filename = "c:\\program files\\msbuild\\amateur-dishes.exe" page_root = "0x7ac75000" os_pid = "0x1a8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\MSBuild\\amateur-dishes.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1065 start_va = 0x250000 end_va = 0x266fff entry_point = 0x250000 region_type = mapped_file name = "amateur-dishes.exe" filename = "\\Program Files\\MSBuild\\amateur-dishes.exe" (normalized: "c:\\program files\\msbuild\\amateur-dishes.exe") Region: id = 1066 start_va = 0xf30000 end_va = 0xf3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f30000" filename = "" Region: id = 1067 start_va = 0xf40000 end_va = 0xf43fff entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 1068 start_va = 0xf50000 end_va = 0xf50fff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1069 start_va = 0xf60000 end_va = 0xf73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 1070 start_va = 0xf80000 end_va = 0xfbffff entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1071 start_va = 0xfc0000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 1072 start_va = 0x10c0000 end_va = 0x10c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010c0000" filename = "" Region: id = 1073 start_va = 0x10d0000 end_va = 0x10d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010d0000" filename = "" Region: id = 1074 start_va = 0x10e0000 end_va = 0x10e1fff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 1075 start_va = 0x10f0000 end_va = 0x11adfff entry_point = 0x10f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1076 start_va = 0x11b0000 end_va = 0x11bffff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 1077 start_va = 0x1200000 end_va = 0x1200fff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1078 start_va = 0x1210000 end_va = 0x1213fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001210000" filename = "" Region: id = 1079 start_va = 0x1220000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 1080 start_va = 0x1260000 end_va = 0x126ffff entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 1081 start_va = 0x12c0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1082 start_va = 0x14c0000 end_va = 0x1647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014c0000" filename = "" Region: id = 1083 start_va = 0x1650000 end_va = 0x17d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001650000" filename = "" Region: id = 1084 start_va = 0x17e0000 end_va = 0x2bdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017e0000" filename = "" Region: id = 1085 start_va = 0x2be0000 end_va = 0x2c97fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002be0000" filename = "" Region: id = 1086 start_va = 0x2ca0000 end_va = 0x2d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 1087 start_va = 0x2dd0000 end_va = 0x2ddffff entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 1088 start_va = 0x2de0000 end_va = 0x2fa3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002de0000" filename = "" Region: id = 1089 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1090 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1091 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1092 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1093 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1094 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1095 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1096 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1097 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1098 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1099 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1100 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1101 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1102 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1103 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1104 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1105 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1106 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1107 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1108 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1109 start_va = 0x7e5a0000 end_va = 0x7e69ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e5a0000" filename = "" Region: id = 1110 start_va = 0x7e6a0000 end_va = 0x7e6c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e6a0000" filename = "" Region: id = 1111 start_va = 0x7e6c4000 end_va = 0x7e6c4fff entry_point = 0x0 region_type = private name = "private_0x000000007e6c4000" filename = "" Region: id = 1112 start_va = 0x7e6c6000 end_va = 0x7e6c8fff entry_point = 0x0 region_type = private name = "private_0x000000007e6c6000" filename = "" Region: id = 1113 start_va = 0x7e6c9000 end_va = 0x7e6c9fff entry_point = 0x0 region_type = private name = "private_0x000000007e6c9000" filename = "" Region: id = 1114 start_va = 0x7e6cd000 end_va = 0x7e6cffff entry_point = 0x0 region_type = private name = "private_0x000000007e6cd000" filename = "" Region: id = 1115 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1116 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1117 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1118 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 28 os_tid = 0x5c0 Thread: id = 29 os_tid = 0x1b8 Process: id = "10" image_name = "science old.exe" filename = "c:\\program files (x86)\\reference assemblies\\science old.exe" page_root = "0x4aed000" os_pid = "0x2b8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\science old.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1122 start_va = 0x230000 end_va = 0x246fff entry_point = 0x230000 region_type = mapped_file name = "science old.exe" filename = "\\Program Files (x86)\\Reference Assemblies\\science old.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\science old.exe") Region: id = 1123 start_va = 0xe00000 end_va = 0xe0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 1124 start_va = 0xe10000 end_va = 0xe13fff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1125 start_va = 0xe20000 end_va = 0xe20fff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 1126 start_va = 0xe30000 end_va = 0xe43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 1127 start_va = 0xe50000 end_va = 0xe8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1128 start_va = 0xe90000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1129 start_va = 0xf90000 end_va = 0xf93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 1130 start_va = 0xfa0000 end_va = 0xfa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 1131 start_va = 0xfb0000 end_va = 0xfb1fff entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 1132 start_va = 0xfc0000 end_va = 0xfc0fff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 1133 start_va = 0xfd0000 end_va = 0xfd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 1134 start_va = 0xfe0000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 1135 start_va = 0x1120000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1136 start_va = 0x1180000 end_va = 0x118ffff entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1137 start_va = 0x1190000 end_va = 0x124dfff entry_point = 0x1190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1138 start_va = 0x1350000 end_va = 0x14d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001350000" filename = "" Region: id = 1139 start_va = 0x1580000 end_va = 0x158ffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 1140 start_va = 0x1590000 end_va = 0x1710fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001590000" filename = "" Region: id = 1141 start_va = 0x1720000 end_va = 0x2b1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001720000" filename = "" Region: id = 1142 start_va = 0x2b20000 end_va = 0x2bd7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b20000" filename = "" Region: id = 1143 start_va = 0x2cb0000 end_va = 0x2cbffff entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 1144 start_va = 0x2cc0000 end_va = 0x2dbffff entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 1145 start_va = 0x2dc0000 end_va = 0x2f83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002dc0000" filename = "" Region: id = 1146 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1147 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1148 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1149 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1150 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1151 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1152 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1153 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1154 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1155 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1156 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1157 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1158 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1159 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1160 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1161 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1162 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1163 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1164 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1165 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1166 start_va = 0x7f650000 end_va = 0x7f74ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f650000" filename = "" Region: id = 1167 start_va = 0x7f750000 end_va = 0x7f772fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f750000" filename = "" Region: id = 1168 start_va = 0x7f774000 end_va = 0x7f774fff entry_point = 0x0 region_type = private name = "private_0x000000007f774000" filename = "" Region: id = 1169 start_va = 0x7f776000 end_va = 0x7f778fff entry_point = 0x0 region_type = private name = "private_0x000000007f776000" filename = "" Region: id = 1170 start_va = 0x7f77c000 end_va = 0x7f77efff entry_point = 0x0 region_type = private name = "private_0x000000007f77c000" filename = "" Region: id = 1171 start_va = 0x7f77f000 end_va = 0x7f77ffff entry_point = 0x0 region_type = private name = "private_0x000000007f77f000" filename = "" Region: id = 1172 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1173 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1174 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1175 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 30 os_tid = 0xbf4 Thread: id = 31 os_tid = 0x408 Process: id = "11" image_name = "handling investing experimental.exe" filename = "c:\\program files (x86)\\windowspowershell\\handling investing experimental.exe" page_root = "0x73112000" os_pid = "0x608" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1178 start_va = 0x120000 end_va = 0x12ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1179 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1180 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1181 start_va = 0x150000 end_va = 0x163fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1182 start_va = 0x170000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1183 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1184 start_va = 0x2b0000 end_va = 0x2b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1185 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 1186 start_va = 0x2d0000 end_va = 0x2d1fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1187 start_va = 0x2e0000 end_va = 0x39dfff entry_point = 0x2e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1188 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1189 start_va = 0x3f0000 end_va = 0x406fff entry_point = 0x3f0000 region_type = mapped_file name = "handling investing experimental.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\handling investing experimental.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\handling investing experimental.exe") Region: id = 1190 start_va = 0x510000 end_va = 0x510fff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1191 start_va = 0x520000 end_va = 0x523fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1192 start_va = 0x530000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1193 start_va = 0x5a0000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1194 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1195 start_va = 0x6b0000 end_va = 0x837fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1196 start_va = 0x840000 end_va = 0x9c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1197 start_va = 0x9d0000 end_va = 0x1dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 1198 start_va = 0x1dd0000 end_va = 0x1e87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001dd0000" filename = "" Region: id = 1199 start_va = 0x1f50000 end_va = 0x1f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 1200 start_va = 0x1f60000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1201 start_va = 0x2060000 end_va = 0x2223fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 1202 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1203 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1204 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1205 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1206 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1207 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1208 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1209 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1210 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1211 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1212 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1213 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1214 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1215 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1216 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1217 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1218 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1219 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1220 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1221 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1222 start_va = 0x7f880000 end_va = 0x7f97ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f880000" filename = "" Region: id = 1223 start_va = 0x7f980000 end_va = 0x7f9a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f980000" filename = "" Region: id = 1224 start_va = 0x7f9a3000 end_va = 0x7f9a3fff entry_point = 0x0 region_type = private name = "private_0x000000007f9a3000" filename = "" Region: id = 1225 start_va = 0x7f9a5000 end_va = 0x7f9a7fff entry_point = 0x0 region_type = private name = "private_0x000000007f9a5000" filename = "" Region: id = 1226 start_va = 0x7f9a8000 end_va = 0x7f9a8fff entry_point = 0x0 region_type = private name = "private_0x000000007f9a8000" filename = "" Region: id = 1227 start_va = 0x7f9ad000 end_va = 0x7f9affff entry_point = 0x0 region_type = private name = "private_0x000000007f9ad000" filename = "" Region: id = 1228 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1229 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1230 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1231 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 32 os_tid = 0x16c Thread: id = 33 os_tid = 0x784 Process: id = "12" image_name = "pdf_incoming_tracked.exe" filename = "c:\\program files (x86)\\internet explorer\\pdf_incoming_tracked.exe" page_root = "0x73833000" os_pid = "0x134" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1234 start_va = 0xc60000 end_va = 0xc6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1235 start_va = 0xc70000 end_va = 0xc73fff entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 1236 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 1237 start_va = 0xc90000 end_va = 0xca3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 1238 start_va = 0xcb0000 end_va = 0xceffff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 1239 start_va = 0xcf0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 1240 start_va = 0xdf0000 end_va = 0xdf3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000df0000" filename = "" Region: id = 1241 start_va = 0xe00000 end_va = 0xe00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 1242 start_va = 0xe10000 end_va = 0xe11fff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1243 start_va = 0xe20000 end_va = 0xe20fff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 1244 start_va = 0xe30000 end_va = 0xe33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 1245 start_va = 0xe40000 end_va = 0xe4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 1246 start_va = 0xe50000 end_va = 0xf0dfff entry_point = 0xe50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1247 start_va = 0xf50000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1248 start_va = 0xfc0000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 1249 start_va = 0x11c0000 end_va = 0x1347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011c0000" filename = "" Region: id = 1250 start_va = 0x13e0000 end_va = 0x13f6fff entry_point = 0x13e0000 region_type = mapped_file name = "pdf_incoming_tracked.exe" filename = "\\Program Files (x86)\\Internet Explorer\\pdf_incoming_tracked.exe" (normalized: "c:\\program files (x86)\\internet explorer\\pdf_incoming_tracked.exe") Region: id = 1251 start_va = 0x1400000 end_va = 0x1580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001400000" filename = "" Region: id = 1252 start_va = 0x15b0000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 1253 start_va = 0x15c0000 end_va = 0x29bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 1254 start_va = 0x2a50000 end_va = 0x2a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 1255 start_va = 0x2a60000 end_va = 0x2b17fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a60000" filename = "" Region: id = 1256 start_va = 0x2b20000 end_va = 0x2c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 1257 start_va = 0x2c20000 end_va = 0x2de3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c20000" filename = "" Region: id = 1258 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1259 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1260 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1261 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1262 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1263 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1264 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1265 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1266 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1267 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1268 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1269 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1270 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1271 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1272 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1273 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1274 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1275 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1276 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1277 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1278 start_va = 0x7e790000 end_va = 0x7e88ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e790000" filename = "" Region: id = 1279 start_va = 0x7e890000 end_va = 0x7e8b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e890000" filename = "" Region: id = 1280 start_va = 0x7e8b4000 end_va = 0x7e8b6fff entry_point = 0x0 region_type = private name = "private_0x000000007e8b4000" filename = "" Region: id = 1281 start_va = 0x7e8ba000 end_va = 0x7e8bafff entry_point = 0x0 region_type = private name = "private_0x000000007e8ba000" filename = "" Region: id = 1282 start_va = 0x7e8bc000 end_va = 0x7e8bcfff entry_point = 0x0 region_type = private name = "private_0x000000007e8bc000" filename = "" Region: id = 1283 start_va = 0x7e8bd000 end_va = 0x7e8bffff entry_point = 0x0 region_type = private name = "private_0x000000007e8bd000" filename = "" Region: id = 1284 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1285 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1286 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1287 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 34 os_tid = 0x98c Thread: id = 35 os_tid = 0x420 Process: id = "13" image_name = "rangestremendous.exe" filename = "c:\\program files (x86)\\common files\\rangestremendous.exe" page_root = "0x74c47000" os_pid = "0x720" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\rangestremendous.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1290 start_va = 0xe80000 end_va = 0xe96fff entry_point = 0xe80000 region_type = mapped_file name = "rangestremendous.exe" filename = "\\Program Files (x86)\\Common Files\\rangestremendous.exe" (normalized: "c:\\program files (x86)\\common files\\rangestremendous.exe") Region: id = 1291 start_va = 0xf40000 end_va = 0xf4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 1292 start_va = 0xf50000 end_va = 0xf53fff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1293 start_va = 0xf60000 end_va = 0xf60fff entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1294 start_va = 0xf70000 end_va = 0xf83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1295 start_va = 0xf90000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1296 start_va = 0xfd0000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1297 start_va = 0x10d0000 end_va = 0x10d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010d0000" filename = "" Region: id = 1298 start_va = 0x10e0000 end_va = 0x10e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010e0000" filename = "" Region: id = 1299 start_va = 0x10f0000 end_va = 0x10f1fff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 1300 start_va = 0x1140000 end_va = 0x114ffff entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1301 start_va = 0x1150000 end_va = 0x120dfff entry_point = 0x1150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1302 start_va = 0x1210000 end_va = 0x1210fff entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 1303 start_va = 0x1220000 end_va = 0x1223fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001220000" filename = "" Region: id = 1304 start_va = 0x1230000 end_va = 0x123ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 1305 start_va = 0x1240000 end_va = 0x127ffff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 1306 start_va = 0x1280000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 1307 start_va = 0x1480000 end_va = 0x1607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001480000" filename = "" Region: id = 1308 start_va = 0x1610000 end_va = 0x1790fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001610000" filename = "" Region: id = 1309 start_va = 0x17a0000 end_va = 0x2b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017a0000" filename = "" Region: id = 1310 start_va = 0x2ba0000 end_va = 0x2c57fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ba0000" filename = "" Region: id = 1311 start_va = 0x2c70000 end_va = 0x2c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 1312 start_va = 0x2c80000 end_va = 0x2d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 1313 start_va = 0x2d80000 end_va = 0x2f43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d80000" filename = "" Region: id = 1314 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1315 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1316 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1317 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1318 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1319 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1320 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1321 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1322 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1323 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1324 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1325 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1326 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1327 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1328 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1329 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1330 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1331 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1332 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1333 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1334 start_va = 0x7eb60000 end_va = 0x7ec5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eb60000" filename = "" Region: id = 1335 start_va = 0x7ec60000 end_va = 0x7ec82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec60000" filename = "" Region: id = 1336 start_va = 0x7ec84000 end_va = 0x7ec86fff entry_point = 0x0 region_type = private name = "private_0x000000007ec84000" filename = "" Region: id = 1337 start_va = 0x7ec87000 end_va = 0x7ec87fff entry_point = 0x0 region_type = private name = "private_0x000000007ec87000" filename = "" Region: id = 1338 start_va = 0x7ec8c000 end_va = 0x7ec8efff entry_point = 0x0 region_type = private name = "private_0x000000007ec8c000" filename = "" Region: id = 1339 start_va = 0x7ec8f000 end_va = 0x7ec8ffff entry_point = 0x0 region_type = private name = "private_0x000000007ec8f000" filename = "" Region: id = 1340 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1341 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1342 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1343 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 36 os_tid = 0x8e0 Thread: id = 37 os_tid = 0x654 Process: id = "14" image_name = "uncertainty_furnishings_tramadol.exe" filename = "c:\\program files (x86)\\common files\\uncertainty_furnishings_tramadol.exe" page_root = "0x7a75c000" os_pid = "0x644" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1346 start_va = 0x630000 end_va = 0x63ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 1347 start_va = 0x640000 end_va = 0x643fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1348 start_va = 0x650000 end_va = 0x650fff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1349 start_va = 0x660000 end_va = 0x673fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 1350 start_va = 0x680000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1351 start_va = 0x6c0000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1352 start_va = 0x7c0000 end_va = 0x7c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 1353 start_va = 0x7d0000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1354 start_va = 0x7e0000 end_va = 0x7e1fff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1355 start_va = 0x7f0000 end_va = 0x8effff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1356 start_va = 0x8f0000 end_va = 0x8f0fff entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 1357 start_va = 0x900000 end_va = 0x903fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 1358 start_va = 0x920000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1359 start_va = 0x930000 end_va = 0x9edfff entry_point = 0x930000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1360 start_va = 0xa60000 end_va = 0xa76fff entry_point = 0xa60000 region_type = mapped_file name = "uncertainty_furnishings_tramadol.exe" filename = "\\Program Files (x86)\\Common Files\\uncertainty_furnishings_tramadol.exe" (normalized: "c:\\program files (x86)\\common files\\uncertainty_furnishings_tramadol.exe") Region: id = 1361 start_va = 0xb80000 end_va = 0xd07fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 1362 start_va = 0xd10000 end_va = 0xdc7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d10000" filename = "" Region: id = 1363 start_va = 0xde0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 1364 start_va = 0xdf0000 end_va = 0xf70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000df0000" filename = "" Region: id = 1365 start_va = 0xf80000 end_va = 0x237ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 1366 start_va = 0x2380000 end_va = 0x23bffff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1367 start_va = 0x2470000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 1368 start_va = 0x2480000 end_va = 0x257ffff entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1369 start_va = 0x2580000 end_va = 0x2743fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1370 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1371 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1372 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1373 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1374 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1375 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1376 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1377 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1378 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1379 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1380 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1381 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1382 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1383 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1384 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1385 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1386 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1387 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1388 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1389 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1390 start_va = 0x7ed30000 end_va = 0x7ee2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed30000" filename = "" Region: id = 1391 start_va = 0x7ee30000 end_va = 0x7ee52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee30000" filename = "" Region: id = 1392 start_va = 0x7ee53000 end_va = 0x7ee53fff entry_point = 0x0 region_type = private name = "private_0x000000007ee53000" filename = "" Region: id = 1393 start_va = 0x7ee56000 end_va = 0x7ee58fff entry_point = 0x0 region_type = private name = "private_0x000000007ee56000" filename = "" Region: id = 1394 start_va = 0x7ee5c000 end_va = 0x7ee5efff entry_point = 0x0 region_type = private name = "private_0x000000007ee5c000" filename = "" Region: id = 1395 start_va = 0x7ee5f000 end_va = 0x7ee5ffff entry_point = 0x0 region_type = private name = "private_0x000000007ee5f000" filename = "" Region: id = 1396 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1397 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1398 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1399 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 38 os_tid = 0xacc Thread: id = 39 os_tid = 0x718 Process: id = "15" image_name = "batteries_dirty.exe" filename = "c:\\program files\\windows sidebar\\batteries_dirty.exe" page_root = "0x76c71000" os_pid = "0xbd4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Windows Sidebar\\batteries_dirty.exe\" " cur_dir = "C:\\Program Files\\Windows Sidebar\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1402 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1403 start_va = 0x1e0000 end_va = 0x1e3fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1404 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1405 start_va = 0x200000 end_va = 0x213fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 1406 start_va = 0x220000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1407 start_va = 0x260000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1408 start_va = 0x360000 end_va = 0x363fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 1409 start_va = 0x370000 end_va = 0x370fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1410 start_va = 0x380000 end_va = 0x381fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1411 start_va = 0x390000 end_va = 0x44dfff entry_point = 0x390000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1412 start_va = 0x490000 end_va = 0x490fff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1413 start_va = 0x4a0000 end_va = 0x4a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1414 start_va = 0x4b0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1415 start_va = 0x4f0000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1416 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1417 start_va = 0x730000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1418 start_va = 0x830000 end_va = 0x9b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1419 start_va = 0x9c0000 end_va = 0xb40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1420 start_va = 0xb50000 end_va = 0xc07fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 1421 start_va = 0xc10000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 1422 start_va = 0xc60000 end_va = 0xc76fff entry_point = 0xc60000 region_type = mapped_file name = "batteries_dirty.exe" filename = "\\Program Files\\Windows Sidebar\\batteries_dirty.exe" (normalized: "c:\\program files\\windows sidebar\\batteries_dirty.exe") Region: id = 1423 start_va = 0xc80000 end_va = 0x207ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 1424 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1425 start_va = 0x2180000 end_va = 0x2343fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 1426 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1427 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1428 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1429 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1430 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1431 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1432 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1433 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1434 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1435 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1436 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1437 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1438 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1439 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1440 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1441 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1442 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1443 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1444 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1445 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1446 start_va = 0x7e69d000 end_va = 0x7e69ffff entry_point = 0x0 region_type = private name = "private_0x000000007e69d000" filename = "" Region: id = 1447 start_va = 0x7e6a0000 end_va = 0x7e79ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e6a0000" filename = "" Region: id = 1448 start_va = 0x7e7a0000 end_va = 0x7e7c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e7a0000" filename = "" Region: id = 1449 start_va = 0x7e7c5000 end_va = 0x7e7c5fff entry_point = 0x0 region_type = private name = "private_0x000000007e7c5000" filename = "" Region: id = 1450 start_va = 0x7e7cb000 end_va = 0x7e7cdfff entry_point = 0x0 region_type = private name = "private_0x000000007e7cb000" filename = "" Region: id = 1451 start_va = 0x7e7ce000 end_va = 0x7e7cefff entry_point = 0x0 region_type = private name = "private_0x000000007e7ce000" filename = "" Region: id = 1452 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1453 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1454 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1455 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 40 os_tid = 0x474 Thread: id = 41 os_tid = 0xae0 Process: id = "16" image_name = "disorder.exe" filename = "c:\\program files\\windows portable devices\\disorder.exe" page_root = "0x7aa85000" os_pid = "0x8e8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\disorder.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1458 start_va = 0x1b0000 end_va = 0x1c6fff entry_point = 0x1b0000 region_type = mapped_file name = "disorder.exe" filename = "\\Program Files\\Windows Portable Devices\\disorder.exe" (normalized: "c:\\program files\\windows portable devices\\disorder.exe") Region: id = 1459 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1460 start_va = 0x530000 end_va = 0x533fff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1461 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1462 start_va = 0x550000 end_va = 0x563fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1463 start_va = 0x570000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1464 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1465 start_va = 0x6b0000 end_va = 0x6b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1466 start_va = 0x6c0000 end_va = 0x6c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1467 start_va = 0x6d0000 end_va = 0x6d1fff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1468 start_va = 0x6e0000 end_va = 0x79dfff entry_point = 0x6e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1469 start_va = 0x7e0000 end_va = 0x7e0fff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1470 start_va = 0x7f0000 end_va = 0x7f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1471 start_va = 0x800000 end_va = 0x83ffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1472 start_va = 0x860000 end_va = 0x86ffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1473 start_va = 0x870000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 1474 start_va = 0x9d0000 end_va = 0xacffff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1475 start_va = 0xad0000 end_va = 0xc57fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 1476 start_va = 0xc60000 end_va = 0xde0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1477 start_va = 0xe10000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1478 start_va = 0xe20000 end_va = 0x221ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e20000" filename = "" Region: id = 1479 start_va = 0x2220000 end_va = 0x22d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1480 start_va = 0x22e0000 end_va = 0x23dffff entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1481 start_va = 0x23e0000 end_va = 0x25a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023e0000" filename = "" Region: id = 1482 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1483 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1484 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1485 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1486 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1487 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1488 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1489 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1490 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1491 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1492 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1493 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1494 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1495 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1496 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1497 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1498 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1499 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1500 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1501 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1502 start_va = 0x7f60d000 end_va = 0x7f60ffff entry_point = 0x0 region_type = private name = "private_0x000000007f60d000" filename = "" Region: id = 1503 start_va = 0x7f610000 end_va = 0x7f70ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f610000" filename = "" Region: id = 1504 start_va = 0x7f710000 end_va = 0x7f732fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f710000" filename = "" Region: id = 1505 start_va = 0x7f738000 end_va = 0x7f738fff entry_point = 0x0 region_type = private name = "private_0x000000007f738000" filename = "" Region: id = 1506 start_va = 0x7f73b000 end_va = 0x7f73bfff entry_point = 0x0 region_type = private name = "private_0x000000007f73b000" filename = "" Region: id = 1507 start_va = 0x7f73d000 end_va = 0x7f73ffff entry_point = 0x0 region_type = private name = "private_0x000000007f73d000" filename = "" Region: id = 1508 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1509 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1510 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1511 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 42 os_tid = 0xae8 Thread: id = 43 os_tid = 0xac8 Process: id = "17" image_name = "solo.exe" filename = "c:\\program files (x86)\\mozilla maintenance service\\solo.exe" page_root = "0x7a0a1000" os_pid = "0x708" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe\" " cur_dir = "C:\\Program Files (x86)\\Mozilla Maintenance Service\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1514 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1515 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1516 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 1517 start_va = 0x50000 end_va = 0x63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1518 start_va = 0x70000 end_va = 0x73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1519 start_va = 0x80000 end_va = 0x96fff entry_point = 0x80000 region_type = mapped_file name = "solo.exe" filename = "\\Program Files (x86)\\Mozilla Maintenance Service\\solo.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\solo.exe") Region: id = 1520 start_va = 0xa0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1521 start_va = 0xe0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1522 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1523 start_va = 0x1f0000 end_va = 0x1f1fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1524 start_va = 0x200000 end_va = 0x2bdfff entry_point = 0x200000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1525 start_va = 0x300000 end_va = 0x300fff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1526 start_va = 0x310000 end_va = 0x313fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1527 start_va = 0x320000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1528 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1529 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1530 start_va = 0x3d0000 end_va = 0x487fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 1531 start_va = 0x4b0000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1532 start_va = 0x6b0000 end_va = 0x837fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1533 start_va = 0x840000 end_va = 0x9c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1534 start_va = 0x9f0000 end_va = 0x9fffff entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 1535 start_va = 0xa00000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1536 start_va = 0x1e00000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 1537 start_va = 0x1f00000 end_va = 0x20c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f00000" filename = "" Region: id = 1538 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1539 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1540 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1541 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1542 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1543 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1544 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1545 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1546 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1547 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1548 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1549 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1550 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1551 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1552 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1553 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1554 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1555 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1556 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1557 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1558 start_va = 0x7f51d000 end_va = 0x7f51ffff entry_point = 0x0 region_type = private name = "private_0x000000007f51d000" filename = "" Region: id = 1559 start_va = 0x7f520000 end_va = 0x7f61ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f520000" filename = "" Region: id = 1560 start_va = 0x7f620000 end_va = 0x7f642fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f620000" filename = "" Region: id = 1561 start_va = 0x7f647000 end_va = 0x7f647fff entry_point = 0x0 region_type = private name = "private_0x000000007f647000" filename = "" Region: id = 1562 start_va = 0x7f64a000 end_va = 0x7f64afff entry_point = 0x0 region_type = private name = "private_0x000000007f64a000" filename = "" Region: id = 1563 start_va = 0x7f64d000 end_va = 0x7f64ffff entry_point = 0x0 region_type = private name = "private_0x000000007f64d000" filename = "" Region: id = 1564 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1565 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1566 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1567 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 44 os_tid = 0x83c Thread: id = 45 os_tid = 0xb44 Process: id = "18" image_name = "likes skiing.exe" filename = "c:\\program files\\java\\likes skiing.exe" page_root = "0x742e7000" os_pid = "0xb54" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Java\\likes skiing.exe\" " cur_dir = "C:\\Program Files\\Java\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1570 start_va = 0x7a0000 end_va = 0x7affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1571 start_va = 0x7b0000 end_va = 0x7b3fff entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1572 start_va = 0x7c0000 end_va = 0x7c0fff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1573 start_va = 0x7d0000 end_va = 0x7e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1574 start_va = 0x7f0000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1575 start_va = 0x830000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 1576 start_va = 0x930000 end_va = 0x933fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 1577 start_va = 0x940000 end_va = 0x940fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1578 start_va = 0x950000 end_va = 0x951fff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 1579 start_va = 0x960000 end_va = 0xa1dfff entry_point = 0x960000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1580 start_va = 0xa60000 end_va = 0xa60fff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1581 start_va = 0xa70000 end_va = 0xa73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1582 start_va = 0xa90000 end_va = 0xa9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 1583 start_va = 0xaa0000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 1584 start_va = 0xb20000 end_va = 0xb2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1585 start_va = 0xb80000 end_va = 0xc7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 1586 start_va = 0xd80000 end_va = 0xf07fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 1587 start_va = 0xf10000 end_va = 0x1090fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f10000" filename = "" Region: id = 1588 start_va = 0x10a0000 end_va = 0x1157fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010a0000" filename = "" Region: id = 1589 start_va = 0x11f0000 end_va = 0x11fffff entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 1590 start_va = 0x1200000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1591 start_va = 0x13a0000 end_va = 0x13b6fff entry_point = 0x13a0000 region_type = mapped_file name = "likes skiing.exe" filename = "\\Program Files\\Java\\likes skiing.exe" (normalized: "c:\\program files\\java\\likes skiing.exe") Region: id = 1592 start_va = 0x13c0000 end_va = 0x27bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013c0000" filename = "" Region: id = 1593 start_va = 0x27c0000 end_va = 0x2983fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027c0000" filename = "" Region: id = 1594 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1595 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1596 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1597 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1598 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1599 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1600 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1601 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1602 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1603 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1604 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1605 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1606 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1607 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1608 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1609 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1610 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1611 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1612 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1613 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1614 start_va = 0x7f430000 end_va = 0x7f52ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f430000" filename = "" Region: id = 1615 start_va = 0x7f530000 end_va = 0x7f552fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f530000" filename = "" Region: id = 1616 start_va = 0x7f554000 end_va = 0x7f554fff entry_point = 0x0 region_type = private name = "private_0x000000007f554000" filename = "" Region: id = 1617 start_va = 0x7f556000 end_va = 0x7f558fff entry_point = 0x0 region_type = private name = "private_0x000000007f556000" filename = "" Region: id = 1618 start_va = 0x7f55c000 end_va = 0x7f55efff entry_point = 0x0 region_type = private name = "private_0x000000007f55c000" filename = "" Region: id = 1619 start_va = 0x7f55f000 end_va = 0x7f55ffff entry_point = 0x0 region_type = private name = "private_0x000000007f55f000" filename = "" Region: id = 1620 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1621 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1622 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1623 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 46 os_tid = 0x768 Thread: id = 47 os_tid = 0x6b4 Process: id = "19" image_name = "touringcontinuedrussia.exe" filename = "c:\\program files\\windows sidebar\\touringcontinuedrussia.exe" page_root = "0x76f3e000" os_pid = "0xb58" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe\" " cur_dir = "C:\\Program Files\\Windows Sidebar\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1626 start_va = 0xf40000 end_va = 0xf4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 1627 start_va = 0xf50000 end_va = 0xf53fff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1628 start_va = 0xf60000 end_va = 0xf60fff entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1629 start_va = 0xf70000 end_va = 0xf83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1630 start_va = 0xf90000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1631 start_va = 0xfd0000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1632 start_va = 0x10d0000 end_va = 0x10d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010d0000" filename = "" Region: id = 1633 start_va = 0x10e0000 end_va = 0x10e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010e0000" filename = "" Region: id = 1634 start_va = 0x10f0000 end_va = 0x10f1fff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 1635 start_va = 0x1100000 end_va = 0x11bdfff entry_point = 0x1100000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1636 start_va = 0x11c0000 end_va = 0x11c0fff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1637 start_va = 0x11d0000 end_va = 0x11d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011d0000" filename = "" Region: id = 1638 start_va = 0x11e0000 end_va = 0x11effff entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 1639 start_va = 0x1230000 end_va = 0x126ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 1640 start_va = 0x12b0000 end_va = 0x12c6fff entry_point = 0x12b0000 region_type = mapped_file name = "touringcontinuedrussia.exe" filename = "\\Program Files\\Windows Sidebar\\touringcontinuedrussia.exe" (normalized: "c:\\program files\\windows sidebar\\touringcontinuedrussia.exe") Region: id = 1641 start_va = 0x1380000 end_va = 0x147ffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 1642 start_va = 0x1580000 end_va = 0x1707fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001580000" filename = "" Region: id = 1643 start_va = 0x1710000 end_va = 0x1890fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001710000" filename = "" Region: id = 1644 start_va = 0x18e0000 end_va = 0x18effff entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 1645 start_va = 0x18f0000 end_va = 0x2ceffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000018f0000" filename = "" Region: id = 1646 start_va = 0x2cf0000 end_va = 0x2da7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002cf0000" filename = "" Region: id = 1647 start_va = 0x2db0000 end_va = 0x2eaffff entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 1648 start_va = 0x2eb0000 end_va = 0x2ebffff entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 1649 start_va = 0x2ec0000 end_va = 0x3083fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ec0000" filename = "" Region: id = 1650 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1651 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1652 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1653 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1654 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1655 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1656 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1657 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1658 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1659 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1660 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1661 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1662 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1663 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1664 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1665 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1666 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1667 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1668 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1669 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1670 start_va = 0x7ec70000 end_va = 0x7ed6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec70000" filename = "" Region: id = 1671 start_va = 0x7ed70000 end_va = 0x7ed92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed70000" filename = "" Region: id = 1672 start_va = 0x7ed93000 end_va = 0x7ed95fff entry_point = 0x0 region_type = private name = "private_0x000000007ed93000" filename = "" Region: id = 1673 start_va = 0x7ed99000 end_va = 0x7ed9bfff entry_point = 0x0 region_type = private name = "private_0x000000007ed99000" filename = "" Region: id = 1674 start_va = 0x7ed9c000 end_va = 0x7ed9cfff entry_point = 0x0 region_type = private name = "private_0x000000007ed9c000" filename = "" Region: id = 1675 start_va = 0x7ed9f000 end_va = 0x7ed9ffff entry_point = 0x0 region_type = private name = "private_0x000000007ed9f000" filename = "" Region: id = 1676 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1677 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1678 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1679 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 48 os_tid = 0x7a4 Thread: id = 49 os_tid = 0x834 Process: id = "20" image_name = "matching.exe" filename = "c:\\program files\\common files\\matching.exe" page_root = "0x756f9000" os_pid = "0xb84" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Common Files\\matching.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1682 start_va = 0x850000 end_va = 0x866fff entry_point = 0x850000 region_type = mapped_file name = "matching.exe" filename = "\\Program Files\\Common Files\\matching.exe" (normalized: "c:\\program files\\common files\\matching.exe") Region: id = 1683 start_va = 0xc60000 end_va = 0xc6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1684 start_va = 0xc70000 end_va = 0xc73fff entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 1685 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 1686 start_va = 0xc90000 end_va = 0xca3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 1687 start_va = 0xcb0000 end_va = 0xceffff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 1688 start_va = 0xcf0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 1689 start_va = 0xdf0000 end_va = 0xdf3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000df0000" filename = "" Region: id = 1690 start_va = 0xe00000 end_va = 0xe00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 1691 start_va = 0xe10000 end_va = 0xe11fff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1692 start_va = 0xe20000 end_va = 0xeddfff entry_point = 0xe20000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1693 start_va = 0xee0000 end_va = 0xeeffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1694 start_va = 0xf30000 end_va = 0xf30fff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1695 start_va = 0xf40000 end_va = 0xf43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 1696 start_va = 0xf70000 end_va = 0x106ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 1697 start_va = 0x1170000 end_va = 0x12f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001170000" filename = "" Region: id = 1698 start_va = 0x1300000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1699 start_va = 0x1340000 end_va = 0x134ffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1700 start_va = 0x1380000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 1701 start_va = 0x1390000 end_va = 0x1510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001390000" filename = "" Region: id = 1702 start_va = 0x1520000 end_va = 0x291ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001520000" filename = "" Region: id = 1703 start_va = 0x2920000 end_va = 0x29d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002920000" filename = "" Region: id = 1704 start_va = 0x29e0000 end_va = 0x2adffff entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 1705 start_va = 0x2ae0000 end_va = 0x2ca3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ae0000" filename = "" Region: id = 1706 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1707 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1708 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1709 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1710 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1711 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1712 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1713 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1714 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1715 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1716 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1717 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1718 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1719 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1720 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1721 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1722 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1723 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1724 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1725 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1726 start_va = 0x7ecad000 end_va = 0x7ecaffff entry_point = 0x0 region_type = private name = "private_0x000000007ecad000" filename = "" Region: id = 1727 start_va = 0x7ecb0000 end_va = 0x7edaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ecb0000" filename = "" Region: id = 1728 start_va = 0x7edb0000 end_va = 0x7edd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007edb0000" filename = "" Region: id = 1729 start_va = 0x7edd8000 end_va = 0x7edd8fff entry_point = 0x0 region_type = private name = "private_0x000000007edd8000" filename = "" Region: id = 1730 start_va = 0x7eddb000 end_va = 0x7eddbfff entry_point = 0x0 region_type = private name = "private_0x000000007eddb000" filename = "" Region: id = 1731 start_va = 0x7eddd000 end_va = 0x7eddffff entry_point = 0x0 region_type = private name = "private_0x000000007eddd000" filename = "" Region: id = 1732 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1733 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1734 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1735 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 50 os_tid = 0x78c Thread: id = 51 os_tid = 0x91c Process: id = "21" image_name = "readingsunto.exe" filename = "c:\\program files\\uninstall information\\readingsunto.exe" page_root = "0x71816000" os_pid = "0xa1c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files\\Uninstall Information\\readingsunto.exe\" " cur_dir = "C:\\Program Files\\Uninstall Information\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1738 start_va = 0x360000 end_va = 0x376fff entry_point = 0x360000 region_type = mapped_file name = "readingsunto.exe" filename = "\\Program Files\\Uninstall Information\\readingsunto.exe" (normalized: "c:\\program files\\uninstall information\\readingsunto.exe") Region: id = 1739 start_va = 0x840000 end_va = 0x84ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1740 start_va = 0x850000 end_va = 0x853fff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1741 start_va = 0x860000 end_va = 0x860fff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1742 start_va = 0x870000 end_va = 0x883fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 1743 start_va = 0x890000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 1744 start_va = 0x8d0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1745 start_va = 0x9d0000 end_va = 0x9d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 1746 start_va = 0x9e0000 end_va = 0x9e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1747 start_va = 0x9f0000 end_va = 0x9f1fff entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 1748 start_va = 0xa40000 end_va = 0xa40fff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 1749 start_va = 0xa50000 end_va = 0xb4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 1750 start_va = 0xb50000 end_va = 0xb5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 1751 start_va = 0xb60000 end_va = 0xc1dfff entry_point = 0xb60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1752 start_va = 0xd20000 end_va = 0xea7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 1753 start_va = 0xeb0000 end_va = 0xeb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 1754 start_va = 0xec0000 end_va = 0xefffff entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 1755 start_va = 0xf50000 end_va = 0xf5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1756 start_va = 0xf60000 end_va = 0x10e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 1757 start_va = 0x10f0000 end_va = 0x24effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010f0000" filename = "" Region: id = 1758 start_va = 0x24f0000 end_va = 0x25a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024f0000" filename = "" Region: id = 1759 start_va = 0x25b0000 end_va = 0x26affff entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 1760 start_va = 0x26d0000 end_va = 0x26dffff entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 1761 start_va = 0x26e0000 end_va = 0x28a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026e0000" filename = "" Region: id = 1762 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1763 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1764 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1765 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1766 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1767 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1768 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1769 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1770 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1771 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1772 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1773 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1774 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1775 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1776 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1777 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1778 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1779 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1780 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1781 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1782 start_va = 0x7ed9d000 end_va = 0x7ed9ffff entry_point = 0x0 region_type = private name = "private_0x000000007ed9d000" filename = "" Region: id = 1783 start_va = 0x7eda0000 end_va = 0x7ee9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eda0000" filename = "" Region: id = 1784 start_va = 0x7eea0000 end_va = 0x7eec2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eea0000" filename = "" Region: id = 1785 start_va = 0x7eec5000 end_va = 0x7eec5fff entry_point = 0x0 region_type = private name = "private_0x000000007eec5000" filename = "" Region: id = 1786 start_va = 0x7eec7000 end_va = 0x7eec7fff entry_point = 0x0 region_type = private name = "private_0x000000007eec7000" filename = "" Region: id = 1787 start_va = 0x7eecd000 end_va = 0x7eecffff entry_point = 0x0 region_type = private name = "private_0x000000007eecd000" filename = "" Region: id = 1788 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1789 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1790 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1791 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 52 os_tid = 0x5c8 Thread: id = 53 os_tid = 0x8c8 Process: id = "22" image_name = "colininstallations.exe" filename = "c:\\program files (x86)\\microsoft.net\\colininstallations.exe" page_root = "0x7546d000" os_pid = "0xa6c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1794 start_va = 0x830000 end_va = 0x83ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1795 start_va = 0x840000 end_va = 0x843fff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1796 start_va = 0x850000 end_va = 0x850fff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1797 start_va = 0x860000 end_va = 0x873fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 1798 start_va = 0x880000 end_va = 0x8bffff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 1799 start_va = 0x8c0000 end_va = 0x9bffff entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 1800 start_va = 0x9c0000 end_va = 0x9c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1801 start_va = 0x9d0000 end_va = 0x9d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 1802 start_va = 0x9e0000 end_va = 0x9e1fff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1803 start_va = 0x9f0000 end_va = 0xaadfff entry_point = 0x9f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1804 start_va = 0xaf0000 end_va = 0xaf0fff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 1805 start_va = 0xb00000 end_va = 0xb0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 1806 start_va = 0xc10000 end_va = 0xc13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 1807 start_va = 0xc20000 end_va = 0xc24fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 1808 start_va = 0xc30000 end_va = 0xc33fff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 1809 start_va = 0xc40000 end_va = 0xc4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 1810 start_va = 0xc50000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 1811 start_va = 0xc90000 end_va = 0xd8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 1812 start_va = 0xd90000 end_va = 0xf17fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d90000" filename = "" Region: id = 1813 start_va = 0xf20000 end_va = 0xfd7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f20000" filename = "" Region: id = 1814 start_va = 0xfe0000 end_va = 0xff6fff entry_point = 0xfe0000 region_type = mapped_file name = "colininstallations.exe" filename = "\\Program Files (x86)\\Microsoft.NET\\colininstallations.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\colininstallations.exe") Region: id = 1815 start_va = 0x1000000 end_va = 0x1180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001000000" filename = "" Region: id = 1816 start_va = 0x11f0000 end_va = 0x11fffff entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 1817 start_va = 0x1200000 end_va = 0x25fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1818 start_va = 0x2600000 end_va = 0x26fffff entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1819 start_va = 0x2700000 end_va = 0x28c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002700000" filename = "" Region: id = 1820 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1821 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1822 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1823 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1824 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1825 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1826 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1827 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1828 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1829 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1830 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1831 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1832 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1833 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1834 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1835 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1836 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1837 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1838 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1839 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1840 start_va = 0x7ee40000 end_va = 0x7ef3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee40000" filename = "" Region: id = 1841 start_va = 0x7ef40000 end_va = 0x7ef62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ef40000" filename = "" Region: id = 1842 start_va = 0x7ef64000 end_va = 0x7ef64fff entry_point = 0x0 region_type = private name = "private_0x000000007ef64000" filename = "" Region: id = 1843 start_va = 0x7ef65000 end_va = 0x7ef65fff entry_point = 0x0 region_type = private name = "private_0x000000007ef65000" filename = "" Region: id = 1844 start_va = 0x7ef67000 end_va = 0x7ef69fff entry_point = 0x0 region_type = private name = "private_0x000000007ef67000" filename = "" Region: id = 1845 start_va = 0x7ef6d000 end_va = 0x7ef6ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef6d000" filename = "" Region: id = 1846 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1847 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1848 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1849 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Thread: id = 54 os_tid = 0xab0 Thread: id = 55 os_tid = 0x380 Thread: id = 56 os_tid = 0x988